This project contains all PagoPA policies and assignments to governance Azure workloads.
src/01_custom_roles
contains custom roles created with least privileges principlesrc/02_policy_*
contains custom policies grouped by type definitionsrc/03_policy_set
contains custom policy initiatives (alias policy set)src/04_policy_assignments
contains policy initiatives assignments to management groups or subscriptions.
Apply order is made by folders number.
./terraform.sh plan|apply|destroy
# change subscription
az account set -s MY-SUBSCRIPTION
# trigger scan on current subscription
az policy state trigger-scan --no-wait
# trigger scan on resource group in current subscription
az policy state trigger-scan -g my-rg --no-wait
We have both developers who work with your Terraform configuration on their Linux, macOS or Windows workstations and automated systems that apply the configuration while running on Linux. https://www.terraform.io/docs/cli/commands/providers/lock.html#specifying-target-platforms
So we need to specify this in terraform lock providers:
terraform init
rm .terraform.lock.hcl
terraform providers lock \
-platform=windows_amd64 \
-platform=darwin_amd64 \
-platform=darwin_arm64 \
-platform=linux_amd64