Situatie
Azure CLI este folosit pentru a crea și gestiona resursele Azure din linia de comandă sau din scripturi. Acest ghid utilizează CLI-ul Azure pentru a crea o alocare de politici și pentru a identifica resurse neconforme în mediul dvs. Azure.
Solutie
Deschideti Shell Cloud Azure
Azure CLI
az provider register –namespace ‘Microsoft.PolicyInsights’
Creați o atribuire a politicii
az policy assignment create –name ‘audit-vm-manageddisks’ –display-name ‘Audit VMs without managed disks Assignment’ –scope ‘<scope>’ –policy ‘<policy definition ID>’
Identificați resurse neconforme
$policyAssignment = Get-AzPolicyAssignment | Where-Object { $_.Properties.DisplayName -eq ‘Audit VMs without managed disks Assignment’ }
$policyAssignment.PolicyAssignmentId
Apoi, executați următoarea comandă pentru a obține ID-urile de resurse ale resurselor neconforme care sunt afișate într-un fișier JSON:
armclient post “/subscriptions/<subscriptionID>/resourceGroups/<rgName>/providers/Microsoft.PolicyInsights/policyStates/latest/queryResults?api-version=2017-12-12-preview&$filter=IsCompliant eq false and PolicyAssignmentId eq ‘<policyAssignmentID>’&$apply=groupby((ResourceId))” > <json file to direct the output with the resource IDs into>
JSON:
{
“@odata.context”: “https://management.azure.com/subscriptions/<subscriptionId>/providers/Microsoft.PolicyInsights/policyStates/$metadata#latest”,
“@odata.count”: 3,
“value”: [{
“@odata.id”: null,
“@odata.context”: “https://management.azure.com/subscriptions/<subscriptionId>/providers/Microsoft.PolicyInsights/policyStates/$metadata#latest/$entity”,
“ResourceId”: “/subscriptions/<subscriptionId>/resourcegroups/<rgname>/providers/microsoft.compute/virtualmachines/<virtualmachineId>”
},
{
“@odata.id”: null,
“@odata.context”: “https://management.azure.com/subscriptions/<subscriptionId>/providers/Microsoft.PolicyInsights/policyStates/$metadata#latest/$entity”,
“ResourceId”: “/subscriptions/<subscriptionId>/resourcegroups/<rgname>/providers/microsoft.compute/virtualmachines/<virtualmachine2Id>”
},
{
“@odata.id”: null,
“@odata.context”: “https://management.azure.com/subscriptions/<subscriptionId>/providers/Microsoft.PolicyInsights/policyStates/$metadata#latest/$entity”,
“ResourceId”: “/subscriptions/<subscriptionName>/resourcegroups/<rgname>/providers/microsoft.compute/virtualmachines/<virtualmachine3ID>”
}
]
}
Leave A Comment?