示例 - 允许用于存储帐户和虚拟机的 SKUSample - Allowed SKUs for storage accounts and virtual machines

此策略需要存储帐户和虚拟机使用已批准的 SKU。This policy requires that storage accounts and virtual machines use approved SKUs. 使用内置策略以确保使用已批准的 SKU。Uses built-in policies to ensure approved SKUs. 指定已批准的虚拟机 SKU 数组和已批准的存储帐户 SKU 数组。You specify an array of approved virtual machines SKUs, and an array of approved storage account SKUs.

如果没有 Azure 订阅,可在开始前创建一个试用帐户If you don't have an Azure subscription, create a trial account before you begin.

示例模板Sample template

{
   "properties": {
      "displayName": "Allowed SKUs for Storage Accounts and Virtual Machines",
      "description": "This policy allows you to specify what skus are allowed for storage accounts and virtual machines",
      "parameters": {
         "LISTOFALLOWEDSKUS_1": {
            "type": "Array",
            "metadata": {
               "displayName": "VM SKUs",
               "strongType": "vmSKUs"
            }
         },
         "LISTOFALLOWEDSKUS_2": {
            "type": "Array",
            "metadata": {
               "displayName": "Storage Account SKUs",
               "strongType": "storageSkus"
            }
         }
      },
      "policyDefinitions": [
         {
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3",
            "parameters": {
               "listOfAllowedSKUs": {
                  "value": "[parameters('LISTOFALLOWEDSKUS_1')]"
               }
            }
         },
         {
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1",
            "parameters": {
               "listOfAllowedSKUs": {
                  "value": "[parameters('LISTOFALLOWEDSKUS_2')]"
               }
            }
         }
      ],
      "metadata": {
         "category": "Cost Control"
      }
   }
}

可使用 Azure 门户或将其与 PowerShell 配合使用来部署此模板。You can deploy this template using the Azure portal or with PowerShell.

使用门户进行部署Deploy with the portal

将策略示例部署到 AzureDeploy the Policy sample to Azure

使用 PowerShell 进行部署Deploy with PowerShell

本示例需要 Azure PowerShell。This sample requires Azure PowerShell. 运行 Get-Module -ListAvailable Az 即可查找版本。Run Get-Module -ListAvailable Az to find the version. 如果需要进行安装或升级,请参阅安装 Azure PowerShell 模块If you need to install or upgrade, see Install Azure PowerShell module.

运行 Connect-AzAccount -Environment AzureChinaCloud,创建与 Azure 的连接。Run Connect-AzAccount -Environment AzureChinaCloud to create a connection with Azure.

$policydefinitions = "https://raw.githubusercontent.com/Azure/azure-policy/master/samples/PolicyInitiatives/skus-for-multiple-types/azurepolicyset.definitions.json"
$policysetparameters = "https://raw.githubusercontent.com/Azure/azure-policy/master/samples/PolicyInitiatives/skus-for-multiple-types/azurepolicyset.parameters.json"

$policyset= New-AzPolicySetDefinition -Name "skus-for-multiple-types" -DisplayName "Allowed SKUs for Storage Accounts and Virtual Machines" -Description "This policy allows you to speficy what skus are allowed for storage accounts and virtual machines" -PolicyDefinition $policydefinitions -Parameter $policysetparameters 
 
New-AzPolicyAssignment -PolicySetDefinition $policyset -Name <assignmentName> -Scope <scope>  -LISTOFALLOWEDSKUS_1 <VM SKUs> -LISTOFALLOWEDSKUS_2 <Storage Account SKUs>

清理 PowerShell 部署Clean up PowerShell deployment

运行以下命令删除策略分配和定义。Run the following command to remove the policy assignment and definition.

Remove-AzPolicyAssignment -Name <assignmentName>
Remove-AzPolicySetDefinitions -Name "skus-for-multiple-types"

使用 Azure CLI 进行部署Deploy with Azure CLI

若要运行此示例,请确保已安装最新版本的 Azure CLITo run this sample, make sure you have installed the latest version of the Azure CLI. 若要开始,请运行 az login 以创建与 Azure 的连接。To start, run az login to create a connection with Azure.

此示例在 Bash shell 中正常工作。This sample works in a Bash shell. 有关在 Windows 客户端上运行 Azure CLI 脚本的选项,请参阅在 Windows 上安装 Azure CLIFor options on running Azure CLI scripts on Windows client, see Install the Azure CLI on Windows.

az policy set-definition create --name "skus-for-multiple-types" --display-name "Allowed SKUs for Storage Accounts and Virtual Machines" --description "This policy allows you to speficy what skus are allowed for storage accounts and virtual machines" --definitions "https://raw.githubusercontent.com/Azure/azure-policy/master/samples/PolicyInitiatives/skus-for-multiple-types/azurepolicyset.definitions.json" --params "https://raw.githubusercontent.com/Azure/azure-policy/master/samples/PolicyInitiatives/skus-for-multiple-types/azurepolicyset.parameters.json"

az policy assignment create --name <assignmentName> --scope <scope> --policy-set-definition "skus-for-multiple-types" --params "{ 'LISTOFALLOWEDSKUS_1': { 'value': <VM SKU Array> }, 'LISTOFALLOWEDSKUS_2': { 'value': <Storage Account SKU Array> } }"

清理 Azure CLI 部署Clean up Azure CLI deployment

运行以下命令删除策略分配和定义。Run the following command to remove the policy assignment and definition.

az policy assignment delete --name <assignmentName>
az policy set-definition delete --name "skus-for-multiple-types"

后续步骤Next steps