Policy is one of the foundation pillars for the Azure Enterprise Scaffold
. Policies can enforce, audit and restrict various operations/actions performed on the Azure services.
Microsoft Azure Policy:
Recently announced Azure Policy
let ‘s any enterprise govern the required set of rules to apply and monitor compliances across different levels of an Azure account ranging from Subscription l to the individual or group of resources.
One of the key feature in enforcing the policy is the ability to define the specific compliance requirements while not bringing any disruptions to any mission critical workloads.
In an organization , while the Dev accounts should have strict enforcement in terms of Geography and Size of the workloads, it may no be applicable to the production workloads where certain resize is required dynamically based on the transaction load.
Azure policy framework offers such flexibility by providing the following actions:
Deny Action: Restricts any operation/action that meets specific evaluation criteria such as CostCenter tag is is missing.
- Audit Action: Audit action allows any specific operation that meets specific evaluation criteria , however it add an entry in the activity log with compliance state as Non-compliant.
- Append Action:Lets the administrator defines certain rules while performing any specific operation. Its useful in case any specific tag to be appended for any new resource being provisioned.
while there are several rule engines or policy engines available to Audit events once they are initiated, Azure policy restricts the initiation of any non-compliant operation/action.
CoreStack and Azure Policy:
CoreStack governance framework has many in-built policies that can be applied across different clouds , it also supports defining and assigning Azure policies. The Policies can be defined at an Account level and rules can be created to apply the policies for different subscriptions (Dev/QA/Production).
While the Azure policy free-tier enforces policies only for future resources , CoreStack can audit the policy compliance for the existing resources. CoreStack enables customer define and assign Azure policies at different levels.CoreStack has its own Policy framework and built-in policies that can work across multi-cloud landscape in a cloud agnostic way .
You can find more information about CoreStack here