Tag: powershell

Announcing my GitHub repositories

Howdy, I decided to share some scripts and configuration files via GitHub. This approach has many advantages – user-friendly code (easy to read, easy to use), you can commit changes via pull requests, easier to update the code, you can follow me to instantly receive updates.

PowerShell scripts to automate application deployments

PowerShell DSC scripts to automate software configurations

Terraform and Packer configurations

  • terraform-k8s-aks: automates Azure Kubernetes and Container Registry services deployment. See the blog post.
  • terraform-globalazure-2019: source code from my session at Global Azure BootCamp 2019 Russia. The main configuration file automates deployment of VMs, availability set, load balancer, NSGs and registers VMs with Azure DevOps Deployment Group to make possible CD.
  • packer-iis: packer sample json to create a custom image in Azure. See the blog post.

Azure and Kubernetes

Miscellaneous

I will keep this post updated. If new repos added, I’ll describe them here as well. Thanks for following. Cheers.

Azure Policy: Append multiple tags

Howdy, here is an example of the custom Azure Policy that is based on Append policy action that automatically adds additional fields to the requested resource during creation or update. A common example is adding tags on resources such as costCenter or specifying allowed IPs for a storage resource. This policy appends specified tags and values on resources, so you can easily group them in order to get their consumption and costs, for example. Although the policy has default tags name and values, you can provide your own during the policy assignment.

TIP: Different versions of json files for PowerShell and deploying policy with Portal are available in my Github repo

This sample is for deploying policy with Azure Portal:

{
    "mode": "Indexed",
    "parameters": {
        "tagName1": {
            "type": "String",
            "metadata": {
                "displayName": "Tag Name1",
                "description": "Name of the tag, such as 'environment'"
            },
            "defaultValue": "environment"
        },
        "tagValue1": {
            "type": "String",
            "metadata": {
                "displayName": "Tag Name1 Value",
                "description": "Value of the tag, such as 'production'"
            },
            "defaultValue": "production"
        },
        "tagName2": {
            "type": "String",
            "metadata": {
                "displayName": "Tag Name2",
                "description": "Name of the tag, such as 'service'"
            },
            "defaultValue": "service"
        },
        "tagValue2": {
            "type": "String",
            "metadata": {
                "displayName": "TagName2 Value",
                "description": "Value of the tag, such as 'webapps'"
            },
            "defaultValue": "webapps"
        },
        "tagName3": {
            "type": "String",
            "metadata": {
                "displayName": "Tag Name3",
                "description": "Name of the tag, such as 'project'"
            },
            "defaultValue": "project"
        },
        "tagValue3": {
            "type": "String",
            "metadata": {
                "displayName": "Tag Name3 Value",
                "description": "Value of the tag, such as 'POC'"
            },
            "defaultValue": "POC"
        }
    },
    "policyRule": {
        "if": {
            "allOf": [
                {
                    "field": "[concat('tags[', parameters('tagName1'), ']')]",
                    "exists": "false"
                },
                {
                    "field": "[concat('tags[', parameters('tagName2'), ']')]",
                    "exists": "false"
                },
                {
                    "field": "[concat('tags[', parameters('tagName3'), ']')]",
                    "exists": "false"
                }
            ]
        },
        "then": {
            "effect": "append",
            "details": [
                {
                    "field": "[concat('tags[', parameters('tagName1'), ']')]",
                    "value": "[parameters('tagValue1')]"
                },
                {
                    "field": "[concat('tags[', parameters('tagName2'), ']')]",
                    "value": "[parameters('tagValue2')]"
                },
                {
                    "field": "[concat('tags[', parameters('tagName3'), ']')]",
                    "value": "[parameters('tagValue3')]"
                }
            ]
        }
    }
}

To assign the policy by using PowerShell:

# Create the Policy Definition (Subscription scope)
$policyrules = "https://raw.githubusercontent.com/rlevchenko/stuff/master/Azure/Policy/PS/appendtags-rules.json"
$policyparams = "https://raw.githubusercontent.com/rlevchenko/stuff/master/Azure/Policy/PS/appendtags-parameters.json"
$definition = New-AzPolicyDefinition -Name 'Append Multiple Tags' -Policy $policyrules  -Parameter $policyparams -Mode Indexed

# Set the scope to a resource group; may also be a resource, subscription, or management group
$scope = Get-AzResourceGroup -Name 'mvphero'

# Create the Policy Assignment
New-AzPolicyAssignment -Name 'Apply multiple tags' -DisplayName 'Apply tags and their default values' -Scope $scope.ResourceId -PolicyDefinition $definition

And this is how it looks from Azure Portal during the policy assignment:

The tags added by policy on NSG resource: