When creating a resource group with Azure Policy, I would like to force account information such as user ID and email address as tags.
Sample-Apply tag and its default value
As a result of referring to, it was possible to tag a fixed word, but I do not know how to obtain the aforementioned account information dynamically.
If you know anyone, please teach me how.
Thank you.
If the requirement is when creating / defining the policy:
You may obtain the account information dynamically by using Get-AzContext cmdlet. Note that user ID and email address might be assigned to its (Get-AzContext) properties like 'Account', 'Account.Id', 'Name', etc. So you may run below commands and check the output's to validate User ID, email address are assigned to some context properties in your environment and use them.
Get-AzContext | fl *
Get-AcContext | Select -ExpandProperty ExtendedProperties
$UserID = (Get-AzContext).Account.Id
$UserID = (Get-AzContext).Name
And then provide the dynamically fetched User ID, email address to $policyparam variable (that is mentioned in deployment step of the tutorial you are following).
If the requirement is when applying the policy:
AFAIK this feature is currently unsupported / not possible via Azure policies. However, to accomplish requirement of tagging user ID and email address for very recently created resource groups, you may leverage related create events from the activity logs and then just have an automated way something like a function app to fetch those events and add required tags (with information like user ID, email address, etc.) to respective resource groups on the fly.
