This repository holds Azure policies to enforce Microsoft's naming convention for Azure resources
BicepApache-2.0
👮♂️ Azure Naming Convention Initiative 🚨
This repository holds a bunch of bicep templates that creates and assigns Azure polices to audit or enforce a specific naming convention.
The preset follows Microsoft naming convention which was proposed here and adds some that where missing (e.g. private endpoints). For resource types where Microsoft doesn't make any suggestions I have created my own proposals, which can be found here.
However you can modify them according to your needs. The underyling module uses a notLike condition so you can check for pre- and postfixes, e.g. app-* would match app-some-web-application whereas *-app would match some-web-application-app.
🏗 Todo
Update templates, so that pattern takes an array of strings, instead of a single string
👉 Important notes & limitations
After assigning an initiative/policy it can take up to 30min until it becomes active, so be patient!
You need to have the Resource Policy Contributor role assigned on the target subscription.
Bicep currenlty only supports a single scope why I decided to stick with subscription scope for the moment.
I didn't bundle them inside an initiative on purpose, so the user can freely decided on what to policy to use.
When deploying a policy assignment via template, we currently can't set a non-compliant message. This seems to be a limitation of ARM.
This polices are ready to use. You don't have to rebuild them. However, in case you would like to apply your own naming schema follow this steps
Adjust the array at the begining of Generate-Biceps.ps1 according to your needs
Run Generate-Biceps.ps1 that will outout *.biceps into the 'dist` folder
Run Generate-Templates.ps1 to transpile them into JSON-based ARM templates (outputs to the dist folder)
🚀 Currently implemented resources
🟢 Tested 🟡 Not tested yet, feedback welcome! 🔴 Not yet implemented, PR welcome!