How to apply a policy to limit allowed virtual machine sizes
Policies are only supported for Microsoft Azure subscriptions
Azure Policy evaluates resources in Azure by comparing the properties of those resources to business rules. These business rules, described in JSON format, are known as policy definitions. Through Multi-Cloud Orchestrator it is possible to add and assign policy definitions to your Azure accounts. There are many policy definitions for everyday use cases already available in your Azure environment as built-ins to help you get started
Prerequisites
- Have a valid Azure subscription in Multi-Cloud Orchestrator.
Create a policy assignment
Go to Policies > Catalog
Press the "Add policy definition" button You can either upload your policy definition (in JSON format), import an existing policy assignment from your Azure cloud account, or import any built-in policy made available by Microsoft Azure. The latter option is what we will use, as there is a policy available that perfectly fits the needs of this how-to.
Select Import builtin definition and search for Allowed virtual machine size SKUs
In the policy overview, select the Allowed virtual machine size SKUs policy definition and press the Import definition button
Fill out name, description and select the cloud account(s) to which the policy should be applied.
Last but not least, enumerate the type of virtual machines size SKUs that should be allowed, for example:- StandardD2v3
- StandardD4v4
Note: It may take up to 30 minutes for the policy to be applied to the Azure subscription.
Verify policy enforcement
- Try to create a server with an unsupported virtual machine size, as described here
- Verify that the policy assingment prevented the server to be created
