Module policy

This page documents the language specification for the azure package. If you're looking for help working with the inputs, outputs, or functions of azure resources in a Pulumi program, please see the resource documentation for examples and API reference.

Resources

Resource Assignment

class Assignment extends CustomResource

Configures the specified Policy Definition at the specified Scope. Also, Policy Set Definitions are supported.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const exampleDefinition = new azure.policy.Definition("exampleDefinition", {
    policyType: "Custom",
    mode: "All",
    displayName: "my-policy-definition",
    policyRule: `	{
    "if": {
      "not": {
        "field": "location",
        "in": "[parameters('allowedLocations')]"
      }
    },
    "then": {
      "effect": "audit"
    }
  }
`,
    parameters: `	{
    "allowedLocations": {
      "type": "Array",
      "metadata": {
        "description": "The list of allowed locations for resources.",
        "displayName": "Allowed locations",
        "strongType": "location"
      }
    }
  }
`,
});
const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West Europe"});
const exampleAssignment = new azure.policy.Assignment("exampleAssignment", {
    scope: exampleResourceGroup.id,
    policyDefinitionId: exampleDefinition.id,
    description: "Policy Assignment created via an Acceptance Test",
    displayName: "My Example Policy Assignment",
    parameters: `{
  "allowedLocations": {
    "value": [ "West Europe" ]
  }
}
`,
});

constructor

new Assignment(name: string, args: AssignmentArgs, opts?: pulumi.CustomResourceOptions)

Create a Assignment resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AssignmentState, opts?: pulumi.CustomResourceOptions): Assignment

Get an existing Assignment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Assignment

Returns true if the given object is an instance of Assignment. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property description

public description: pulumi.Output<string | undefined>;

A description to use for this Policy Assignment. Changing this forces a new resource to be created.

property displayName

public displayName: pulumi.Output<string | undefined>;

A friendly display name to use for this Policy Assignment. Changing this forces a new resource to be created.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property identity

public identity: pulumi.Output<AssignmentIdentity>;

An identity block.

property location

public location: pulumi.Output<string>;

The Azure location where this policy assignment should exist. This is required when an Identity is assigned. Changing this forces a new resource to be created.

property name

public name: pulumi.Output<string>;

The name of the Policy Assignment. Changing this forces a new resource to be created.

property notScopes

public notScopes: pulumi.Output<string[] | undefined>;

A list of the Policy Assignment’s excluded scopes. The list must contain Resource IDs (such as Subscriptions e.g. /subscriptions/00000000-0000-0000-000000000000 or Resource Groups e.g./subscriptions/00000000-0000-0000-000000000000/resourceGroups/myResourceGroup).

property parameters

public parameters: pulumi.Output<string | undefined>;

Parameters for the policy definition. This field is a JSON object that maps to the Parameters field from the Policy Definition. Changing this forces a new resource to be created.

property policyDefinitionId

public policyDefinitionId: pulumi.Output<string>;

The ID of the Policy Definition to be applied at the specified Scope.

property scope

public scope: pulumi.Output<string>;

The Scope at which the Policy Assignment should be applied, which must be a Resource ID (such as Subscription e.g. /subscriptions/00000000-0000-0000-000000000000 or a Resource Group e.g./subscriptions/00000000-0000-0000-000000000000/resourceGroups/myResourceGroup). Changing this forces a new resource to be created.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Definition

class Definition extends CustomResource

Manages a policy rule definition on a management group or your provider subscription.

Policy definitions do not take effect until they are assigned to a scope using a Policy Assignment.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const policy = new azure.policy.Definition("policy", {
    displayName: "acceptance test policy definition",
    metadata: `    {
    "category": "General"
    }

`,
    mode: "Indexed",
    parameters: `	{
    "allowedLocations": {
      "type": "Array",
      "metadata": {
        "description": "The list of allowed locations for resources.",
        "displayName": "Allowed locations",
        "strongType": "location"
      }
    }
  }
`,
    policyRule: `	{
    "if": {
      "not": {
        "field": "location",
        "in": "[parameters('allowedLocations')]"
      }
    },
    "then": {
      "effect": "audit"
    }
  }
`,
    policyType: "Custom",
});

constructor

new Definition(name: string, args: DefinitionArgs, opts?: pulumi.CustomResourceOptions)

Create a Definition resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DefinitionState, opts?: pulumi.CustomResourceOptions): Definition

Get an existing Definition resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Definition

Returns true if the given object is an instance of Definition. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property description

public description: pulumi.Output<string | undefined>;

