{"id":94740,"date":"2022-07-25T17:00:41","date_gmt":"2022-07-25T17:00:41","guid":{"rendered":"https:\/\/www.red-gate.com\/simple-talk\/?p=94740"},"modified":"2022-07-19T22:01:41","modified_gmt":"2022-07-19T22:01:41","slug":"creating-azure-policy-to-setup-virtual-machine-auto-shutdown","status":"publish","type":"post","link":"https:\/\/www.red-gate.com\/simple-talk\/blogs\/creating-azure-policy-to-setup-virtual-machine-auto-shutdown\/","title":{"rendered":"Creating Azure Policy to setup Virtual Machine Auto-Shutdown"},"content":{"rendered":"

\u00a0The Auto-Shutdown policy is another important policy to ensure our virtual machines don’t expend more than what we planned for them. If we have a time window to use the virtual machines, the auto-shutdown policy can deactivate them at the right time.<\/p>\n

We need to discover the deep internal details about the auto-shutdown configuration before creating the policy. The method we can use is to set this configuration and export the virtual machine as a template. We change the configuration to on and off, export and check the difference.<\/p>\n

After testing the export template you will discover that Azure creates an object of type Microsoft.DevTestLab\/schedules<\/em> when the auto-shutdown configuration is defined. Azure creates this object the first time we enable the auto-shutdown configuration. However, when we disable it, Azure doesn’t drop the object, it only disables it. Azure enables the existing object again when the auto-shutdown configuration.<\/p>\n

Schedules and Properties<\/h2>\n

We need to check the Microsoft.DevTestLab\/schedules. <\/em>We will test the property targetResourceId<\/em> to ensure the schedule belongs to the correct machine machine and the status<\/em> property to check if the schedule object is enabled or not.<\/p>\n

The policy require us to use the full name of the fields. The documentation about the full name of the fields is not always available. It’s a challenge to find them. After a lot of research, I discovered the full name of the fields:<\/p>\n

Status:<\/strong> Microsoft.DevTestLab\/schedules\/status<\/p>\n

TargetRersourceId:<\/strong> Microsoft.DevTestLab\/schedules\/targetResourceId<\/p>\n

A few weeks ago I wrote about parameterizing Azure policies<\/a>. We can apply the same concepts to the auto-shutdown policy. The local IT teams will choose to enable the auto-shutdown configuration automatically or only audit when the configuration is enabled or not. The policy will allow them to choose between AuditIfNotExists<\/strong> or DeployIfNotExists<\/strong><\/p>\n

