Time Complexity: Azure Policy for governance
O(n)
0
0
Azure Policy for governance - Time & Space Complexity
Understanding Time Complexity
We want to understand how the time to apply Azure Policy changes as we add more resources.
How does the number of resources affect the policy evaluation time?
Scenario Under Consideration
Analyze the time complexity of assigning a policy to a subscription and evaluating it.
# Assign a policy definition to a subscription
az policy assignment create \
--name "enforce-tag" \
--policy "require-tag" \
--scope "/subscriptions/00000000-0000-0000-0000-000000000000"
# Azure evaluates the policy against all resources in the subscription
# and marks non-compliant resources
This sequence assigns a policy and triggers evaluation on all subscription resources.
Identify Repeating Operations
Look at what happens repeatedly when the policy runs.
- Primary operation: Policy evaluation on each resource.
- How many times: Once per resource in the subscription.
How Execution Grows With Input
As the number of resources grows, the policy evaluation runs on each one.
| Input Size (n) | Approx. API Calls/Operations |
|---|---|
| 10 | 10 evaluations |
| 100 | 100 evaluations |
| 1000 | 1000 evaluations |
Pattern observation: The number of evaluations grows directly with the number of resources.
Final Time Complexity
Time Complexity: O(n)
This means the time to evaluate policies grows in direct proportion to the number of resources.
Common Mistake
[X] Wrong: "Policy evaluation time stays the same no matter how many resources there are."
[OK] Correct: Each resource must be checked, so more resources mean more work and longer evaluation time.
Interview Connect
Understanding how policy evaluation scales helps you design governance that stays efficient as your cloud grows.
Self-Check
"What if we assigned the policy at a resource group level instead of subscription? How would the time complexity change?"