Azure - Inherit Tags from Resource Group using Azure Policy
Introduction
Following ARM template can be used in Azure Policy to inherit the tags from RG . I have defined 6 tags paramter for this inheritance and this can be increased or decreased as per the requirement. Also, this policy has the modify added so that it can remediate existing RG's if needed.
#Code start from here
{
"mode": "Indexed",
"policyRule": {
"if": {
"anyOf": [
{
"allOf": [
{
"field": "[concat('tags[', parameters('tagName1'), ']')]",
"notEquals": "[resourceGroup().tags[parameters('tagName1')]]"
},
{
"value": "[resourceGroup().tags[parameters('tagName1')]]",
"notEquals": ""
}
]
},
{
"allOf": [
{
"field": "[concat('tags[', parameters('tagName2'), ']')]",
"notEquals": "[resourceGroup().tags[parameters('tagName2')]]"
},
{
"value": "[resourceGroup().tags[parameters('tagName2')]]",
"notEquals": ""
}
]
},
{
"allOf": [
{
"field": "[concat('tags[', parameters('tagName3'), ']')]",
"notEquals": "[resourceGroup().tags[parameters('tagName3')]]"
},
{
"value": "[resourceGroup().tags[parameters('tagName3')]]",
"notEquals": ""
}
]
},
{
"allOf": [
{
"field": "[concat('tags[', parameters('tagName4'), ']')]",
"notEquals": "[resourceGroup().tags[parameters('tagName4')]]"
},
{
"value": "[resourceGroup().tags[parameters('tagName4')]]",
"notEquals": ""
}
]
},
{
"allOf": [
{
"field": "[concat('tags[', parameters('tagName5'), ']')]",
"notEquals": "[resourceGroup().tags[parameters('tagName5')]]"
},
{
"value": "[resourceGroup().tags[parameters('tagName5')]]",
"notEquals": ""
}
]
},
{
"allOf": [
{
"field": "[concat('tags[', parameters('tagName6'), ']')]",
"notEquals": "[resourceGroup().tags[parameters('tagName6')]]"
},
{
"value": "[resourceGroup().tags[parameters('tagName6')]]",
"notEquals": ""
}
]
}
]
},
"then": {
"effect": "modify",
"details": {
"roleDefinitionIds": [
"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"operations": [
{
"operation": "addOrReplace",
"field": "[concat('tags[', parameters('tagName1'), ']')]",
"value": "[resourceGroup().tags[parameters('tagName1')]]"
},
{
"operation": "addOrReplace",
"field": "[concat('tags[', parameters('tagName2'), ']')]",
"value": "[resourceGroup().tags[parameters('tagName2')]]"
},
{
"operation": "addOrReplace",
"field": "[concat('tags[', parameters('tagName3'), ']')]",
"value": "[resourceGroup().tags[parameters('tagName3')]]"
},
{
"operation": "addOrReplace",
"field": "[concat('tags[', parameters('tagName4'), ']')]",
"value": "[resourceGroup().tags[parameters('tagName4')]]"
},
{
"operation": "addOrReplace",
"field": "[concat('tags[', parameters('tagName5'), ']')]",
"value": "[resourceGroup().tags[parameters('tagName5')]]"
},
{
"operation": "addOrReplace",
"field": "[concat('tags[', parameters('tagName6'), ']')]",
"value": "[resourceGroup().tags[parameters('tagName6')]]"
}
]
}
}
},
"parameters": {
"tagName1": {
"type": "String",
"metadata": {
"displayName": "Tag Name1",
"description": "Name of the tag, such as 'environment'"
}
},
"tagName2": {
"type": "String",
"metadata": {
"displayName": "Tag Name2",
"description": "Name of the tag, such as 'ProjectCode'"
}
},
"tagName3": {
"type": "String",
"metadata": {
"displayName": "Tag Name3",
"description": "Name of the tag, such as 'SBU'"
}
},
"tagName4": {
"type": "String",
"metadata": {
"displayName": "Tag Name4",
"description": "Name of the tag, such as 'SubscriptionName'"
}
},
"tagName5": {
"type": "String",
"metadata": {
"displayName": "Tag Name5",
"description": "Name of the tag, such as 'SubscriptionType'"
}
},
"tagName6": {
"type": "String",
"metadata": {
"displayName": "Tag Name6",
"description": "Name of the tag, such as 'ServiceLine'"
}
}
}
}
#Code ends
Comments