Managing Azure Policies at Scale: A Terraform and azapi Approach
What is an Azure Policy? An Azure Policy is a governance rule applied to Azure resources. It ensures that an environment remains compliant with defined standards: security, naming conventions, allowed regions… There are three key concepts to distinguish. A Policy Definition is the rule itself. It defines what is evaluated and the effect triggered in case of non-compliance. The main effects are: Effect Behavior Audit Logs non-compliance, does not block Deny Blocks resource creation or modification DeployIfNotExists Automatically deploys an associated resource if absent Modify Modifies a property during creation/update Append Adds fields to the resource An Initiative (or PolicySetDefinition) is a grouping of multiple definitions. Rather than assigning each policy one by one, they are grouped into a coherent initiative, for example a security baseline or CIS compliance set. ...