Skip to content

azurermManagementGroupTemplateDeployment

Manages a Template Deployment at a Management Group Scope.

\~> Note: Deleting a Deployment at the Management Group Scope will not delete any resources created by the deployment.

\~> Note: Deployments to a Management Group are always Incrementally applied. Existing resources that are not part of the template will not be removed.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const dataAzurermManagementGroupExample =
  new azurerm.dataAzurermManagementGroup.DataAzurermManagementGroup(
    this,
    "example",
    {
      name: "00000000-0000-0000-0000-000000000000",
    }
  );
const azurermManagementGroupTemplateDeploymentExample =
  new azurerm.managementGroupTemplateDeployment.ManagementGroupTemplateDeployment(
    this,
    "example_1",
    {
      location: "West Europe",
      management_group_id: dataAzurermManagementGroupExample.id,
      name: "example",
      parameters_content:
        '{\n  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",\n  "contentVersion": "1.0.0.0",\n  "parameters": {\n    "policyDefinitionID": {\n      "value": "/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a"\n    }\n  }\n}\n',
      template_content:
        '{\n  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",\n  "contentVersion": "1.0.0.0",\n  "parameters": {\n    "policyAssignmentName": {\n      "type": "string",\n      "defaultValue": "[guid(parameters(\'policyDefinitionID\'), resourceGroup().name)]",\n      "metadata": {\n        "description": "Specifies the name of the policy assignment, can be used defined or an idempotent name as the defaultValue provides."\n      }\n    },\n    "policyDefinitionID": {\n      "type": "string",\n      "metadata": {\n        "description": "Specifies the ID of the policy definition or policy set definition being assigned."\n      }\n    }\n  },\n  "resources": [\n    {\n      "type": "Microsoft.Authorization/policyAssignments",\n      "name": "[parameters(\'policyAssignmentName\')]",\n      "apiVersion": "2019-09-01",\n      "properties": {\n        "scope": "[subscriptionResourceId(\'Microsoft.Resources/resourceGroups\', resourceGroup().name)]",\n        "policyDefinitionId": "[parameters(\'policyDefinitionID\')]"\n      }\n    }\n  ]\n}\n',
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermManagementGroupTemplateDeploymentExample.overrideLogicalId("example");

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const dataAzurermManagementGroupExample =
  new azurerm.dataAzurermManagementGroup.DataAzurermManagementGroup(
    this,
    "example",
    {
      name: "00000000-0000-0000-0000-000000000000",
    }
  );
const azurermManagementGroupTemplateDeploymentExample =
  new azurerm.managementGroupTemplateDeployment.ManagementGroupTemplateDeployment(
    this,
    "example_1",
    {
      location: "West Europe",
      management_group_id: dataAzurermManagementGroupExample.id,
      name: "example",
      parameters_content: '${file("templates/example-deploy-params.json")}',
      template_content: '${file("templates/example-deploy-template.json")}',
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermManagementGroupTemplateDeploymentExample.overrideLogicalId("example");

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const dataAzurermManagementGroupExample =
  new azurerm.dataAzurermManagementGroup.DataAzurermManagementGroup(
    this,
    "example",
    {
      name: "00000000-0000-0000-0000-000000000000",
    }
  );
const dataAzurermTemplateSpecVersionExample =
  new azurerm.dataAzurermTemplateSpecVersion.DataAzurermTemplateSpecVersion(
    this,
    "example_1",
    {
      name: "exampleTemplateForManagementGroup",
      resource_group_name: "exampleResourceGroup",
      version: "v1.0.9",
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAzurermTemplateSpecVersionExample.overrideLogicalId("example");
const azurermManagementGroupTemplateDeploymentExample =
  new azurerm.managementGroupTemplateDeployment.ManagementGroupTemplateDeployment(
    this,
    "example_2",
    {
      location: "West Europe",
      management_group_id: dataAzurermManagementGroupExample.id,
      name: "example",
      template_spec_version_id: dataAzurermTemplateSpecVersionExample.id,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermManagementGroupTemplateDeploymentExample.overrideLogicalId("example");

Arguments Reference

The following arguments are supported:

  • location - (Required) The Azure Region where the Template should exist. Changing this forces a new Template to be created.

  • managementGroupId - (Required) The ID of the Management Group to apply the Deployment Template to. Changing this forces a new resource to be created.

  • name - (Required) The name which should be used for this Template Deployment. Changing this forces a new Template Deployment to be created.

  • debugLevel - (Optional) The Debug Level which should be used for this Resource Group Template Deployment. Possible values are none, requestContent, responseContent and requestContent,ResponseContent.

  • parametersContent - (Optional) The contents of the ARM Template parameters file - containing a JSON list of parameters.

  • templateContent - (Optional) The contents of the ARM Template which should be deployed into this Resource Group. Cannot be specified with templateSpecVersionId.

  • templateSpecVersionId - (Optional) The ID of the Template Spec Version to deploy. Cannot be specified with templateContent.

  • tags - (Optional) A mapping of tags which should be assigned to the Template.

Attributes Reference

In addition to the Arguments listed above - the following Attributes are exported:

  • id - The ID of the Management Group Template Deployment.

  • outputContent - The JSON Content of the Outputs of the ARM Template Deployment.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 3 hours) Used when creating the Management Group Template Deployment.
  • read - (Defaults to 5 minutes) Used when retrieving the Management Group Template Deployment.
  • update - (Defaults to 3 hours) Used when updating the Management Group Template Deployment.
  • delete - (Defaults to 3 hours) Used when deleting the Management Group Template Deployment.

Import

Management Group Template Deployments can be imported using the resourceId, e.g.

terraform import azurerm_management_group_template_deployment.example /providers/Microsoft.Management/managementGroups/my-management-group-id/providers/Microsoft.Resources/deployments/deploy1