Wrapping up some initial research and testing on a feature in Azure Policy called Export to GitHub.
There is a great set of videos walking through the process below.
Export Azure Policy resources to GitHub Repository
Deploy Azure Policies with GitHub workflows
Tip: be sure to create a Private Repo 1st before signing up and linking to it.
The essential thing here is you begin and start the process of Azure Policy as code using DevOps processes with GitHub Actions and Azure Pipelines. While I am still coming up to speed on GitHub Actions I could easily see some really great stuff here.
A sprinkle of JSON validation, an auto assignment of policy change or new policy to a Test Resource Group, and then someone confirming and allowing the Policy Change in production.
An even more awesome pipeline could involve if the category in Azure Policy is Security than a GitHub Action or Azure Pipeline towards the end sets up the Azure Security Center custom initiative. << More research and testing will be required.
This all started as a customer was looking to export the policies programmatically so I wrote a quick PowerShell script here
Nothing too fancy but it is a start. The script collects the custom policies you have in a subscription and exports them locally to the computer following the same structure the Export to GitHub feature does.
The script has room for growth in a few areas over the next few weeks as I noted comments everywhere when a thought popped into my head. One addition I want to make is use the GitHub PowerShell module and end to end export from azure subscription directly into your GitHub repo.
If you are using Azure Policy and Export to GitHub please comment below. Would love to hear how it is going and anything extra you are throwing into the GitHub Actions or Pipelines ?
Additional Links:
Tutorial: Implement Azure Policy as Code with GitHub
Design Azure Policy as Code workflows