Skip to content

BrendanThompson/terraform-azurerm-policy-initiative

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Azure Policy Initiative Module

Requirements

No requirements.

Providers

Name Version
azurerm n/a
random n/a

Resources

Name Type
azurerm_management_group_policy_assignment.this resource
azurerm_management_group_policy_exemption.this resource
azurerm_policy_definition.this resource
azurerm_policy_set_definition.this resource
azurerm_resource_group_policy_assignment.this resource
azurerm_resource_group_policy_exemption.this resource
azurerm_subscription_policy_assignment.this resource
azurerm_subscription_policy_exemption.this resource
random_uuid.assignment resource
random_uuid.exemptions resource
random_uuid.policy resource
azurerm_policy_definition.this data source

Inputs

Name Description Type Default Required
assignment (Required) assignment details for the policy.
Properties:
assignments (Required) - list of assignments
id (Required) - resource ID
name (Required) - friendly name/reference for the assignment
scope (Optional) - resource scope for assignment [Default: rg]
object({
assignments = list(object({
id = string
name = string
}))
scope = optional(string, "rg")
})
n/a yes
environment (Required) environment that the initiatives should be applied to. string n/a yes
exemptions (Optional) List of exemption objects
Properties:
id (Required) - the resource ID for the exemption
risk_id (Required) - internal risk reference ID
scope (Required) - the scope for the exemption (sub, mg, rg)
category (Required) - exemption category
assignment_reference (Required) - assignment friendly name/reference
list(object({
id = string
risk_id = string
scope = string
category = string
assignment_reference = string
}))
[] no
initiative_definition (Required) path to the initiative definition file string n/a yes

Example(s)

provider "azurerm" {
  features {}
}

data "azurerm_resource_group" "this" {
  name = "rg-policy"
}

module "global_core" {
  source = "../.."

  assignment = {
    assignments = [{
      id   = data.azurerm_resource_group.this.id
      name = "DefaultRG"
    }]
    scope = "rg"
  }

  exemptions = [{
    assignment_reference = "DefaultRG"
    category             = "Mitigated"
    id                   = data.azurerm_resource_group.this.id
    risk_id              = "R-001"
    scope                = "rg"
  }]

  environment           = "dev"
  initiative_definition = format("%s/initiatives/core.yaml", path.module)
}

About

terraform-azurerm-policy-initiative

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages