Menu
As an administrator, I need to limit the sized of VMs my end-users can provision through the Azure portal. I'm looking for something similar to what I can do with AWS IAM, make sure that users can only provision certain sizes of VMs.
643
Garuav nailed it - you want to use a policy definition.
https://azure.microsoft.com/en-us/documentation/articles/resource-manager-policy/
You will essentially have something like this:
$policyJSON = @'
{
"if" : {
"not" : {
"field" : "vmSize",
"in" : ["Standard_D1", "Standard_D2"]
}
},
"then" : {
"effect" : "deny"
}
}
'@
$policy = New-AzureRmPolicyDefinition -Name 'VMSizeRestriction' -DisplayName 'VM Size Restrictions' -Policy $policyJSON
New-AzureRmPolicyAssignment -Name 'VMSizeRestriction-SubscriptionA' -PolicyDefinition $policy -Scope '/subscriptions/########-####-####-####-############'
You can assign it other scopes as well (e.g. resourceGroups) and combined it with RBAC (allow users access to only one RG and then apply policy to that RG) for example. The doc link above has a little more.
85
To restrict the size of Vms that your end users can provision from the azure portal you can create an "Azure Dev Test lab" and directly set the vm sizes you want to allow. Then you can give RBAC rights to your customers to access to the dev test lab.
An other option would be to create a ressource policy and apply it on your customer subscriptions.
Regards,
34
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
