Today I want to show a really useful Azure feature to help you with the governance of your Azure Subscriptions: Azure Resource Policies:
Resource policies enable you to establish conventions for resources in your organization. By defining conventions, you can control costs and more easily manage your resources. For example, you can specify that only certain types of virtual machines are allowed, or you can require that all resources have a particular tag. Policies are inherited by all child resources. So, if a policy is applied to a resource group, it is applicable to all the resources in that resource group.
How Resource Policies works
First of all, you need a policy definition. Here a description of the structure.
Let’s create one!
You can create policies definitions directly with the Azure Rest API or using PowerShell, the Azure CLI 1.0 or 2.0.
I prefer using PowerShell:
First login in Azure with: Login-AzureRmAccount and if you have more subscriptions, select the right one with Select-AzureRmSubscription.
Continue reading “Azure Hidden Gems: Resource Policies”
In this post I want to show you what I think it’s the best way to setup VSTS working with Azure Resource Manager Templates.
At the customer I am currently working for, we are setting up a new Azure Big Data ingestion environment and we wanted to do it using the Infrastructure as Code approach. With Azure this obviously goes with ARM Templates.
For source control, build and deployment we use Visual Studio Team Services (VSTS).
About VSTS, Build and Release Management
I have seen different setups with VSTS, some of them where the deployment take place from the build, or directly in Release Management without a build.
My approach is to have a clear separation of concerns between the Build and the Release Management.
The Build is for compiling, (Unit) Testing and creating artifacts for the deployment.
The Release Management’s responsibility is for deploying the artifacts created during the Build process. Continue reading “Setting up VSTS with ARM Templates”
When testing deployments of Azure RM resources (ie. using the Test-AzureRmResourceGroupDeployment powershell cmdlet) an empty Resource Group is created. This Resource Group is often not needed at this point and can be deleted after you are done testing the deployment of the resources. For deleting the Resource Group you can use the VSTS task delete resource group if empty. This tasks deletes the Resource Group only if it does not contains any resources.