The description of the policy definition.

property displayName

public displayName: pulumi.Output<string>;

The display name of the policy definition.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property managementGroupId

DEPRECATED Deprecated in favour of management_group_name

public managementGroupId: pulumi.Output<string>;

property managementGroupName

public managementGroupName: pulumi.Output<string>;

The name of the Management Group where this policy should be defined. Changing this forces a new resource to be created.

property metadata

public metadata: pulumi.Output<string>;

The metadata for the policy definition. This is a json object representing additional metadata that should be stored with the policy definition.

property mode

public mode: pulumi.Output<string>;

The policy mode that allows you to specify which resource types will be evaluated. The value can be “All”, “Indexed” or “NotSpecified”. Changing this resource forces a new resource to be created.

property name

public name: pulumi.Output<string>;

The name of the policy definition. Changing this forces a new resource to be created.

property parameters

public parameters: pulumi.Output<string | undefined>;

Parameters for the policy definition. This field is a json object that allows you to parameterize your policy definition.

property policyRule

public policyRule: pulumi.Output<string | undefined>;

The policy rule for the policy definition. This is a json object representing the rule that contains an if and a then block.

property policyType

public policyType: pulumi.Output<string>;

The policy type. Possible values are BuiltIn, Custom and NotSpecified. Changing this forces a new resource to be created.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource PolicySetDefinition

class PolicySetDefinition extends CustomResource

Manages a policy set definition.

NOTE: Policy set definitions (also known as policy initiatives) do not take effect until they are assigned to a scope using a Policy Set Assignment.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const example = new azure.policy.PolicySetDefinition("example", {
    displayName: "Test Policy Set",
    parameters: `    {
        "allowedLocations": {
            "type": "Array",
            "metadata": {
                "description": "The list of allowed locations for resources.",
                "displayName": "Allowed locations",
                "strongType": "location"
            }
        }
    }
`,
    policyDefinitions: `    [
        {
            "parameters": {
                "listOfAllowedLocations": {
                    "value": "[parameters('allowedLocations')]"
                }
            },
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988"
        }
    ]
`,
    policyType: "Custom",
});

constructor

new PolicySetDefinition(name: string, args: PolicySetDefinitionArgs, opts?: pulumi.CustomResourceOptions)

Create a PolicySetDefinition resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: PolicySetDefinitionState, opts?: pulumi.CustomResourceOptions): PolicySetDefinition

Get an existing PolicySetDefinition resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is PolicySetDefinition

Returns true if the given object is an instance of PolicySetDefinition. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property description

public description: pulumi.Output<string | undefined>;

The description of the policy set definition.

property displayName

public displayName: pulumi.Output<string>;

The display name of the policy set definition.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property managementGroupId

public managementGroupId: pulumi.Output<string | undefined>;

The ID of the Management Group where this policy should be defined. Changing this forces a new resource to be created.

property metadata

public metadata: pulumi.Output<string>;

The metadata for the policy set definition. This is a json object representing additional metadata that should be stored with the policy definition.

property name

public name: pulumi.Output<string>;

The name of the policy set definition. Changing this forces a new resource to be created.

property parameters

public parameters: pulumi.Output<string | undefined>;

Parameters for the policy set definition. This field is a json object that allows you to parameterize your policy definition.

property policyDefinitions

public policyDefinitions: pulumi.Output<string | undefined>;

The policy definitions for the policy set definition. This is a json object representing the bundled policy definitions.

property policyType

public policyType: pulumi.Output<string>;

The policy set type. Possible values are BuiltIn or Custom. Changing this forces a new resource to be created.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Remediation

class Remediation extends CustomResource

Manages an Azure Policy Remediation at the specified Scope.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West Europe"});
const exampleDefinition = new azure.policy.Definition("exampleDefinition", {
    policyType: "Custom",
    mode: "All",
    displayName: "my-policy-definition",
    policyRule: `    {
    "if": {
      "not": {
        "field": "location",
        "in": "[parameters('allowedLocations')]"
      }
    },
    "then": {
      "effect": "audit"
    }
  }
`,
    parameters: `    {
    "allowedLocations": {
      "type": "Array",
      "metadata": {
        "description": "The list of allowed locations for resources.",
        "displayName": "Allowed locations",
        "strongType": "location"
      }
    }
  }
`,
});
const exampleAssignment = new azure.policy.Assignment("exampleAssignment", {
    scope: exampleResourceGroup.id,
    policyDefinitionId: exampleDefinition.id,
    description: "Policy Assignment created via an Acceptance Test",
    displayName: "My Example Policy Assignment",
    parameters: `{
  "allowedLocations": {
    "value": [ "West Europe" ]
  }
}
`,
});
const exampleRemediation = new azure.policy.Remediation("exampleRemediation", {
    scope: exampleAssignment.scope,
    policyAssignmentId: exampleAssignment.id,
    locationFilters: ["West Europe"],
});

constructor

new Remediation(name: string, args: RemediationArgs, opts?: pulumi.CustomResourceOptions)

