Skip to content

azurermResourcePolicyExemption

Manages a Resource Policy Exemption.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "westus",
    name: "group1",
  }
);
const azurermVirtualNetworkExample = new azurerm.virtualNetwork.VirtualNetwork(
  this,
  "example_1",
  {
    address_space: ["10.0.0.0/16"],
    location: azurermResourceGroupExample.location,
    name: "network1",
    resource_group_name: azurermResourceGroupExample.name,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualNetworkExample.overrideLogicalId("example");
const dataAzurermPolicySetDefinitionExample =
  new azurerm.dataAzurermPolicySetDefinition.DataAzurermPolicySetDefinition(
    this,
    "example_2",
    {
      display_name: "Audit machines with insecure password security settings",
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAzurermPolicySetDefinitionExample.overrideLogicalId("example");
const azurermResourcePolicyAssignmentExample =
  new azurerm.resourcePolicyAssignment.ResourcePolicyAssignment(
    this,
    "example_3",
    {
      identity: [
        {
          type: "SystemAssigned",
        },
      ],
      location: azurermResourceGroupExample.location,
      name: "assignment1",
      policy_definition_id: dataAzurermPolicySetDefinitionExample.id,
      resource_id: azurermVirtualNetworkExample.id,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermResourcePolicyAssignmentExample.overrideLogicalId("example");
const azurermResourcePolicyExemptionExample =
  new azurerm.resourcePolicyExemption.ResourcePolicyExemption(
    this,
    "example_4",
    {
      exemption_category: "Mitigated",
      name: "exemption1",
      policy_assignment_id: azurermResourcePolicyAssignmentExample.id,
      resource_id: azurermResourcePolicyAssignmentExample.resourceId,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermResourcePolicyExemptionExample.overrideLogicalId("example");

Argument Reference

The following arguments are supported:

  • name - (Required) The name of the Policy Exemption. Changing this forces a new resource to be created.

  • resourceId - (Required) The Resource ID where the Policy Exemption should be applied. Changing this forces a new resource to be created.

  • exemptionCategory - (Required) The category of this policy exemption. Possible values are waiver and mitigated.

  • policyAssignmentId - (Required) The ID of the Policy Assignment to be exempted at the specified Scope. Changing this forces a new resource to be created.

  • description - (Optional) A description to use for this Policy Exemption.

  • displayName - (Optional) A friendly display name to use for this Policy Exemption.

  • expiresOn - (Optional) The expiration date and time in UTC ISO 8601 format of this policy exemption.

  • policyDefinitionReferenceIds - (Optional) The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.

  • metadata - (Optional) The metadata for this policy exemption. This is a JSON string representing additional metadata that should be stored with the policy exemption.

Attributes Reference

The following attributes are exported:

  • id - The Policy Exemption id.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 30 minutes) Used when creating the Policy Exemption.
  • update - (Defaults to 30 minutes) Used when updating the Policy Exemption.
  • read - (Defaults to 5 minutes) Used when retrieving the Policy Exemption.
  • delete - (Defaults to 30 minutes) Used when deleting the Policy Exemption.

Import

Policy Exemptions can be imported using the resourceId, e.g.

terraform import azurerm_resource_policy_exemption.exemption1  /subscriptions/00000000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.Authorization/policyExemptions/exemption1