12 Governing your subscriptions using Azure Policy
This chapter covers
- The benefits of using Azure Policy
- Using the built-in policies
- Writing, testing and deploying custom policies
- Reviewing the current compliancy status and improving that
All the examples and scenario’s you have seen so far were all relatively small. They covered mostly one application or were deployed to one or two subscriptions. When that is the case, it is straightforward to keep track of what resources you have running in Azure and make sure that your solution is secure, compliant and cost effective. When your cloud workload gets bigger, that is much harder to do. Luckily Azure has a built-in feature called Azure Policy that can help you govern your Azure resources and you can use Azure Policy, using Infrastructure as Code or as it is then often called: Policy as Code. In this chapter, you will learn how to use Azure Policy to govern Azure architectures.
Imagine you work at an enterprise organization that wants to make the move to the Azure cloud. Currently, all the teams run their application and infrastructure in one or more on-premises datacenters. What is often done in such a situation is that you build something called an Landing Zone in Azure and use a Hub and Spoke architecture.