Aqua CSPM

Resource Location Matches Resource Group

Quick Info

Plugin TitleResource Location Matches Resource Group
CloudAZURE
CategoryAzure Policy
DescriptionEnsures a policy is configured to audit that deployed resource locations match their resource group locations
More InfoUsing Azure Policy to monitor resource location compliance helps ensure that new resources are not launched into locations that do not match their resource group.
AZURE Linkhttps://docs.microsoft.com/en-us/azure/governance/policy/assign-policy-portal
Recommended ActionEnable the built-in Azure Policy definition: Audit resource location matches resource group location

Detailed Remediation Steps

  1. Log into the Microsoft Azure Management Console.
  2. Select the “Search resources, services, and docs” option at the top and search for Policy.
  3. On the “Policy” page, scroll down the left navigation panel and choose “Assignments” under “Authoring."
  4. On the “Policy - Assignments” page, check the “Policies” listed and if there are no “Policies” for “Resource Location Matches Resource Group” then the selected “Assignment” don’t have any “Resource Location Matches Resource Group” policy.
  5. Repeat steps number 2 - 4 to check different “Policy - Assignments.“
  6. Navigate to “Policy”, scroll down the left navigation panel and choose “Assignemts” and on the “Policy - Assignments” page click on the “Assign Policy” at the top to assign “Resource Location Matches Resource Group” policy.
  7. On the “Assign Policy” page, select the “Scope” accordingly and click on the “…” dots icon to select the “Policy definition” under the “Basics” option.
  8. On the “Available Definitions” page, click on the “Search” box at the tab and search for “Allowed locations for resource groups” and click on the “Select” button at the bottom.
  9. Provide the “Description” accordingly and click on the “Next” button at the bottom.
  10. On the “Remediation” page, click on the checkbox next to the “Create a Managed Identity” and select the “Managed Identity Location” accordingly.
  11. Click on the “Review + Create” button to create the specific “Resource Location Matches Resource Group” policy.
  12. Repeat steps number 6 - 11 to enable the built-in Azure Policy definition: Audit resource location matches resource group location.