Azure Policy Set Definition

This page shows how to write Terraform and Azure Resource Manager for Policy Set Definition and write them securely.

azurerm_policy_set_definition (Terraform)

The Set Definition in Policy can be configured in Terraform with the resource name azurerm_policy_set_definition. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

03-policy_set_definition.tf#L6
resource "azurerm_policy_set_definition" "tag_governance" {

  name         = "tag_governance"
  policy_type  = "Custom"
  display_name = "Tag Governance"
  description  = "Contains common Tag Governance policies"
module.tf#L2
resource "azurerm_policy_set_definition" "policy_set" {
  name         = var.name
  policy_type  = var.policy_type
  display_name = var.display_name

  parameters = <<PARAMETERS
main.tf#L7
resource "azurerm_policy_set_definition" "this" {
  description         = var.description
  display_name        = var.display_name
  management_group_id = var.management_group_id
  metadata            = var.metadata
  name                = var.name
main.tf#L7
resource "azurerm_policy_set_definition" "this" {
  description         = var.description
  display_name        = var.display_name
  management_group_id = var.management_group_id
  metadata            = var.metadata
  name                = var.name
policies.tf#L5
resource "azurerm_policy_set_definition" "companyPolicy" {
  name                  = "companyPolicy"
  policy_type           = "Custom"
  display_name          = "Example company policy"
  management_group_name = data.azurerm_client_config.current.tenant_id

policy.tf#L32
resource "azurerm_policy_set_definition" "policy_set" {
  name         = join("", [var.name_space, "_PolicySet"])
  display_name = join("", [var.name_space, ": Policy Set"])
  policy_type  = "Custom"

  lifecycle {
policy.tf#L1
resource "azurerm_policy_set_definition" "pbmm" {
  name         = "testPolicySet"
  policy_type  = "Custom"
  display_name = "PBMM Policy Set"

  policy_definitions = <<POLICY_DEFINITIONS
main.tf#L25
resource "azurerm_policy_set_definition" "vm-polciy-set-def" {

  name                  = "VM Policy Set"
  policy_type           = "Custom"
  display_name          = "VM Policy Set"
  management_group_name = var.stored_management_group_id
initiative-tagging-standards.tf#L10
resource "azurerm_policy_set_definition" "tagging_standards" {
    name                  = "api_tagging_standards"
    policy_type           = "Custom"
    display_name          = "Tagging Standards"
    management_group_name = data.azurerm_management_group.tenant_root.name
    description           = "Tagging Standards to be applied to the Azure environment."
main.tf#L3
resource "azurerm_policy_set_definition" "policy_set" {
  name                        = var.policy_set.name
  policy_type                 = "Custom"
  display_name                = var.policy_set.display_name
  description                 = var.policy_set.description
  management_group_name       = var.policy_set.management_group

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

Explanation in Terraform Registry

Manages a policy set definition. -> NOTE: Policy set definitions (also known as policy initiatives) do not take effect until they are assigned to a scope using a Policy Set Assignment.

Microsoft.Authorization/policySetDefinitions (Azure Resource Manager)

The policySetDefinitions in Microsoft.Authorization can be configured in Azure Resource Manager with the resource name Microsoft.Authorization/policySetDefinitions. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

azure.com_resources-policySetDefinitions_2017-06-01-preview.json#L148
                      "type": "Microsoft.Authorization/policySetDefinitions"
                    },
                    {
                      "id": "/providers/Microsoft.Authorization/policySetDefinitions/skuManagement",
                      "name": "skuManagement",
                      "properties": {
azure.com_resources-policySetDefinitions_2018-05-01.json#L170
                      "type": "Microsoft.Authorization/policySetDefinitions"
                    }
                  ]
                },
                "headers": {}
              }
policysetdefinitions.json#L3
  "type": "Microsoft.Authorization/policySetDefinitions",
  "apiVersion": "2019-01-01",
  "properties": {
    "policyType": "string",
    "displayName": "string",
    "description": "string",
Initiative.json#L3
    "type": "Microsoft.Authorization/policySetDefinitions",
    "properties": {
        "displayName": "Data Lake Storage Gen2",
        "policyType": "Custom",
        "description": "Audits settings on the Storage account created by the Data Lake Storage product.",
        "parameters": {},
List()Async.json#L178
        "type": "Microsoft.Authorization/policySetDefinitions",
        "name": "polSetDef-8730"
      }
    },
    {
      "RequestUri": "https://management.azure.com/subscriptions/f3d94233-a9aa-4241-ac82-2dfb63ce637a/providers/Microsoft.Authorization/policySetDefinitions?api-version=2020-09-01\u0026$filter=policyType eq \u0027Custom\u0027",
listBuiltInPolicySetDefinitions.json#L12
            "type": "Microsoft.Authorization/policySetDefinitions",
            "name": "costManagement",
            "properties": {
              "displayName": "VM and Storage Cost Management",
              "description": "Policies required to minimize the risk of accidental cost overruns",
              "metadata": {
listBuiltInPolicySetDefinitions.json#L12
            "type": "Microsoft.Authorization/policySetDefinitions",
            "name": "costManagement",
            "properties": {
              "displayName": "VM and Storage Cost Management",
              "description": "Policies required to minimize the risk of accidental cost overruns",
              "metadata": {
List().json#L178
        "type": "Microsoft.Authorization/policySetDefinitions",
        "name": "polSetDef-1632"
      }
    },
    {
      "RequestUri": "https://management.azure.com/subscriptions/f3d94233-a9aa-4241-ac82-2dfb63ce637a/providers/Microsoft.Authorization/policySetDefinitions?api-version=2020-09-01\u0026$filter=policyType eq \u0027Custom\u0027",
listPolicySetDefinitionsByManagementGroup.json#L14
            "type": "Microsoft.Authorization/policySetDefinitions",
            "name": "costManagement",
            "properties": {
              "displayName": "VM and Storage Cost Management",
              "description": "Policies required to minimize the risk of accidental cost overruns",
              "metadata": {
listPolicySetDefinitions.json#L13
            "type": "Microsoft.Authorization/policySetDefinitions",
            "name": "costManagement",
            "properties": {
              "displayName": "VM and Storage Cost Management",
              "description": "Policies required to minimize the risk of accidental cost overruns",
              "metadata": {

Frequently asked questions

What is Azure Policy Set Definition?

Azure Policy Set Definition is a resource for Policy of Microsoft Azure. Settings can be wrote in Terraform.

Where can I find the example code for the Azure Policy Set Definition?

For Terraform, the krishrocks1904/terraform-gets-started, BrettOJ/azuread_adfs_jwt_token and kevinhead/azurerm source code examples are useful. See the Terraform Example section for further details.

For Azure Resource Manager, the Pudding124/RestfulServiceDetect, Pudding124/SwaggerStructure and da-edra/scraping-azure source code examples are useful. See the Azure Resource Manager Example section for further details.