Creați o atribuire a politicii pentru identificarea resurselor neconforme cu CLI-ul Azure

Configurare noua (How To)

Situatie

Azure CLI este folosit pentru a crea și gestiona resursele Azure din linia de comandă sau din scripturi. Acest ghid utilizează CLI-ul Azure pentru a crea o alocare de politici și pentru a identifica resurse neconforme în mediul dvs. Azure.

Solutie

Deschideti Shell Cloud Azure

Azure CLI

az provider register –namespace ‘Microsoft.PolicyInsights’

Creați o atribuire a politicii

az policy assignment create –name ‘audit-vm-manageddisks’ –display-name ‘Audit VMs without managed disks Assignment’ –scope ‘<scope>’ –policy ‘<policy definition ID>’

Identificați resurse neconforme

$policyAssignment = Get-AzPolicyAssignment | Where-Object { $_.Properties.DisplayName -eq ‘Audit VMs without managed disks Assignment’ }
$policyAssignment.PolicyAssignmentId

Apoi, executați următoarea comandă pentru a obține ID-urile de resurse ale resurselor neconforme care sunt afișate într-un fișier JSON:

armclient post “/subscriptions/<subscriptionID>/resourceGroups/<rgName>/providers/Microsoft.PolicyInsights/policyStates/latest/queryResults?api-version=2017-12-12-preview&$filter=IsCompliant eq false and PolicyAssignmentId eq ‘<policyAssignmentID>’&$apply=groupby((ResourceId))” > <json file to direct the output with the resource IDs into>

JSON:

{
“@odata.context”: “https://management.azure.com/subscriptions/<subscriptionId>/providers/Microsoft.PolicyInsights/policyStates/$metadata#latest”,
“@odata.count”: 3,
“value”: [{
“@odata.id”: null,
“@odata.context”: “https://management.azure.com/subscriptions/<subscriptionId>/providers/Microsoft.PolicyInsights/policyStates/$metadata#latest/$entity”,
“ResourceId”: “/subscriptions/<subscriptionId>/resourcegroups/<rgname>/providers/microsoft.compute/virtualmachines/<virtualmachineId>”
},
{
“@odata.id”: null,
“@odata.context”: “https://management.azure.com/subscriptions/<subscriptionId>/providers/Microsoft.PolicyInsights/policyStates/$metadata#latest/$entity”,
“ResourceId”: “/subscriptions/<subscriptionId>/resourcegroups/<rgname>/providers/microsoft.compute/virtualmachines/<virtualmachine2Id>”
},
{
“@odata.id”: null,
“@odata.context”: “https://management.azure.com/subscriptions/<subscriptionId>/providers/Microsoft.PolicyInsights/policyStates/$metadata#latest/$entity”,
“ResourceId”: “/subscriptions/<subscriptionName>/resourcegroups/<rgname>/providers/microsoft.compute/virtualmachines/<virtualmachine3ID>”
}

]
}

Tip solutie

Permanent

Voteaza

Up Down
(10 din 38 persoane apreciaza acest articol)
Share
Tweet
Share

Despre Autor

Leave A Comment?