Introduction:
It is possible to have an experience akin to Azure Stack right in public Azure. As you might already know all of the features available in public Azure are not going to be available immediately in Azure Stack. Also not everyone can set up an Azure Stack POC node due to the hardware requirements needed to set it up. With this in mind the Azure Stack team has a Azure ARM policy module that you can apply to the following:-
(a) An Azure subscription OR
(b) to an Azure Resource Group in a subscription.
Azure Stack ARM Policy – https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-policy-module
However there is a bug in the documentation, and the following script is what I used to apply the Azure Stack policy to a Resource Group in my subscription. You should be able to copy the below script into a PowerShell ISE and then run it line by line. Fix any errors, if they occur.
## PowerShell BEGIN#######
## To download the tools folder, run the following command:
# Change directory to the root directory
cd
# Download the tools archive
invoke-webrequest https://github.com/Azure/AzureStack-Tools/archive/master.zip -OutFile master.zip
# Expand the downloaded files
expand-archive master.zip -DestinationPath . -Force
# Change to the tools directory
cd AzureStack-Tools-master
## Import the AzureStack.Policy.psm1 module:
import-module .PolicyAzureStack.Policy.psm1
## Apply policy to a Resource Group in subscription.
## The following command can be used to apply a default Azure Stack policy against your Azure subscription. Before running,
## replace Azure Subscription Name with your Azure subscription.
Login-AzureRmAccount
$resourceGroupName = ‘AzureStack’ ## Just created this myself in the subscription from portal.
New-AzureRmResourceGroup -Name $resourceGroupName -Location “South Central US”
Get-AzureRmSubscription
$s = Select-AzureRmSubscription -SubscriptionId
$subscriptionID = $s.Subscription.SubscriptionId
## $s = Select-AzureRmSubscription -SubscriptionName “Windows Azure MSDN – Visual Studio Ultimate”
$policy = New-AzureRmPolicyDefinition -Name AzureStack -Policy (Get-AzureStackRmPolicy)
## New-AzureRmPolicyAssignment -Name AzureStack -PolicyDefinition $policy -Scope /subscriptions/$s.Subscription.SubscriptionId/resourceGroups/$resourceGroupName
## OR (read the comments in the link – https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-policy-module#policy-in-action )
## New-AzureRmPolicyAssignment -Name AzureStack -PolicyDefinition $policy -Scope /subscriptions/$s.Subscription.SubscriptionId/resourceGroups/$resourceGroupName
New-AzureRmPolicyAssignment -Name AzureStack -PolicyDefinition $policy -Scope /subscriptions/$subscriptionID/resourceGroups/$resourceGroupName
## PowerShell END#######
Once you do this, you could go to the ResourceGroup (in my case “AzureStack” ) in the portal and then you would be able to provision and experience resource that are possible in Azure Stack (proper) right within public Azure.
Once setup, you could log into your public subscription and see it in effect. Navigate to the specific ResourceGroup and click on “Policies” and then Click on “Assignment Rule” and you can see the actual policy rule in JSON format.
This may not exactly reflect Azure Stack objects that you can create as this JSON code that implements the policy needs to keep constantly in sync with what is a continuous cadence of updates to Azure Stack. It is a moving target, but you get to see how policies can be leveraged.
