G
Gennadyk
What is Azure Policy?
Azure Policy is a service within Microsoft Azure that allows organizations to create, assign, and manage policies. These policies define rules and effects over resources, identities, and groups, in an effort to ensure compliance and uphold security. Enforcement comes in two forms – flagging noncompliance so your team can remediate the concern or simply blocking deployment.
Core Concepts of Azure Policy
At the heart of Azure Policy are two core components: policies and initiatives. Policies in Azure are the specific rules or guidelines, while initiatives are collections of policies that help achieve a broader compliance goal. Let’s break down the components of policies below.
- A policy definition expresses what to evaluate and what action to take. Each policy definition in Azure Policy has a set of conditions under which it’s enforced and an accompanying effect that takes place if the conditions are met.
- Policy effects is what happens when the conditions are met. Some common effects include: Deny, Audit, Append, Disabled, and DeployIfNotExists
- Policy parameters are used to provide flexibility and reduce policy definition redundancy. They allow you to reuse the policy definition for different scenarios. Think of them as fields on a form to fill out – name, city, birthdate, address, etc. They remain, but how you fill them out can change.
- Policy assignments are the application of a policy or initiative to a specific scope (subscription, management group, etc.)
Pic 1. Structure of Azure Policy (credit Sonrai Security)
Advantages of Azure Policy
Main benefits of using Azure Policy include consistent governance across all resources, streamlined management of policy enforcement, improved security and compliance, and increased visibility and control over cloud resources.
Azure Policy vs. Azure Role Based Access Control (RBAC)
Azure Policy and Azure Role-Based Access Control (RBAC) differ significantly. While Azure Policy focuses on resource properties, RBAC concentrates on user actions. Azure Policy enforces properties at the time of resource creation or update, whereas RBAC controls what users can do with existing resources.
Announcing General Availability of Pre-defined Azure Policy Definitions for PostgreSQL Flexible Server
Built-in policies are developed and tested by Microsoft, ensuring they meet common standards and best practices, and can be deployed quickly without the need for additional configuration, making them ideal for standard compliance requirements. We are happy to announce general availability of built-in policy support. This document has a full list of supported pre-built policy definitions.
Custom policy definitions
A custom policy definition allows customers to define their own rules for using Azure. These rules often enforce:
- Security practices
- Cost management
- Organization-specific rules (like naming or locations)
An example of creation of custom policy definition can be found in this document.
Resources
For more information on Azure Policy and its support with Azure PostgreSQL Flexible Server:
- Security - Azure Database for PostgreSQL - Flexible Server | Microsoft Learn
- List of built-in policy definitions - Azure Policy | Microsoft Learn
- Azure Policy Regulatory Compliance controls for Azure Database for PostgreSQL | Microsoft Learn
- Azure/azure-policy: Repository for Azure Resource Policy built-in definitions and samples (github.com)
To learn more about our Flexible Server managed service, see the Azure Database for PostgreSQL service page. We’re always eager to hear customer feedback, so please reach out to us at Ask Azure DB for PostgreSQL.
Continue reading...