Skip to content
This repository has been archived by the owner on Jul 26, 2024. It is now read-only.

Commit

Permalink
Merge pull request #33 from nunocenteno/master
Browse files Browse the repository at this point in the history 
Avoid creating unnecessary policy definitions
  • Loading branch information
@arnaudlh
arnaudlh authored Apr 17, 2020
2 parents a78cbe9 + be23e86 commit 50477d0
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 2 deletions.
3 changes: 2 additions & 1 deletion ...andingzone_caf_foundations/blueprint_foundations_governance/policies/custom/create_pip.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@

resource "azurerm_policy_definition" "deny_publicip_spoke" {
count = var.policies_matrix.cant_create_ip_spoke ? 1 : 0
name = "pol-deny-publicip-creation"
policy_type = "Custom"
mode = "Indexed"
Expand All @@ -23,7 +24,7 @@ resource "azurerm_policy_assignment" "deny-publicip-spoke" {
count = var.policies_matrix.cant_create_ip_spoke ? 1 : 0
name = "deny-publicip-spoke"
scope = var.scope
policy_definition_id = azurerm_policy_definition.deny_publicip_spoke.id
policy_definition_id = azurerm_policy_definition.deny_publicip_spoke[0].id
description = "Policy Assignment for deny public IP creatin in spokes"
display_name = "TF Deny public IP in spoke"

Expand Down
3 changes: 2 additions & 1 deletion ...andingzone_caf_foundations/blueprint_foundations_governance/policies/custom/pip_on_nic.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@

resource "azurerm_policy_definition" "deny_publicips_on_nics" {
count = var.policies_matrix.no_public_ip_spoke ? 1 : 0
name = "pol-deny-publicips-on-nics"
policy_type = "Custom"
mode = "Indexed"
Expand Down Expand Up @@ -31,7 +32,7 @@ resource "azurerm_policy_assignment" "publicIP-deny-on-nics" {
count = var.policies_matrix.no_public_ip_spoke ? 1 : 0
name = "deny-publicip-on-nics"
scope = var.scope
policy_definition_id = azurerm_policy_definition.deny_publicips_on_nics.id
policy_definition_id = azurerm_policy_definition.deny_publicips_on_nics[0].id
description = "Policy Assignment for deny public IP on NICs"
display_name = "TF Deny public IP assignment on NICs"

Expand Down

0 comments on commit 50477d0

Please sign in to comment.