Custom Policy Definitions and Initiatives

Custom Policy Definitions and Initiatives

Watch the video to deepen your understanding.

Subscribe

Complete the full lesson to earn 25 points

Work through each section, then tap “Mark as Complete” on the last one.

Section 1 of 3

✦ Skip the page breaks and see fewer ads — read each lesson on a single page with Pro

Lesson: Custom Policy Definitions and Initiatives

Introduction

In the cloud, "Governance" is the guardrail that ensures your resources remain secure, compliant, and cost-effective. While cloud providers (like Azure Policy or AWS Organizations) offer a vast library of built-in policies, organizations often have unique requirements that generic policies cannot address.

Custom Policy Definitions allow you to codify your specific business logic, security standards, and operational requirements into executable rules. Initiatives (or Policy Sets) act as a wrapper, grouping these individual policies into a logical collection that can be assigned to resources as a single unit.

By mastering custom policies, you move from "reactive monitoring" to "proactive enforcement," ensuring your infrastructure is compliant by design.


Understanding Policy Definitions

A Policy Definition is a JSON file that describes a rule. Every policy definition consists of three primary components:

  1. Policy Rule: The logic that evaluates if a resource is compliant or non-compliant.
  2. Parameters: Variables that make your policy reusable (e.g., allowed regions, allowed SKU sizes).
  3. Metadata: Descriptive information such as display name, category, and versioning.

Practical Example: Restricting Resource Locations

Suppose your company policy mandates that all resources must reside in the "East US" region to comply with data residency laws. Instead of relying on manual checks, you define a custom policy.

Code Snippet: Policy Definition JSON

{
  "properties": {
    "displayName": "Restrict resource locations",
    "policyType": "Custom",
    "mode": "Indexed",
    "parameters": {
      "allowedLocations": {
        "type": "Array",
        "metadata": {
          "description": "The list of allowed locations for resources.",
          "displayName": "Allowed locations"
        }
      }
    },
    "policyRule": {
      "if": {
        "not": {
          "field": "location",
          "in": "[parameters('allowedLocations')]"
        }
      },
      "then": {
        "effect": "deny"
      }
    }
  }
}

Section 1 of 3
PrevNext