The policy will be like this:<\/p>\n

<\/p>\n

\n
{\r\n     \"parameters\"<\/span>: {\r\n          \"effect\"<\/span>: {\r\n            \"type\"<\/span>: \"String\"<\/span>,\r\n            \"metadata\"<\/span>: {\r\n              \"displayName\"<\/span>: \"Effect\"<\/span>,\r\n              \"description\"<\/span>: \"Enable or disable the execution of the policy\"<\/span>\r\n            },\r\n            \"allowedValues\"<\/span>: [\r\n              \"DeployIfNotExists\"<\/span>,\r\n              \"auditIfNotExists\"<\/span>,\r\n              \"Disabled\"<\/span>\r\n            ],\r\n            \"defaultValue\"<\/span>: \"DeployIfNotExists\"<\/span>\r\n          }\r\n     },\r\n     \"policyRule\"<\/span>: {\r\n       \"if\"<\/span>: {\r\n         \"allOf\"<\/span>: [\r\n           {\r\n             \"field\"<\/span>: \"type\"<\/span>,\r\n             \"equals\"<\/span>: \"Microsoft.Compute\/virtualMachines\"<\/span>\r\n           }\r\n         ]\r\n       },\r\n       \"then\"<\/span>: {\r\n         \"effect\"<\/span>: \"[parameters('effect')]\"<\/span>,\r\n         \"details\"<\/span>: {\r\n           \"type\"<\/span>: \"microsoft.devtestlab\/schedules\"<\/span>,\r\n           \"roleDefinitionIds\"<\/span>: [\r\n             \"\/providers\/Microsoft.Authorization\/roleDefinitions\/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"<\/span>\r\n           ],\r\n           \"existenceCondition\"<\/span>: {\r\n             \"allOf\"<\/span>: [\r\n               {\r\n                 \"field\"<\/span>: \"Microsoft.DevTestLab\/schedules\/targetResourceId\"<\/span>,\r\n                 \"equals\"<\/span>: \"[field('id')]\"<\/span>\r\n               },\r\n               {\r\n                 \"field\"<\/span>: \"Microsoft.DevTestLab\/schedules\/status\"<\/span>,\r\n                 \"equals\"<\/span>: \"Enabled\"<\/span>\r\n               }\r\n             ]\r\n           },\r\n           \"deployment\"<\/span>: {\r\n             \"properties\"<\/span>: {\r\n               \"mode\"<\/span>: \"incremental\"<\/span>,\r\n               \"name\"<\/span>: \"Default\"<\/span>,\r\n               \"template\"<\/span>: {\r\n                 \"$schema\"<\/span>: \"https:\/\/schema.management.azure.com\/schemas\/2019-04-01\/deploymentTemplate.json#\"<\/span>,\r\n                 \"contentVersion\"<\/span>: \"1.0.0.0\"<\/span>,\r\n                 \"parameters\"<\/span>: {\r\n                   \"vmName\"<\/span>: {\r\n                     \"defaultValue\"<\/span>: \"devMaltaStation\"<\/span>,\r\n                     \"type\"<\/span>: \"String\"<\/span>\r\n                   }\r\n                 },\r\n                 \"variables\"<\/span>: {\r\n                   \"rId\"<\/span>: \"[resourceId('Microsoft.Compute\/virtualMachines', parameters('vmName'))]\"<\/span>,\r\n                   \"schName\"<\/span>: \"[concat('shutdown-computevm-',parameters('vmName'))]\"<\/span>\r\n                 },\r\n                 \"resources\"<\/span>: [\r\n                   {\r\n                     \"type\"<\/span>: \"Microsoft.DevTestLab\/schedules\"<\/span>,\r\n                     \"apiVersion\"<\/span>: \"2018-09-15\"<\/span>,\r\n                     \"name\"<\/span>: \"[variables('schName')]\"<\/span>,\r\n                     \"location\"<\/span>: \"northeurope\"<\/span>,\r\n                     \"properties\"<\/span>: {\r\n                       \"status\"<\/span>: \"Enabled\"<\/span>,\r\n                       \"taskType\"<\/span>: \"ComputeVmShutdownTask\"<\/span>,\r\n                       \"dailyRecurrence\"<\/span>: {\r\n                         \"time\"<\/span>: \"0000\"<\/span>\r\n                       },\r\n                       \"timeZoneId\"<\/span>: \"Central European Standard Time\"<\/span>,\r\n                       \"notificationSettings\"<\/span>: {\r\n                         \"status\"<\/span>: \"Disabled\"<\/span>,\r\n                         \"timeInMinutes\"<\/span>: 30<\/span>,\r\n                         \"notificationLocale\"<\/span>: \"en\"<\/span>\r\n                       },\r\n                       \"targetResourceId\"<\/span>: \"[variables('rId')]\"<\/span>\r\n                     }\r\n                   }\r\n                 ]\r\n               },\r\n               \"parameters\"<\/span>: {\r\n                 \"vmName\"<\/span>: {\r\n                   \"value\"<\/span>: \"[field('name')]\"<\/span>\r\n                 }\r\n               }\r\n             }\r\n           }\r\n         }\r\n       }\r\n     }\r\n}\r\n<\/pre>\n<\/div>\n
\nOnce created and assigned, you can check the policy to verify the result or apply remediation. I wrote a bit about this on the blog about evaluating Azure Policy tenant-wide<\/a><\/p>\n
 <\/p>\n
Summary<\/h2>\n
The auto-shutdown policy is one more important policy we should use in our Azure environment. Making it as a parameterized policy is one additional benefit for our environment.<\/p>\n
 <\/p>\n","protected":false},"excerpt":{"rendered":"
\u00a0The Auto-Shutdown policy is another important policy to ensure our virtual machines don’t expend more than what we planned for them. If we have a time window to use the virtual machines, the auto-shutdown policy can deactivate them at the right time. We need to discover the deep internal details about the auto-shutdown configuration before……<\/p>\n","protected":false},"author":50808,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2],"tags":[5364,145786,5383],"coauthors":[6810],"class_list":["post-94740","post","type-post","status-publish","format-standard","hentry","category-blogs","tag-azure","tag-azure-policy","tag-virtual-machines"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts\/94740","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/users\/50808"}],"replies":[{"embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/comments?post=94740"}],"version-history":[{"count":5,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts\/94740\/revisions"}],"predecessor-version":[{"id":94746,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts\/94740\/revisions\/94746"}],"wp:attachment":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/media?parent=94740"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/categories?post=94740"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/tags?post=94740"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/coauthors?post=94740"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}