Azure Policy which prevents creation of Application Insights without daily cap

Question

I'm trying to create an Azure Policy which prevents creation of Application Insights resources when:

daily volume cap is not set,
or when the cap is greater than 1 (GB).

Here is the policy rule definition:

{
  "mode": "All",
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "microsoft.insights/components/pricingPlans"
        },
        {
          "anyOf": [
            {
              "field": "microsoft.insights/components/pricingPlans/cap",
              "exists": "false"
            },
            {
              "field": "microsoft.insights/components/pricingPlans/cap",
              "greater": 1
            }
          ]
        }
      ]
    },
    "then": {
      "effect": "deny"
    }
  }
}

Unfortunately the definition doesn't work = has no effect :(

I've also tried with different field like "microsoft.insights/components/currentbillingfeatures/dataVolumeCap/cap" but it doesn't help.

What I'm doing wrong? Is it possible to define such kind of policy?

Azure Policy uses the json representation of a resource. What does a cap-less Application Insights resource look like when you use export template, GET via REST API, etc? I'm guessing the "cap" field has some unexpected value like -1 when it's not set. — sapphiremirage, Nov 17 '21 at 02:39

Azure Policy which prevents creation of Application Insights without daily cap

0 Answers0