A Review of Azure Policy and Azure Blueprints
Mario Brenes
🇨🇷 🇧🇷 🇺🇸 | Azure L3 Support & Delivery Engineer | Infrastructure Ops | DevOps Practitioner | Technical Lead
Do you understand that work is no longer done in "our best way" but in line with international standards?. To start Cloud Governance, one of the most important question is: What is do I want? To get this answer, you need to get help by one framework to create your strategy.
Could you please tell me which way to go? - That largely depends on where you want to go - said the cat. "I don't really care where ..." said Alicia. - Then it doesn't matter much where you go - said the cat.
Lewis Carroll, Alice in Wonderland.
Cloud Governance
The need to govern is driven by organizations having:
- Multiple engineering teams (deploying and operating in)
- Multiple subscriptions
- The need to standardize or enforce how cloud resources are configured
- The requirement to satisfy regulatory compliance, create cost value, security demands, or achieve design consistency
By providing governance capabilities as part of the Azure platform, customers can implement policies and compliance earlier in the development process, thereby accelerating compliant development.
With Azure, you can create compliant environments from the very beginning instead of waiting for challenges or problems to arise. These services collectively represent the most complete, built-in governance offering in any public cloud - and the best part is they are all available to Azure customers at no additional cost.
Overall, Azure Governance services are designed to help customers:
- Enforce internal standards and guardrails
- Apply consistent security & management
- Setup environments faster
- Meet regulatory compliance requirements
- Release compliant code faster
- Control costs
- Organize resources to match your organization
Azure Policy
Azure Policy is a control service in Azure that is used to create, assign, and manage policies. These policies enforce different rules and effects over your resources, keeping them compliant with your corporate standards and service level agreements. Azure Policy meets this need by evaluating your resources for non-compliance with assigned policies.
For example, you can have a policy that allows only a certain VM SKU in your environment. Once the policy is implemented, new and existing resources are evaluated for compliance.
With the right type of policy, existing resources can be brought into compliance.
Azure Blueprints
Azure Blueprints assists with environment setup. Such environments often include:
- Azure resource groups
- Role assignments
- Different policies
- Resource Manager deployment templates
Blueprints are packages that pull these types of resources and artifacts together. The package contains resources defined to meet your standards, compliance requirements, and company policies.
◉ Cloud Adoption Framework governance documentation - https://aka.ms/azfr/639/01
◉ Cloud Adoption Framework Governance Benchmark Tool - https://aka.ms/azfr/639/02
◉ Cloud Adoption Framework Governance Guides - https://aka.ms/azfr/639/03
◉ Cloud Adoption Framework for Azure - https://aka.ms/azfr/639/04