Create a Remediation resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RemediationState, opts?: pulumi.CustomResourceOptions): Remediation

Get an existing Remediation resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Remediation

Returns true if the given object is an instance of Remediation. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property locationFilters

public locationFilters: pulumi.Output<string[] | undefined>;

A list of the resource locations that will be remediated.

property name

public name: pulumi.Output<string>;

The name of the Policy Remediation. Changing this forces a new resource to be created.

property policyAssignmentId

public policyAssignmentId: pulumi.Output<string>;

The resource ID of the policy assignment that should be remediated.

property policyDefinitionReferenceId

public policyDefinitionReferenceId: pulumi.Output<string | undefined>;

The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition.

property scope

public scope: pulumi.Output<string>;

The Scope at which the Policy Remediation should be applied. Changing this forces a new resource to be created. A scope must be a Resource ID out of one of the following list:

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Functions

Function getPolicyDefintion

getPolicyDefintion(args?: GetPolicyDefintionArgs, opts?: pulumi.InvokeOptions): Promise<GetPolicyDefintionResult>

Use this data source to access information about a Policy Definition, both custom and built in. Retrieves Policy Definitions from your current subscription by default.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const example = azure.policy.getPolicyDefintion({
    displayName: "Allowed resource types",
});
export const id = example.then(example => example.id);

Function getPolicySetDefinition

getPolicySetDefinition(args?: GetPolicySetDefinitionArgs, opts?: pulumi.InvokeOptions): Promise<GetPolicySetDefinitionResult>

Use this data source to access information about an existing Policy Set Definition.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const example = azure.policy.getPolicySetDefinition({
    displayName: "Policy Set Definition Example",
});
export const id = example.then(example => example.id);

Others

interface AssignmentArgs

interface AssignmentArgs

The set of arguments for constructing a Assignment resource.

property description

description?: pulumi.Input<string>;

A description to use for this Policy Assignment. Changing this forces a new resource to be created.

property displayName

displayName?: pulumi.Input<string>;

A friendly display name to use for this Policy Assignment. Changing this forces a new resource to be created.

property identity

identity?: pulumi.Input<AssignmentIdentity>;

An identity block.

property location

location?: pulumi.Input<string>;

The Azure location where this policy assignment should exist. This is required when an Identity is assigned. Changing this forces a new resource to be created.

property name

name?: pulumi.Input<string>;

The name of the Policy Assignment. Changing this forces a new resource to be created.

property notScopes

notScopes?: pulumi.Input<pulumi.Input<string>[]>;

property parameters

parameters?: pulumi.Input<string>;

Parameters for the policy definition. This field is a JSON object that maps to the Parameters field from the Policy Definition. Changing this forces a new resource to be created.

property policyDefinitionId

policyDefinitionId: pulumi.Input<string>;

The ID of the Policy Definition to be applied at the specified Scope.

property scope

scope: pulumi.Input<string>;

interface AssignmentState

interface AssignmentState

Input properties used for looking up and filtering Assignment resources.

property description

description?: pulumi.Input<string>;

A description to use for this Policy Assignment. Changing this forces a new resource to be created.

property displayName

displayName?: pulumi.Input<string>;

A friendly display name to use for this Policy Assignment. Changing this forces a new resource to be created.

property identity

identity?: pulumi.Input<AssignmentIdentity>;

An identity block.

property location

location?: pulumi.Input<string>;

The Azure location where this policy assignment should exist. This is required when an Identity is assigned. Changing this forces a new resource to be created.

property name

name?: pulumi.Input<string>;

The name of the Policy Assignment. Changing this forces a new resource to be created.

property notScopes

notScopes?: pulumi.Input<pulumi.Input<string>[]>;

property parameters

parameters?: pulumi.Input<string>;

Parameters for the policy definition. This field is a JSON object that maps to the Parameters field from the Policy Definition. Changing this forces a new resource to be created.

property policyDefinitionId

policyDefinitionId?: pulumi.Input<string>;

The ID of the Policy Definition to be applied at the specified Scope.

