Namespace Pulumi.Azure.Policy

Classes

Assignment

Configures the specified Policy Definition at the specified Scope. Also, Policy Set Definitions are supported.

Example Usage

using Pulumi;
using Azure = Pulumi.Azure;

class MyStack : Stack
{
public MyStack()
{
    var exampleDefinition = new Azure.Policy.Definition("exampleDefinition", new Azure.Policy.DefinitionArgs
    {
        PolicyType = "Custom",
        Mode = "All",
        DisplayName = "my-policy-definition",
        PolicyRule = @"	{
""if"": {
  ""not"": {
    ""field"": ""location"",
    ""in"": ""[parameters('allowedLocations')]""
  }
},
""then"": {
  ""effect"": ""audit""
}
}
",
        Parameters = @"	{
""allowedLocations"": {
  ""type"": ""Array"",
  ""metadata"": {
    ""description"": ""The list of allowed locations for resources."",
    ""displayName"": ""Allowed locations"",
    ""strongType"": ""location""
  }
}
}
",
    });
    var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new Azure.Core.ResourceGroupArgs
    {
        Location = "West Europe",
    });
    var exampleAssignment = new Azure.Policy.Assignment("exampleAssignment", new Azure.Policy.AssignmentArgs
    {
        Scope = exampleResourceGroup.Id,
        PolicyDefinitionId = exampleDefinition.Id,
        Description = "Policy Assignment created via an Acceptance Test",
        DisplayName = "My Example Policy Assignment",
        Parameters = @"{
""allowedLocations"": {
""value"": [ ""West Europe"" ]
}
}
",
    });
}

}

AssignmentArgs

AssignmentState

Definition

Manages a policy rule definition on a management group or your provider subscription.

Policy definitions do not take effect until they are assigned to a scope using a Policy Assignment.

Example Usage

using Pulumi;
using Azure = Pulumi.Azure;

class MyStack : Stack
{
public MyStack()
{
    var policy = new Azure.Policy.Definition("policy", new Azure.Policy.DefinitionArgs
    {
        DisplayName = "acceptance test policy definition",
        Metadata = @"    {
""category"": ""General""
}


",
        Mode = "Indexed",
        Parameters = @"	{
""allowedLocations"": {
  ""type"": ""Array"",
  ""metadata"": {
    ""description"": ""The list of allowed locations for resources."",
    ""displayName"": ""Allowed locations"",
    ""strongType"": ""location""
  }
}
}

",
        PolicyRule = @"	{
""if"": {
  ""not"": {
    ""field"": ""location"",
    ""in"": ""[parameters('allowedLocations')]""
  }
},
""then"": {
  ""effect"": ""audit""
}
}

",
        PolicyType = "Custom",
    });
}

}

DefinitionArgs

DefinitionState

GetPolicyDefintion

GetPolicyDefintionArgs

GetPolicyDefintionResult

GetPolicySetDefinition

GetPolicySetDefinitionArgs

GetPolicySetDefinitionResult

PolicySetDefinition

Manages a policy set definition.

NOTE: Policy set definitions (also known as policy initiatives) do not take effect until they are assigned to a scope using a Policy Set Assignment.

Example Usage

using Pulumi;
using Azure = Pulumi.Azure;

class MyStack : Stack
{
public MyStack()
{
    var example = new Azure.Policy.PolicySetDefinition("example", new Azure.Policy.PolicySetDefinitionArgs
    {
        DisplayName = "Test Policy Set",
        Parameters = @"    {
    ""allowedLocations"": {
        ""type"": ""Array"",
        ""metadata"": {
            ""description"": ""The list of allowed locations for resources."",
            ""displayName"": ""Allowed locations"",
            ""strongType"": ""location""
        }
    }
}

",
        PolicyDefinitions = @"    [
    {
        ""parameters"": {
            ""listOfAllowedLocations"": {
                ""value"": ""[parameters('allowedLocations')]""
            }
        },
        ""policyDefinitionId"": ""/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988""
    }
]

",
        PolicyType = "Custom",
    });
}

}

PolicySetDefinitionArgs

PolicySetDefinitionState

Remediation

Manages an Azure Policy Remediation at the specified Scope.

Example Usage

using Pulumi;
using Azure = Pulumi.Azure;

class MyStack : Stack
{
public MyStack()
{
    var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new Azure.Core.ResourceGroupArgs
    {
        Location = "West Europe",
    });
    var exampleDefinition = new Azure.Policy.Definition("exampleDefinition", new Azure.Policy.DefinitionArgs
    {
        PolicyType = "Custom",
        Mode = "All",
        DisplayName = "my-policy-definition",
        PolicyRule = @"    {
""if"": {
  ""not"": {
    ""field"": ""location"",
    ""in"": ""[parameters('allowedLocations')]""
  }
},
""then"": {
  ""effect"": ""audit""
}
}
",
        Parameters = @"    {
""allowedLocations"": {
  ""type"": ""Array"",
  ""metadata"": {
    ""description"": ""The list of allowed locations for resources."",
    ""displayName"": ""Allowed locations"",
    ""strongType"": ""location""
  }
}
}
",
    });
    var exampleAssignment = new Azure.Policy.Assignment("exampleAssignment", new Azure.Policy.AssignmentArgs
    {
        Scope = exampleResourceGroup.Id,
        PolicyDefinitionId = exampleDefinition.Id,
        Description = "Policy Assignment created via an Acceptance Test",
        DisplayName = "My Example Policy Assignment",
        Parameters = @"{
""allowedLocations"": {
""value"": [ ""West Europe"" ]
}
}
",
    });
    var exampleRemediation = new Azure.Policy.Remediation("exampleRemediation", new Azure.Policy.RemediationArgs
    {
        Scope = exampleAssignment.Scope,
        PolicyAssignmentId = exampleAssignment.Id,
        LocationFilters = 
        {
            "West Europe",
        },
    });
}

}

RemediationArgs

RemediationState