How to restrict the creation of cloud resources to certain Azure regions

Note: Policies are only supported for Microsoft Azure accounts.

Azure Policy evaluates resources in Azure by comparing the properties of those resources to business rules. These business rules, described in JSON format, are known as policy definitions. Through the Multi-Cloud Orchestrator it is possible to add and assign policy definitions to your Azure accounts.

There are many policy definitions for common use cases already available in your Azure environment as built-ins to help you get started.

Prerequisites

  • Have a valid Azure subscription in Multi-Cloud Orchestrator.

Create a policy assignment

  1. Go to Policies > Catalog Policies overview
  2. Press the "Add policy definition" button.
  • You can either upload your own policy definition (in JSON format)
  • Import an existing policy assignment from your Azure cloud account
  • import any built-in policy made available by Microsoft Azure.

The last option is what we are going to use, as there is a policy available which perfectly fits the needs of this how to. Policy import options

  1. Select Import builtin definition and search for Allowed locations, then press the "Import definition" button. Policy import

  2. In the policy overview, click the Allowed locations policy definition and press the Add assignment button Policy assignment dialog Fill out name, description and select the cloud account(s) to which the policy should be applied. Last but not least, enumerate the azure locations that should be allowed, for example:

    • [ "westeurope", "eastus" ]

    Note: If the policy requires array type parameters (as in this case) or object type parameters make sure to use a valid JSON value.

    Note: It may take up to 30 minutes for the policy to be applied to the Azure subscription.

Verify policy enforcement

  1. Try to create a server in an unsupported location. The steps to create a server are: How to create a server. Create virtual machine
  2. Verify that the policy assignment prevented the server to be created. Server creation error

Additional Resources