{"id":18538951,"url":"https://github.com/eitrtechnologies/example-azure-policies","last_synced_at":"2025-05-15T02:13:15.573Z","repository":{"id":120633269,"uuid":"287559929","full_name":"eitrtechnologies/example-azure-policies","owner":"eitrtechnologies","description":null,"archived":false,"fork":false,"pushed_at":"2020-08-14T15:06:24.000Z","size":6,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-02-17T08:12:53.660Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"SaltStack","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/eitrtechnologies.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-08-14T15:04:45.000Z","updated_at":"2020-08-14T15:06:26.000Z","dependencies_parsed_at":null,"dependency_job_id":"6c37407a-6d71-4492-a505-d34c43102e71","html_url":"https://github.com/eitrtechnologies/example-azure-policies","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eitrtechnologies%2Fexample-azure-policies","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eitrtechnologies%2Fexample-azure-policies/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eitrtechnologies%2Fexample-azure-policies/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eitrtechnologies%2Fexample-azure-policies/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/eitrtechnologies","download_url":"https://codeload.github.com/eitrtechnologies/example-azure-policies/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254259443,"owners_count":22040822,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-06T19:45:38.559Z","updated_at":"2025-05-15T02:13:15.556Z","avatar_url":"https://github.com/eitrtechnologies.png","language":"SaltStack","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Example Azure Policy Assignments for Idem\n\n## TABLE OF CONTENTS\n\n- [INSTALLATION](#installation)\n- [CREDENTIALS](#credentials)\n- [RESOURCE DEFINITION](#resource-definition)\n- [TESTING AND BUILDING RESOURCES](#testing-and-building-resources)\n- [INCLUDED POLICY ASSIGNMENTS](#included-policy-assignments)\n  * [Audit Diagnostic Log Enablement](#diagnosticssls)\n  * [Restrict Allowed Resource Locations](#locationssls)\n  * [Audit VM Disk Encryption](#vmencryptionsls)\n  * [Restrict Allowed VM Sizes](#vmsizessls)\n\nAzure is a cloud service offered by Microsoft that provides virtual machines, SQL services, media services, and more.\nAzure Resource Manager is the next generation of the Azure portal and API.\n\nThese examples show how to assign built-in Policy definitions using [Idem](https://gitlab.com/saltstack/pop/idem), a new\nconfiguration management, Infrastructure as Code (IaC), and API management platform written to the\n[POP](https://gitlab.com/saltstack/pop/pop) programming paradigm.\n\nFurther information on the Azure plugins used in these examples can be found on the `idem-azurerm`\n[GitHub page](https://github.com/eitrtechnologies/idem-azurerm) or the\n[Read the Docs page](https://idem-azurerm.readthedocs.io/en/latest/).\n\n## INSTALLATION\nThe azurerm idem provider can be installed via pip:\n```\npip install idem-azurerm\n```\n\n## CREDENTIALS\nThis provider requires that a dictionary populated with valid Azure credentials be passed via\n[acct](https://gitlab.com/saltstack/pop/acct).\n\nThe credentials can be stored in an arbitrarily named file, such as `myawesomecreds.yml`\n```\n#!yaml\n\nazurerm:\n  default:\n    client_id: \"aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa\"\n    secret: \"X2KRwdcdsQn9mwjdt0EbxsQR3w5TuBOR\"\n    subscription_id: \"bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb\"\n    tenant: \"cccccccc-cccc-cccc-cccc-cccccccccccc\"\n```\n\nIn order to prepare the credentials file for use, the acct command can be run to encrypt the file with the Fernet\nalgorithm.\n```\n(env) $ acct myawesomecreds.yml\nNew encrypted file at: myawesomecreds.yml.fernet\nThe file was encrypted with this key:\n71Gbz2oDSv40Er9YUFBJPzOjtCi6Z2-5niBHPekkvqs=\n```\n\nNow we have an encrypted file containing the credentials and a symmetric key for decryption. Since you have encrypted\nthe file with the key, you can now remove the original plaintext file.\n```\n(env) $ rm myawesomecreds.yml\n```\n\nAll we have to do now is to tell idem where to get the file and key for acct. This information can be passed to acct on\nthe command line as parameters, but we will set up environment variables for the purposes of this tutorial.\n```\n(env) $ export ACCT_FILE=\"/path/to/myawesomecreds.yml.fernet\"\n(env) $ export ACCT_KEY=\"1Gbz2oDSv40Er9YUFBJPzOjtCi6Z2-5niBHPekkvqs=\"\n```\n\n## RESOURCE DEFINITION\nAfter installation, the Azure Resource Manager Idem Provider execution and state modules will be accessible to the hub.\n\nThe following example uses an azurerm state module to ensure the existence of a resource group.\n\nLet's call this file \"mytest.sls\"\n```\nResource group exists:\n  azurerm.resource.group.present:\n    - name: idem\n    - location: eastus\n    - tags:\n        organization: EITR Technologies\n```\n\n## TESTING AND BUILDING RESOURCES\nBefore you build the resources defined in the \".sls\" file you may want to test what will happen when the state file is\nrun. To do this, run idem with the `--test` option.\n```\n(env) $ idem state mytest.sls --test\n```\nOnce you determine that your state file with perform the intended operations, then you can build the defined resources\nby running idem like so:\n```\n(env) $ idem state mytest.sls\n```\n\n## INCLUDED POLICY ASSIGNMENTS\n\n### `diagnostics.sls`\nAudit diagnostic settings for selected resource types.\n\n### `locations.sls`\nThis policy enables you to restrict locations your organization can specify when deploying resources.\n\n### `vmencryption.sls`\nVMs without disk encryption enabled will be monitored by Azure Security Center as recommendations.\n\n### `vmsizes.sls`\nThis policy enables you to specify a set of virtual machine size SKUs that your organization can deploy.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feitrtechnologies%2Fexample-azure-policies","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Feitrtechnologies%2Fexample-azure-policies","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feitrtechnologies%2Fexample-azure-policies/lists"}