👮‍♂️ Azure Naming Convention Initiative 🚨

This repository holds a bunch of bicep templates that creates and assigns Azure polices to audit or enforce a specific naming convention.

The preset follows Microsoft naming convention which was proposed here and adds some that where missing (e.g. private endpoints). For resource types where Microsoft doesn't make any suggestions I have created my own proposals, which can be found here.

However you can modify them according to your needs. The underyling module uses a notLike condition so you can check for pre- and postfixes, e.g. app-* would match app-some-web-application whereas *-app would match some-web-application-app.

🏗 Todo

Update templates, so that pattern takes an array of strings, instead of a single string

👉 Important notes & limitations

After assigning an initiative/policy it can take up to 30min until it becomes active, so be patient!
You need to have the Resource Policy Contributor role assigned on the target subscription.
Bicep currenlty only supports a single scope why I decided to stick with subscription scope for the moment.
I didn't bundle them inside an initiative on purpose, so the user can freely decided on what to policy to use.
When deploying a policy assignment via template, we currently can't set a non-compliant message. This seems to be a limitation of ARM.

This polices are ready to use. You don't have to rebuild them. However, in case you would like to apply your own naming schema follow this steps

Adjust the array at the begining of Generate-Biceps.ps1 according to your needs
Run Generate-Biceps.ps1 that will outout *.biceps into the 'dist` folder
Run Generate-Templates.ps1 to transpile them into JSON-based ARM templates (outputs to the dist folder)

🚀 Currently implemented resources

🟢 Tested 🟡 Not tested yet, feedback welcome! 🔴 Not yet implemented, PR welcome!

General

Asset type	Abbreviation	Status
Management group	`mg-`	🟢
Resource group	`rg-`	🟢
Policy definition	`policy-`	🟡
API management service instance	`apim-`	🟡
Managed Identity	`id-`	🟢

Networking

Asset type	Abbreviation	Status
Private endpoint	`pe-`	🔴
Virtual network	`vnet-`	🟢
Subnet	`snet-`	🟡
Virtual network peering	`peer-`	🟡
Network interface (NIC)	`nic-`	🟡
Public IP address	`pip-`	🟡
Load balancer (internal)	`lbi-`	🔴
Load balancer (external)	`lbe-`	🔴
Network security group (NSG)	`nsg-`	🟡
Application security group (ASG)	`asg-`	🟡
Local network gateway	`lgw-`	🟡
Virtual network gateway	`vgw-`	🟡
VPN connection	`cn-`	🟡
ExpressRoute circuit	`erc-`	🟡
Application gateway	`agw-`	🟡
Route table	`route-`	🟡
User defined route (UDR)	`udr-`	🟡
Traffic Manager profile	`traf-`	🟡
Front door	`fd-`	🟡
CDN profile	`cdnp-`	🟢
CDN endpoint	`cdne-`	🟢
Web Application Firewall (WAF) policy	`waf`	🟡

Compute and Web

Asset type	Abbreviation	Status
Virtual machine	`vm`	🟢
Virtual machine scale set	`vmss-`	🟡
Availability set	`avail-`	🟡
Managed disk (OS)	`osdisk`	🔴
Managed disk (data)	`disk`	🔴
VM storage account	`stvm`	🔴
Azure Arc enabled server	`arcs-`	🔴
Azure Arc enabled Kubernetes cluster	`arck`	🔴
Container registry	`cr`	🔴
Container instance	`ci-`	🔴
AKS cluster	`aks-`	🟡
Service Fabric cluster	`sf-`	🔴
App Service environment	`ase-`	🔴
App Service plan	`plan-`	🟢
Web app	`app-`	🟢
Static web app	`stapp`	🔴
Function app	`func-`	🟡
Cloud service	`cld-`	🔴
Notification Hubs	`ntf-`	🟡
Notification Hubs namespace	`ntfns-`	🟡

Databases

Asset type	Abbreviation	Status
Azure SQL Database server	`sql-`	🟡
Azure SQL database	`sqldb-`	🟡
Azure Cosmos DB database	`cosmos-`	🟢
Azure Cache for Redis instance	`redis-`	🟢
MySQL database	`mysql-`	🟡
PostgreSQL database	`psql-`	🟢
Azure SQL Data Warehouse	`sqldw-`	🔴
Azure Synapse Analytics	`syn-`	🔴
SQL Server Stretch Database	`sqlstrdb-`	🔴
SQL Managed Instance	`sqlmi-`	🟡

Storage

Asset type	Abbreviation	Status
Storage account	`st`	🟢
Azure StorSimple	`ssimp`	🔴
Azure Container Registry	`acr`	🟢

AI and Machine Learning

Asset type	Abbreviation	Status
Azure Cognitive Search	`srch-`	🔴
Azure Cognitive Services	`cog-`	🔴
Azure Machine Learning workspace	`mlw-`	🔴

Analytics and IoT

Asset type	Abbreviation	Status
Azure Analysis Services server	`as`	🔴
Azure Databricks workspace	`dbw-`	🔴
Azure Stream Analytics	`asa-`	🔴
Azure Data Explorer cluster	`dec`	🔴
Azure Data Factory	`adf-`	🔴
Data Lake Store account	`dls`	🔴
Data Lake Analytics account	`dla`	🔴
HDInsight - Hadoop cluster	`hadoop-`	🔴
HDInsight - HBase cluster	`hbase-`	🔴
HDInsight - Kafka cluster	`kafka-`	🔴
HDInsight - Spark cluster	`spark-`	🔴
HDInsight - Storm cluster	`storm-`	🔴
HDInsight - ML Services cluster	`mls-`	🔴
IoT hub	`iot-`	🔴
Power BI Embedded	`pbi-`	🔴
Time Series Insights environment	`tsi-`	🔴

Developer tools

Asset type	Abbreviation	Status	Deploy
App Configuration store	`appcs-`	🟢
Azure Static Web Apps	`stap-`	🟡

Integration

Asset type	Abbreviation	Status	Deploy
Integration account	`ia-`	🟢
Logic apps	`logic-`	🟢
Service Bus	`sb-`	🟢
Service Bus queue	`sbq-`	🟢
Service Bus topic	`sbt-`	🟢
Event Hubs namespace	`evhns-`	🟢
Event hub	`evh-`	🟢
Event Grid domain	`evgd-`	🟢
Event Grid topic	`evgt-`	🟢
Event Grid system topic	`evgst-`	🔴
Event Grid Subscriptions	`evgs-`	🔴	`Microsoft.EventGrid/eventSubscriptions`

Management and governance

Asset type	Abbreviation	Status
Automation account	`aa-`	🟡
Azure Monitor action group	`ag-`	🔴
Azure Purview instance	`pview-`	🔴
Blueprint	`bp-`	🔴
Blueprint assignment	`bpa-`	🔴
Key vault	`kv-`	🟢
Log Analytics workspace	`log-`	🟢
Application Insights	`appi-`	🟢

Migration

Asset type	Abbreviation	Status
Azure Migrate project	`migr-`	🔴
Database Migration Service instance	`dms-`	🟡
Recovery Services vault	`rsv-`	🟡

jlilleby / azure-naming-convention-initiative Goto Github PK