azurerm_resource_group_policy_exemption

Manages a Resource Group Policy Exemption.

Example Usage

resource "azurerm_resource_group" "example" {
  name     = "resourceGroup1"
  location = "westus"
}

data "azurerm_policy_definition" "example" {
  display_name = "Allowed locations"
}

resource "azurerm_resource_group_policy_assignment" "example" {
  name                 = "exampleAssignment"
  resource_group_id    = azurerm_resource_group.example.id
  policy_definition_id = data.azurerm_policy_definition.example.id
  parameters = jsonencode({
    "listOfAllowedLocations" = {
      "value" = [azurerm_resource_group.example.location]
    }
  })
}

resource "azurerm_resource_group_policy_exemption" "example" {
  name                 = "exampleExemption"
  resource_group_id    = azurerm_resource_group.example.id
  policy_assignment_id = azurerm_resource_group_policy_assignment.example.id
  exemption_category   = "Mitigated"
}

Argument Reference

The following arguments are supported:

Attributes Reference

In addition to the Arguments listed above - the following Attributes are exported:

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

Import

Policy Exemptions can be imported using the resource id, e.g.

terraform import azurerm_resource_group_policy_exemption.exemption1 /subscriptions/00000000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.Authorization/policyExemptions/exemption1