Azure Policy Remediation
This page shows how to write Terraform and Azure Resource Manager for Policy Remediation and write them securely.
azurerm_policy_remediation (Terraform)
The Remediation in Policy can be configured in Terraform with the resource name azurerm_policy_remediation
. The following sections describe 4 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "azurerm_policy_remediation" "this" {
location_filters = var.location_filters
name = var.name
policy_assignment_id = var.policy_assignment_id
policy_definition_reference_id = var.policy_definition_reference_id
scope = var.scope
resource "azurerm_policy_remediation" "remediatetagassignmentpolicy" {
name = "addtagsviapolicyremediation"
scope = "/subscriptions/49d3ec60-54b5-41c0-b240-c0cc7980a4f4"
policy_assignment_id = azurerm_policy_assignment.assigntagonsubscription.id
resource_discovery_mode = "ReEvaluateCompliance"
depends_on = [azurerm_role_assignment.roleManagedidentitytagassignment]
resource "azurerm_policy_remediation" "remediatetagassignmentpolicy" {
name = "addtagsviapolicyremediation"
scope = "/subscriptions/49d3ec60-54b5-41c0-b240-c0cc7980a4f4"
policy_assignment_id = azurerm_policy_assignment.assigntagonsubscription.id
resource_discovery_mode = "ReEvaluateCompliance"
depends_on = [azurerm_role_assignment.roleManagedidentitytagassignment]
resource "azurerm_policy_remediation" "remediatetagassignmentpolicy" {
name = "addtagsviapolicyremediation"
scope = "/subscriptions/49d3ec60-54b5-41c0-b240-c0cc7980a4f4"
policy_assignment_id = azurerm_policy_assignment.assigntagonsubscription.id
resource_discovery_mode = "ReEvaluateCompliance"
depends_on = [azurerm_role_assignment.roleManagedidentitytagassignment]
Parameters
-
id
optional computed - string -
location_filters
optional - list of string -
name
required - string -
policy_assignment_id
required - string -
policy_definition_reference_id
optional - string -
resource_discovery_mode
optional - string -
scope
required - string -
timeouts
single block
Explanation in Terraform Registry
Manages an Azure Policy Remediation at the specified Scope.
Microsoft.PolicyInsights/remediations (Azure Resource Manager)
The remediations in Microsoft.PolicyInsights can be configured in Azure Resource Manager with the resource name Microsoft.PolicyInsights/remediations
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
apiVersion
required - stringname
required - stringThe name of the remediation.
properties
requiredfailureThreshold
optionalpercentage
optional - numberA number between 0.0 to 1.0 representing the percentage failure threshold. The remediation will fail if the percentage of failed remediation operations (i.e. failed deployments) exceeds this threshold.
filters
optionallocations
optional - arrayThe resource locations that will be remediated.
parallelDeployments
optional - integerDetermines how many resources to remediate at any given time. Can be used to increase or reduce the pace of the remediation. If not provided, the default parallel deployments value is used.
policyAssignmentId
optional - stringThe resource ID of the policy assignment that should be remediated.
policyDefinitionReferenceId
optional - stringThe policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition.
resourceCount
optional - integerDetermines the max number of resources that can be remediated by the remediation job. If not provided, the default resource count is used.
resourceDiscoveryMode
optional - stringThe way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified.
type
required - string
Frequently asked questions
What is Azure Policy Remediation?
Azure Policy Remediation is a resource for Policy of Microsoft Azure. Settings can be wrote in Terraform.
Where can I find the example code for the Azure Policy Remediation?
For Terraform, the niveklabs/azurerm, RekhuGopal/PythonHacks and seeewhy/PythonHacks source code examples are useful. See the Terraform Example section for further details.