property scope

scope?: pulumi.Input<string>;

interface DefinitionArgs

interface DefinitionArgs

The set of arguments for constructing a Definition resource.

property description

description?: pulumi.Input<string>;

The description of the policy definition.

property displayName

displayName: pulumi.Input<string>;

The display name of the policy definition.

property managementGroupId

DEPRECATED Deprecated in favour of management_group_name

managementGroupId?: pulumi.Input<string>;

property managementGroupName

managementGroupName?: pulumi.Input<string>;

The name of the Management Group where this policy should be defined. Changing this forces a new resource to be created.

property metadata

metadata?: pulumi.Input<string>;

The metadata for the policy definition. This is a json object representing additional metadata that should be stored with the policy definition.

property mode

mode: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

The name of the policy definition. Changing this forces a new resource to be created.

property parameters

parameters?: pulumi.Input<string>;

Parameters for the policy definition. This field is a json object that allows you to parameterize your policy definition.

property policyRule

policyRule?: pulumi.Input<string>;

The policy rule for the policy definition. This is a json object representing the rule that contains an if and a then block.

property policyType

policyType: pulumi.Input<string>;

The policy type. Possible values are BuiltIn, Custom and NotSpecified. Changing this forces a new resource to be created.

interface DefinitionState

interface DefinitionState

Input properties used for looking up and filtering Definition resources.

property description

description?: pulumi.Input<string>;

The description of the policy definition.

property displayName

displayName?: pulumi.Input<string>;

The display name of the policy definition.

property managementGroupId

DEPRECATED Deprecated in favour of management_group_name

managementGroupId?: pulumi.Input<string>;

property managementGroupName

managementGroupName?: pulumi.Input<string>;

The name of the Management Group where this policy should be defined. Changing this forces a new resource to be created.

property metadata

metadata?: pulumi.Input<string>;

The metadata for the policy definition. This is a json object representing additional metadata that should be stored with the policy definition.

property mode

mode?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

The name of the policy definition. Changing this forces a new resource to be created.

property parameters

parameters?: pulumi.Input<string>;

Parameters for the policy definition. This field is a json object that allows you to parameterize your policy definition.

property policyRule

policyRule?: pulumi.Input<string>;

The policy rule for the policy definition. This is a json object representing the rule that contains an if and a then block.

property policyType

policyType?: pulumi.Input<string>;

The policy type. Possible values are BuiltIn, Custom and NotSpecified. Changing this forces a new resource to be created.

interface GetPolicyDefintionArgs

interface GetPolicyDefintionArgs

A collection of arguments for invoking getPolicyDefintion.

property displayName

displayName?: undefined | string;

Specifies the display name of the Policy Definition. Conflicts with name.

property managementGroupId

DEPRECATED Deprecated in favour of management_group_name

managementGroupId?: undefined | string;

property managementGroupName

managementGroupName?: undefined | string;

Only retrieve Policy Definitions from this Management Group.

property name

name?: undefined | string;

Specifies the name of the Policy Definition. Conflicts with displayName.

interface GetPolicyDefintionResult

interface GetPolicyDefintionResult

A collection of values returned by getPolicyDefintion.

property description

description: string;

The Description of the Policy.

property displayName

displayName: string;

property id

id: string;

The provider-assigned unique ID for this managed resource.

property managementGroupId

DEPRECATED Deprecated in favour of management_group_name

managementGroupId?: undefined | string;

property managementGroupName

managementGroupName?: undefined | string;

property metadata

metadata: string;

Any Metadata defined in the Policy.

property name

name: string;

property parameters

parameters: string;

Any Parameters defined in the Policy.

property policyRule

policyRule: string;

The Rule as defined (in JSON) in the Policy.

property policyType

policyType: string;

The Type of the Policy. Possible values are “BuiltIn”, “Custom” and “NotSpecified”.

property type

type: string;

The Type of Policy.

interface GetPolicySetDefinitionArgs

interface GetPolicySetDefinitionArgs

A collection of arguments for invoking getPolicySetDefinition.

property displayName

displayName?: undefined | string;

Specifies the display name of the Policy Set Definition. Conflicts with name.

property managementGroupName

managementGroupName?: undefined | string;

Only retrieve Policy Set Definitions from this Management Group.

property name

name?: undefined | string;

Specifies the name of the Policy Set Definition. Conflicts with displayName.

interface GetPolicySetDefinitionResult

interface GetPolicySetDefinitionResult

A collection of values returned by getPolicySetDefinition.

property description

description: string;

The Description of the Policy Set Definition.

