Azure Policy - Subnets should have an Network Security Group
I often find it useful to create a proof for a security control and demonstrate how it works and pick up some useful techniques on the way. Download the Postman export here . The issue with this fine policy is in the way the latest Terraform works. It creates the subnet prior to associating the NSG which means it is blocked from creating the subnet. Use the Terraform in the initial_env directory to create the starting point for the lab work. Attach the Policy to the Resource Group Obtain the 'Subnets should have a Network Security Group' policy definition from here and add to your subscription. The name may conflict with a built-in policy so add something to the end - I added Andy on the end to differentiate it. Attach the policy to a resource group. In this example the resource group 'az-900'. Azure Policy Definition Assigned to the Resource Group az-900 Azure Policy Assignment Postman Create Subnet Use the HTTP API to create a subnet and associate an NSG in a sin