Skip to content

Latest commit

 

History

History
55 lines (37 loc) · 3.23 KB

README.md

File metadata and controls

55 lines (37 loc) · 3.23 KB
Raw

Introduction

Policy Assignment module can deploy these resources:

  • azurerm_management_group_policy_assignment (optional)
  • azurerm_subscription_policy_assignment (optional)

NOTE: At least one of these needs to be specified in module configuration

Example variables structure is located in variables.md.

Example use case is located in test-case/locals.tf.

You can also see changelog.

Terraform documentation:

https://registry.terraform.io/providers/hashicorp/azurerm/4.1.0/docs/resources/management_group_policy_assignment

https://registry.terraform.io/providers/hashicorp/azurerm/4.1.0/docs/resources/subscription_policy_assignment

 

WARNING: AzureRM provider had been updated to a new major version. Many breaking changes were implemented. See the providers guide for more information.

Terraform Import

There are a few things you need to do to import resources into .tfstate. In the example below there are resources which can be imported within the module. You may need to modify these commands to the OS on which they will be running (Refer to the documentation for additional details).

Management Group Policy Assignment

  • terraform import '<path-to-module>.azurerm_management_group_policy_assignment.management_group_policy_assignment["<management-group-policy-assignment-name>"]' '/providers/Microsoft.Management/managementGroups/<management-group-name>/providers/Microsoft.Authorization/policyAssignments/<management-group-policy-assignment-name>'

Subscription Policy Assignment

  • terraform import '<path-to-module>.azurerm_subscription_policy_assignment.subscription_policy_assignment["<subscription-policy-assignment-name>"]' '/subscriptions/<subscription-id>/providers/Microsoft.Authorization/policyAssignments/<subscription-policy-assignment-name>'

NOTE: <path-to-module> is terraform logical path from root. e.g. module.policy_assignment

 

Outputs

Structure

Output Name Value Comment
outputs name
id
principal_id principal_id (object_id) of system assigned identity

 

Module Features

subscription_id and management_group_id

This module can be deployed at either the subscription or management group level. The module will automatically determine which level it is being deployed at and use the appropriate id. See test-case/locals.tf for an example of how to deploy at different levels.

parameters variable

Parameters are passed into policy assignment through a json file. See test-case/locals.tf and test-case/parameters for an example of how to use this variable.

 

Known Issues

We currently log no issues in this module.