azurermResourcePolicyExemption
Manages a Resource Policy Exemption.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "westus",
name: "group1",
}
);
const azurermVirtualNetworkExample = new azurerm.virtualNetwork.VirtualNetwork(
this,
"example_1",
{
address_space: ["10.0.0.0/16"],
location: azurermResourceGroupExample.location,
name: "network1",
resource_group_name: azurermResourceGroupExample.name,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualNetworkExample.overrideLogicalId("example");
const dataAzurermPolicySetDefinitionExample =
new azurerm.dataAzurermPolicySetDefinition.DataAzurermPolicySetDefinition(
this,
"example_2",
{
display_name: "Audit machines with insecure password security settings",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAzurermPolicySetDefinitionExample.overrideLogicalId("example");
const azurermResourcePolicyAssignmentExample =
new azurerm.resourcePolicyAssignment.ResourcePolicyAssignment(
this,
"example_3",
{
identity: [
{
type: "SystemAssigned",
},
],
location: azurermResourceGroupExample.location,
name: "assignment1",
policy_definition_id: dataAzurermPolicySetDefinitionExample.id,
resource_id: azurermVirtualNetworkExample.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermResourcePolicyAssignmentExample.overrideLogicalId("example");
const azurermResourcePolicyExemptionExample =
new azurerm.resourcePolicyExemption.ResourcePolicyExemption(
this,
"example_4",
{
exemption_category: "Mitigated",
name: "exemption1",
policy_assignment_id: azurermResourcePolicyAssignmentExample.id,
resource_id: azurermResourcePolicyAssignmentExample.resourceId,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermResourcePolicyExemptionExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
-
name
- (Required) The name of the Policy Exemption. Changing this forces a new resource to be created. -
resourceId
- (Required) The Resource ID where the Policy Exemption should be applied. Changing this forces a new resource to be created. -
exemptionCategory
- (Required) The category of this policy exemption. Possible values arewaiver
andmitigated
. -
policyAssignmentId
- (Required) The ID of the Policy Assignment to be exempted at the specified Scope. Changing this forces a new resource to be created. -
description
- (Optional) A description to use for this Policy Exemption. -
displayName
- (Optional) A friendly display name to use for this Policy Exemption. -
expiresOn
- (Optional) The expiration date and time in UTC ISO 8601 format of this policy exemption. -
policyDefinitionReferenceIds
- (Optional) The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. -
metadata
- (Optional) The metadata for this policy exemption. This is a JSON string representing additional metadata that should be stored with the policy exemption.
Attributes Reference
The following attributes are exported:
id
- The Policy Exemption id.
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 30 minutes) Used when creating the Policy Exemption.update
- (Defaults to 30 minutes) Used when updating the Policy Exemption.read
- (Defaults to 5 minutes) Used when retrieving the Policy Exemption.delete
- (Defaults to 30 minutes) Used when deleting the Policy Exemption.
Import
Policy Exemptions can be imported using the resourceId
, e.g.