2. Programming Q&A
  3. Azure Policy Definition using Powershell - Stack Overflow

Azure Policy Definition using Powershell - Stack Overflow

admin2025-05-02  0

I am trying to create az azure policy definition using powershell and I am receiving the following error.

New-AzPolicyDefinition_CreateExpanded : Failed to parse policy rule: 'Error converting value "@{effect=audit}" to type 
'Microsoft.WindowsAzure.Governance.PolicyService.Policy.Expression.Schema.EffectExpressionDefinition'. Path 'then'.'.
At C:\Program Files\WindowsPowerShell\Modules\Az.Resources\7.2.0\Policy.Autorest\custom\New-AzPolicyDefinition.ps1:256 char:19
+     $scriptCmd = {& $wrappedCmd @calledParameters}
+                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: ({ }:<>f__AnonymousType1) [New-AzPolicyDefinition_CreateExpanded], Exception
    + FullyQualifiedErrorId : InvalidPolicyRule,Microsoft.Azure.PowerShell.Cmdlets.Policy.Cmdlets.NewAzPolicyDefinition_CreateExpanded

I tried sample: AuditStorageAccounts.json

"if": {
    "allOf": [
        {
            "field": "type",
            "equals": "Microsoft.Storage/storageAccounts"
        },
        {
            "field": "Microsoft.Storage/storageAccounts/networkAcls.defaultAction",
            "equals": "Allow"
        }
    ]
},
    "then": {
        "effect": "audit"
    }
}

Powershell Script:

New-AzPolicyDefinition -Name 'TestAuditStorageAccounts' `
    -DisplayName 'Test - Audit Storage Accounts Open to Public Networks' `
    -Policy 'AuditStorageAccounts.json'

I would like to create an azure policy definition programatically to assign tag to azure resources.

I am trying to create az azure policy definition using powershell and I am receiving the following error.

New-AzPolicyDefinition_CreateExpanded : Failed to parse policy rule: 'Error converting value "@{effect=audit}" to type 
'Microsoft.WindowsAzure.Governance.PolicyService.Policy.Expression.Schema.EffectExpressionDefinition'. Path 'then'.'.
At C:\Program Files\WindowsPowerShell\Modules\Az.Resources\7.2.0\Policy.Autorest\custom\New-AzPolicyDefinition.ps1:256 char:19
+     $scriptCmd = {& $wrappedCmd @calledParameters}
+                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: ({ }:<>f__AnonymousType1) [New-AzPolicyDefinition_CreateExpanded], Exception
    + FullyQualifiedErrorId : InvalidPolicyRule,Microsoft.Azure.PowerShell.Cmdlets.Policy.Cmdlets.NewAzPolicyDefinition_CreateExpanded

I tried sample: AuditStorageAccounts.json

"if": {
    "allOf": [
        {
            "field": "type",
            "equals": "Microsoft.Storage/storageAccounts"
        },
        {
            "field": "Microsoft.Storage/storageAccounts/networkAcls.defaultAction",
            "equals": "Allow"
        }
    ]
},
    "then": {
        "effect": "audit"
    }
}

Powershell Script:

New-AzPolicyDefinition -Name 'TestAuditStorageAccounts' `
    -DisplayName 'Test - Audit Storage Accounts Open to Public Networks' `
    -Policy 'AuditStorageAccounts.json'

I would like to create an azure policy definition programatically to assign tag to azure resources.
  • azure
  • powershell
  • azure-powershell
  • azure-policy
Share Improve this question asked Jan 2 at 4:15 Selvam SubramaniSelvam Subramani 12 bronze badges 6
  • Your json isnt valid, its missing an opening {. – Santiago Squarzon Commented Jan 2 at 4:20
  • If you want to assign tags to Azure resources, you can use the default Azure policy named Add a tag to resources – Venkat V Commented Jan 2 at 7:09
  • Powershell script. '{ "tagName": { "value": "Environment" }, "tagValue": { "value": "Production" } }' > .\TagPolicyParameters.json $Policy = Get-AzPolicyDefinition | Where-Object {$_.DisplayName -eq 'Add a tag to resources'}$Subscription = Get-AzSubscription -SubscriptionName 'Sub_ID' New-AzPolicyAssignment -Name 'EnforceTaggingPolicy' -PolicyDefinition $Policy -Scope "/subscriptions/$($Subscription.Id)" -PolicyParameter .\TagPolicyParameters.json -Location 'eastus' -IdentityType 'SystemAssigned' – Venkat V Commented Jan 2 at 7:40
  • @SantiagoSquarzon Curly braces is not issue. May be while I paste, I missed. I validated using command ConvertFrom-Json. – Selvam Subramani Commented Jan 3 at 6:01
  • @VenkatV I have a custom requirement for my Azure subscription, which includes two types of VM machines. Each type is identified by its name prefix. For example: If a machine name starts with 'ABC' it should have the tag VM Type=SuperStar If a machine name starts with 'XYZ' it should have the tag VM Type=Secondary – Selvam Subramani Commented Jan 3 at 6:06
 |  Show 1 more comment

1 Answer 1

Reset to default 0

Just check here. so many samples Azure provided. Many of them are about tag policy definitions. Simply modify them and pass in the parameters.

转载请注明原文地址:http://anycun.com/QandA/1746134651a92053.html

Azure Policy Definition using PowershellStack Overflow