VM creation validation on tags, without actually creating any underlying resources
I have created two policies contained within an initiative for a tagging requirement. One of these validated Resource Group creation, and the other VM creation.
All of my other VM creation requirements (such as allowed images, allowed SKU's, allowed regions etc) result either in a Validation Failed or Validation Passed during creation validation, with the exception of TAG.
When attempting to create a new Resource Group that does not have the required tags defined in the policy, I get a creation error. It's a bit ugly looking but it at least stops the creation of the Resource Group that does not have the required tags defined and shows that it was disallowed by policy.
When I attempt to create a VM, not only does it state "Validation Passed" in the review + create tab of the create a virtual machine blade, but it actually allows for the creation of a network interface, an IP address and an NSG of the same name to all be created BEFORE it fails policy on creating the VM.
This leaves me with a messy manual process of cleaning up failed deployment attempts.
I suggest that either the flag requirement is assessed at the creation validation phase (before any attempt is made to create), or the VM creation attempt is validated first before creating required underlying resources.
Thanks for the valid suggestion. Your feedback is now open for the user community to up-vote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.