Proposal for Adding Azure Policies to check list and converting Azure Resource Graph Queries to Azure Policies about review-checklists HOT 4 OPEN

Hey @ealtili I like this idea! What do you think about generating bicep templates containing the policies resulting from the queries, so that folks can deploy them to their subscriptions?

from review-checklists.

Hi @erjosito Indeed this is what I was going to recommend as well. Deploying policies using Bicep Deployment Stacks

So we can have folder Structure

• Policy
  • PolicySet
  • PolicyDefinition
  • PolicyAssignment

I can create this bicep structure and make a pull request.

I appreciate If you let me know to use an existing branch to use or I can create a branch and make a pull request.

Once we create policy structure we can also discuss about incorporating Azure Well Architected review tool Basically then may be for each service it can be aligned with the checklist.

from review-checklists.

Do you think it is going to be feasible creating the bicep files automatically from the ARG queries in the JSON checklists? I would probably have that in a branch, before the automation works.

from review-checklists.

Hey I have been having a look at https://github.com/robinchapas/ConvertToPolicy/blob/master/GraphToPolicy.ps1, and finding some challenges here:

• The REST API /providers/Microsoft.ResourceGraph/resources/policy doesn't seem to be documented in https://learn.microsoft.com/rest/api/azure-resourcegraph/.
• I am getting the error message The query returned an error. Adjust the query directly with Resource Graph to validate expected results, then try again, but without docs it is hard to troubleshoot.
• In any case, the queries stored in the checklist need to be massaged, since they return the extended field compliant, which needs to be changed into a valid rule for policies.

from review-checklists.