azurerm_resource_policy_assignment

Manages a Policy Assignment to a Resource.

Example Usage

data "azurerm_virtual_network" "example" {
  name                = "production"
  resource_group_name = "networking"
}

resource "azurerm_policy_definition" "example" {
  name         = "only-deploy-in-westeurope"
  policy_type  = "Custom"
  mode         = "All"
  display_name = "my-policy-definition"

  policy_rule = <<POLICY_RULE
 {
    "if": {
      "not": {
        "field": "location",
        "equals": "westeurope"
      }
    },
    "then": {
      "effect": "Deny"
    }
  }
POLICY_RULE
}

resource "azurerm_resource_policy_assignment" "example" {
  name                 = "example-policy-assignment"
  resource_id          = data.azurerm_virtual_network.example.id
  policy_definition_id = azurerm_policy_definition.example.id
}

Arguments Reference

The following arguments are supported:



A identity block supports the following:


A non_compliance_message block supports the following:


A overrides block supports the following:


A override_selector block supports the following:


A resource_selectors block supports the following:


A resource_selector block supports the following:

Attributes Reference

In addition to the Arguments listed above - the following Attributes are exported:


The identity block exports the following:

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

Import

Resource Policy Assignments can be imported using the resource id, e.g.

terraform import azurerm_resource_policy_assignment.example "{resource}/providers/Microsoft.Authorization/policyAssignments/assignment1"

where {resource} is a Resource ID in the form /subscriptions/00000000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Network/virtualNetworks/network1.