Skip to content

Latest commit

 

History

History
93 lines (73 loc) · 4 KB

README.md

File metadata and controls

93 lines (73 loc) · 4 KB
Raw

Introduction

Policy Set Definition module can deploy these resources:

  • azurerm_policy_set_definition (required)

Example variables structure is located in variables.md.

Example use case is located in test-case/locals.tf.

You can also see changelog.

Terraform documentation:

https://registry.terraform.io/providers/hashicorp/azurerm/4.1.0/docs/resources/policy_set_definition

 

WARNING: AzureRM provider had been updated to a new major version. Many breaking changes were implemented. See the providers guide for more information.

Terraform Import

There are a few things you need to do to import resources into .tfstate. In the example below there are resources which can be imported within the module. You may need to modify these commands to the OS on which they will be running (Refer to the documentation for additional details).

Management Group Level Policy Set Definition

  • terraform import '<path-to-module>.azurerm_policy_set_definition.policy_set_definition["<policy-set-definition-name>"]' '/providers/Microsoft.Management/managementGroups/<management-group-id>/providers/Microsoft.Authorization/policySetDefinitions/<policy-set-definition-name>'

Subscription Level Policy Set Definition

  • terraform import '<path-to-module>.azurerm_policy_set_definition.policy_set_definition["<policy-set-definition-name>"]' '/subscriptions/<subscription-id>/providers/Microsoft.Authorization/policySetDefinitions/<policy-set-definition-name>'

NOTE: <path-to-module> is terraform logical path from root. e.g. module.policy_set_definition

 

Outputs

Structure

Output Name Value Comment
outputs name
id

Example usage of outputs

In the example below, outputted id of the deployed Policy Set Definition module is used as a value for the policy_definition_id variable in Policy Assignment resource.

module "policy_set_definition" {
    source = "git@github.com:seyfor-csc/mit.policy-set-definition.git?ref=v1.0.0"
    config = [
        {
            name         = "SEY-TERRAFORM-NE-POLICY01"
            policy_type  = "Custom"
            display_name = "SEY-TERRAFORM-NE-POLICY01"
            parameters   = "${path.module}/parameters/SEY-TERRAFORM-NE-POLICY01.json"

            policy_definition_reference {
                policy_definition_id = "/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988"
                parameter_values     = <<VALUE
                    {
                        "listOfAllowedLocations": {"value": "[parameters('allowedLocations')]"}
                    }
                VALUE
            }
        }
    ]
}

resource "azurerm_policy_assignment" "policy_assignment" {
    display_name         = "AllowedLocations"
    name                 = "AllowedLocations"
    location             = "northeurope"
    management_group_id  = "/providers/Microsoft.Management/managementGroups/666-666-666-666-666" # replace with your own
    policy_definition_id = module.policy_set_definition.outputs.sey-terraform-ne-policy01.id # This is how to use output values
    parameters = <<PARAMETERS
        {
            "allowedLocations": {
                "value": [
                    "global",
                    "northeurope",
                    "centralindia",
                    "westeurope"
                ]
            }
        }
    PARAMETERS
}

 

Module Features

parameters variable

Parameters are passed into policy set definition through a json file. See test-case/locals.tf and test-case/parameters for an example of how to use this variable.

 

Known Issues

We currently log no issues in this module.