You use aliases to access specific properties for a resource type.
An alias enable you to restrict what values or conditions are permitted for a property on a resource. Each alias maps to the paths in different API versions for a given resource type. During policy evaluation, the policy engine gets the property path for that API version. For more information about Policy and aliases, visit this blog post
Instructions for viewing all aliases that can be used in Azure Resource Policy are available here.
- File a new issue to the Azure Policy Github repository
- Use the Alias Request issue template
Alias request: Microsoft.Web/serverfarms/hostingEnvironmentProfile.id
Ensure that all App Service plans are using an appropriate App Service Environment
- RP:
Microsoft.Web - Resource Type:
serverFarms - Property:
properties.hostingEnvironmentProfile.id
{
"properties": {
"displayName": "Only allow creation of ASP on ASE",
"description": "Only allow creation of ASP on ASE",
"parameters": {
"hostingEnvironmentProfileID": {
"type": "string",
"metadata": {
"description": "appServiceEnvironmentName"
}
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Web/serverfarms"
},
{
"not": {
"allOf": [
{
"field": "Microsoft.Web/serverfarms/hostingEnvironmentProfile.id",
"equals": "[parameters('hostingEnvironmentProfileID')]"
}
]
}
}
]
},
"then": {
"effect": "deny"
}
}
}
}