Skip to content

Data Source: azurermPolicyDefinition

Use this data source to access information about a Policy Definition, both custom and built in. Retrieves Policy Definitions from your current subscription by default.

Example Usage

import * as cdktf from "cdktf";
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const dataAzurermPolicyDefinitionExample =
  new azurerm.dataAzurermPolicyDefinition.DataAzurermPolicyDefinition(
    this,
    "example",
    {
      display_name: "Allowed resource types",
    }
  );
new cdktf.TerraformOutput(this, "id", {
  value: dataAzurermPolicyDefinitionExample.id,
});

Argument Reference

  • name - Specifies the name of the Policy Definition. Conflicts with displayName.

  • displayName - Specifies the display name of the Policy Definition. Conflicts with name.

\~> NOTE Looking up policies by displayName is not recommended by the Azure Policy team as the property is not unique nor immutable. As such errors may occur when there are multiple policy definitions with same display name or the display name is changed. To avoid these types of errors you may wish to use the name property instead.

  • managementGroupName - (Optional) Only retrieve Policy Definitions from this Management Group.

Attributes Reference

  • id - The ID of the Policy Definition.

  • type - The Type of Policy.

  • description - The Description of the Policy.

  • policyType - The Type of the Policy. Possible values are builtIn, custom and notSpecified.

  • policyRule - The Rule as defined (in JSON) in the Policy.

  • roleDefinitionIds - A list of role definition id extracted from policyRule required for remediation.

  • parameters - Any Parameters defined in the Policy.

  • metadata - Any Metadata defined in the Policy.

  • mode - The Mode of the Policy.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • read - (Defaults to 5 minutes) Used when retrieving the Policy Definition.