azurermPolicySetDefinition
Manages a policy set definition.
-> NOTE: Policy set definitions (also known as policy initiatives) do not take effect until they are assigned to a scope using a Policy Set Assignment.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
new azurerm.policySetDefinition.PolicySetDefinition(this, "example", {
display_name: "Test Policy Set",
name: "testPolicySet",
parameters:
' {\n "allowedLocations": {\n "type": "Array",\n "metadata": {\n "description": "The list of allowed locations for resources.",\n "displayName": "Allowed locations",\n "strongType": "location"\n }\n }\n }\n',
policy_definition_reference: [
{
parameter_values:
' {\n "listOfAllowedLocations": {"value": "[parameters(\'allowedLocations\')]"}\n }\n',
policy_definition_id:
"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988",
},
],
policy_type: "Custom",
});
Argument Reference
The following arguments are supported:
-
name
- (Required) The name of the policy set definition. Changing this forces a new resource to be created. -
policyType
- (Required) The policy set type. Possible values arebuiltIn
,custom
,notSpecified
andstatic
. Changing this forces a new resource to be created. -
displayName
- (Required) The display name of the policy set definition. -
policyDefinitionReference
- (Required) One or morepolicyDefinitionReference
blocks as defined below. -
policyDefinitionGroup
- (Optional) One or morepolicyDefinitionGroup
blocks as defined below. -
description
- (Optional) The description of the policy set definition. -
managementGroupId
- (Optional) The id of the Management Group where this policy set definition should be defined. Changing this forces a new resource to be created. -
metadata
- (Optional) The metadata for the policy set definition. This is a JSON object representing additional metadata that should be stored with the policy definition. -
parameters
- (Optional) Parameters for the policy set definition. This field is a JSON object that allows you to parameterize your policy definition.
A policyDefinitionReference
block supports the following:
-
policyDefinitionId
- (Required) The ID of the policy definition that will be included in this policy set definition. -
parameterValues
- (Optional) Parameter values for the referenced policy rule. This field is a JSON string that allows you to assign parameters to this policy rule. -
referenceId
- (Optional) A unique ID within this policy set definition for this policy definition reference. -
policyGroupNames
- (Optional) A list of names of the policy definition groups that this policy definition reference belongs to.
An policyDefinitionGroup
block supports the following:
-
name
- (Required) The name of this policy definition group. -
displayName
- (Optional) The display name of this policy definition group. -
category
- (Optional) The category of this policy definition group. -
description
- (Optional) The description of this policy definition group. -
additionalMetadataResourceId
- (Optional) The ID of a resource that contains additional metadata about this policy definition group.
Attributes Reference
The following attributes are exported:
id
- The ID of the Policy Set Definition.
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 30 minutes) Used when creating the Policy Set Definition.update
- (Defaults to 30 minutes) Used when updating the Policy Set Definition.read
- (Defaults to 5 minutes) Used when retrieving the Policy Set Definition.delete
- (Defaults to 30 minutes) Used when deleting the Policy Set Definition.
Import
Policy Set Definitions can be imported using the resourceId
, e.g.
terraform import azurerm_policy_set_definition.example /subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/testPolicySet
or