property displayName

displayName: string;

property id

id: string;

The provider-assigned unique ID for this managed resource.

property managementGroupName

managementGroupName?: undefined | string;

property metadata

metadata: string;

Any Metadata defined in the Policy Set Definition.

property name

name: string;

property parameters

parameters: string;

Any Parameters defined in the Policy Set Definition.

property policyDefinitions

policyDefinitions: string;

The policy definitions contained within the policy set definition.

property policyType

policyType: string;

The Type of the Policy Set Definition.

interface PolicySetDefinitionArgs

interface PolicySetDefinitionArgs

The set of arguments for constructing a PolicySetDefinition resource.

property description

description?: pulumi.Input<string>;

The description of the policy set definition.

property displayName

displayName: pulumi.Input<string>;

The display name of the policy set definition.

property managementGroupId

managementGroupId?: pulumi.Input<string>;

The ID of the Management Group where this policy should be defined. Changing this forces a new resource to be created.

property metadata

metadata?: pulumi.Input<string>;

The metadata for the policy set definition. This is a json object representing additional metadata that should be stored with the policy definition.

property name

name?: pulumi.Input<string>;

The name of the policy set definition. Changing this forces a new resource to be created.

property parameters

parameters?: pulumi.Input<string>;

Parameters for the policy set definition. This field is a json object that allows you to parameterize your policy definition.

property policyDefinitions

policyDefinitions?: pulumi.Input<string>;

The policy definitions for the policy set definition. This is a json object representing the bundled policy definitions.

property policyType

policyType: pulumi.Input<string>;

The policy set type. Possible values are BuiltIn or Custom. Changing this forces a new resource to be created.

interface PolicySetDefinitionState

interface PolicySetDefinitionState

Input properties used for looking up and filtering PolicySetDefinition resources.

property description

description?: pulumi.Input<string>;

The description of the policy set definition.

property displayName

displayName?: pulumi.Input<string>;

The display name of the policy set definition.

property managementGroupId

managementGroupId?: pulumi.Input<string>;

The ID of the Management Group where this policy should be defined. Changing this forces a new resource to be created.

property metadata

metadata?: pulumi.Input<string>;

The metadata for the policy set definition. This is a json object representing additional metadata that should be stored with the policy definition.

property name

name?: pulumi.Input<string>;

The name of the policy set definition. Changing this forces a new resource to be created.

property parameters

parameters?: pulumi.Input<string>;

Parameters for the policy set definition. This field is a json object that allows you to parameterize your policy definition.

property policyDefinitions

policyDefinitions?: pulumi.Input<string>;

The policy definitions for the policy set definition. This is a json object representing the bundled policy definitions.

property policyType

policyType?: pulumi.Input<string>;

The policy set type. Possible values are BuiltIn or Custom. Changing this forces a new resource to be created.

interface RemediationArgs

interface RemediationArgs

The set of arguments for constructing a Remediation resource.

property locationFilters

locationFilters?: pulumi.Input<pulumi.Input<string>[]>;

A list of the resource locations that will be remediated.

property name

name?: pulumi.Input<string>;

The name of the Policy Remediation. Changing this forces a new resource to be created.

property policyAssignmentId

policyAssignmentId: pulumi.Input<string>;

The resource ID of the policy assignment that should be remediated.

property policyDefinitionReferenceId

policyDefinitionReferenceId?: pulumi.Input<string>;

The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition.

property scope

scope: pulumi.Input<string>;

The Scope at which the Policy Remediation should be applied. Changing this forces a new resource to be created. A scope must be a Resource ID out of one of the following list:

interface RemediationState

interface RemediationState

Input properties used for looking up and filtering Remediation resources.

property locationFilters

locationFilters?: pulumi.Input<pulumi.Input<string>[]>;

A list of the resource locations that will be remediated.

property name

name?: pulumi.Input<string>;

The name of the Policy Remediation. Changing this forces a new resource to be created.

property policyAssignmentId

policyAssignmentId?: pulumi.Input<string>;

The resource ID of the policy assignment that should be remediated.

property policyDefinitionReferenceId

policyDefinitionReferenceId?: pulumi.Input<string>;

The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition.

property scope

scope?: pulumi.Input<string>;

The Scope at which the Policy Remediation should be applied. Changing this forces a new resource to be created. A scope must be a Resource ID out of one of the following list:

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud

Module policy

Resources

Functions

Others

Resources

Example Usage

Example Usage

Example Usage

Example Usage

Functions

Example Usage

Example Usage

Others