限制每个区域允许的 VM 系列的 Azure 策略
Azure policy to restrict VM series allowed in each region
我需要一项政策来限制某些地区的某些系列。所以就像美国东部允许 A 和 F 系列一样,AU East 只允许 F 和 H 系列虚拟机。在 JSON 中如何做到这一点?
可以这样做:
{
"mode": "Indexed",
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
{
"not": {
"field": "Microsoft.Compute/virtualMachines/sku.name",
"in": "[parameters('listOfAllowedSKUs')]"
}
},
{
"field": "location",
"equals": "[parameters('listOfAllowedLocations')]"
}
]
},
"then": {
"effect": "deny"
}
},
"parameters": {
"listOfAllowedSKUs": {
"type": "Array",
"metadata": {
"displayName": "Allowed Size SKUs",
"description": "The list of VM series that can be specified for virtual machines.",
"strongType": "vmSKUs"
}
},
"listOfAllowedLocations": {
"type": "Array",
"metadata": {
"displayName": "Allowed locations",
"description": "The list of locations where the selected VM's are allowed.",
"strongType": "location"
},
"allowedValues": [
"australiaeast",
"eastus",
"uksouth",
"westus2",
"southeastasia"
]
}
}
}
我需要一项政策来限制某些地区的某些系列。所以就像美国东部允许 A 和 F 系列一样,AU East 只允许 F 和 H 系列虚拟机。在 JSON 中如何做到这一点?
可以这样做:
{
"mode": "Indexed",
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
{
"not": {
"field": "Microsoft.Compute/virtualMachines/sku.name",
"in": "[parameters('listOfAllowedSKUs')]"
}
},
{
"field": "location",
"equals": "[parameters('listOfAllowedLocations')]"
}
]
},
"then": {
"effect": "deny"
}
},
"parameters": {
"listOfAllowedSKUs": {
"type": "Array",
"metadata": {
"displayName": "Allowed Size SKUs",
"description": "The list of VM series that can be specified for virtual machines.",
"strongType": "vmSKUs"
}
},
"listOfAllowedLocations": {
"type": "Array",
"metadata": {
"displayName": "Allowed locations",
"description": "The list of locations where the selected VM's are allowed.",
"strongType": "location"
},
"allowedValues": [
"australiaeast",
"eastus",
"uksouth",
"westus2",
"southeastasia"
]
}
}
}