Azure Policy Set Definition
This page shows how to write Terraform and Azure Resource Manager for Policy Set Definition and write them securely.
azurerm_policy_set_definition (Terraform)
The Set Definition in Policy can be configured in Terraform with the resource name azurerm_policy_set_definition
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "azurerm_policy_set_definition" "tag_governance" {
name = "tag_governance"
policy_type = "Custom"
display_name = "Tag Governance"
description = "Contains common Tag Governance policies"
resource "azurerm_policy_set_definition" "policy_set" {
name = var.name
policy_type = var.policy_type
display_name = var.display_name
parameters = <<PARAMETERS
resource "azurerm_policy_set_definition" "this" {
description = var.description
display_name = var.display_name
management_group_id = var.management_group_id
metadata = var.metadata
name = var.name
resource "azurerm_policy_set_definition" "this" {
description = var.description
display_name = var.display_name
management_group_id = var.management_group_id
metadata = var.metadata
name = var.name
resource "azurerm_policy_set_definition" "companyPolicy" {
name = "companyPolicy"
policy_type = "Custom"
display_name = "Example company policy"
management_group_name = data.azurerm_client_config.current.tenant_id
resource "azurerm_policy_set_definition" "policy_set" {
name = join("", [var.name_space, "_PolicySet"])
display_name = join("", [var.name_space, ": Policy Set"])
policy_type = "Custom"
lifecycle {
resource "azurerm_policy_set_definition" "pbmm" {
name = "testPolicySet"
policy_type = "Custom"
display_name = "PBMM Policy Set"
policy_definitions = <<POLICY_DEFINITIONS
resource "azurerm_policy_set_definition" "vm-polciy-set-def" {
name = "VM Policy Set"
policy_type = "Custom"
display_name = "VM Policy Set"
management_group_name = var.stored_management_group_id
resource "azurerm_policy_set_definition" "tagging_standards" {
name = "api_tagging_standards"
policy_type = "Custom"
display_name = "Tagging Standards"
management_group_name = data.azurerm_management_group.tenant_root.name
description = "Tagging Standards to be applied to the Azure environment."
resource "azurerm_policy_set_definition" "policy_set" {
name = var.policy_set.name
policy_type = "Custom"
display_name = var.policy_set.display_name
description = var.policy_set.description
management_group_name = var.policy_set.management_group
Parameters
-
description
optional - string -
display_name
required - string -
id
optional computed - string -
management_group_id
optional computed - string -
management_group_name
optional computed - string -
metadata
optional computed - string -
name
required - string -
parameters
optional - string -
policy_definitions
optional computed - string -
policy_type
required - string -
policy_definition_group
set block-
additional_metadata_resource_id
optional - string -
category
optional - string -
description
optional - string -
display_name
optional - string -
name
required - string
-
-
policy_definition_reference
list block-
parameter_values
optional computed - string -
parameters
optional computed - map from string to string -
policy_definition_id
required - string -
policy_group_names
optional - set of string -
reference_id
optional computed - string
-
-
timeouts
single block
Explanation in Terraform Registry
Manages a policy set definition. -> NOTE: Policy set definitions (also known as policy initiatives) do not take effect until they are assigned to a scope using a Policy Set Assignment.
Microsoft.Authorization/policySetDefinitions (Azure Resource Manager)
The policySetDefinitions in Microsoft.Authorization can be configured in Azure Resource Manager with the resource name Microsoft.Authorization/policySetDefinitions
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
"type": "Microsoft.Authorization/policySetDefinitions"
},
{
"id": "/providers/Microsoft.Authorization/policySetDefinitions/skuManagement",
"name": "skuManagement",
"properties": {
"type": "Microsoft.Authorization/policySetDefinitions"
}
]
},
"headers": {}
}
"type": "Microsoft.Authorization/policySetDefinitions",
"apiVersion": "2019-01-01",
"properties": {
"policyType": "string",
"displayName": "string",
"description": "string",
"type": "Microsoft.Authorization/policySetDefinitions",
"properties": {
"displayName": "Data Lake Storage Gen2",
"policyType": "Custom",
"description": "Audits settings on the Storage account created by the Data Lake Storage product.",
"parameters": {},
"type": "Microsoft.Authorization/policySetDefinitions",
"name": "polSetDef-8730"
}
},
{
"RequestUri": "https://management.azure.com/subscriptions/f3d94233-a9aa-4241-ac82-2dfb63ce637a/providers/Microsoft.Authorization/policySetDefinitions?api-version=2020-09-01\u0026$filter=policyType eq \u0027Custom\u0027",
"type": "Microsoft.Authorization/policySetDefinitions",
"name": "costManagement",
"properties": {
"displayName": "VM and Storage Cost Management",
"description": "Policies required to minimize the risk of accidental cost overruns",
"metadata": {
"type": "Microsoft.Authorization/policySetDefinitions",
"name": "costManagement",
"properties": {
"displayName": "VM and Storage Cost Management",
"description": "Policies required to minimize the risk of accidental cost overruns",
"metadata": {
"type": "Microsoft.Authorization/policySetDefinitions",
"name": "polSetDef-1632"
}
},
{
"RequestUri": "https://management.azure.com/subscriptions/f3d94233-a9aa-4241-ac82-2dfb63ce637a/providers/Microsoft.Authorization/policySetDefinitions?api-version=2020-09-01\u0026$filter=policyType eq \u0027Custom\u0027",
"type": "Microsoft.Authorization/policySetDefinitions",
"name": "costManagement",
"properties": {
"displayName": "VM and Storage Cost Management",
"description": "Policies required to minimize the risk of accidental cost overruns",
"metadata": {
"type": "Microsoft.Authorization/policySetDefinitions",
"name": "costManagement",
"properties": {
"displayName": "VM and Storage Cost Management",
"description": "Policies required to minimize the risk of accidental cost overruns",
"metadata": {
Frequently asked questions
What is Azure Policy Set Definition?
Azure Policy Set Definition is a resource for Policy of Microsoft Azure. Settings can be wrote in Terraform.
Where can I find the example code for the Azure Policy Set Definition?
For Terraform, the krishrocks1904/terraform-gets-started, BrettOJ/azuread_adfs_jwt_token and kevinhead/azurerm source code examples are useful. See the Terraform Example section for further details.
For Azure Resource Manager, the Pudding124/RestfulServiceDetect, Pudding124/SwaggerStructure and da-edra/scraping-azure source code examples are useful. See the Azure Resource Manager Example section for further details.