azurerm_management_group_policy_exemption

Manages a Management Group Policy Exemption.

Example Usage

resource "azurerm_management_group" "example" {
  display_name = "Example MgmtGroup"
}

data "azurerm_policy_set_definition" "example" {
  display_name = "Audit machines with insecure password security settings"
}

resource "azurerm_management_group_policy_assignment" "example" {
  name                 = "assignment1"
  management_group_id  = azurerm_management_group.example.id
  policy_definition_id = data.azurerm_policy_set_definition.example.id
  location             = "westus"

  identity {
    type = "SystemAssigned"
  }
}

resource "azurerm_management_group_policy_exemption" "example" {
  name                 = "exemption1"
  management_group_id  = azurerm_management_group.example.id
  policy_assignment_id = azurerm_management_group_policy_assignment.example.id
  exemption_category   = "Mitigated"
}

Argument Reference

The following arguments are supported:

Attributes Reference

In addition to the Arguments listed above - the following Attributes are exported:

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

Import

Policy Exemptions can be imported using the resource id, e.g.

terraform import azurerm_management_group_policy_exemption.exemption1  /providers/Microsoft.Management/managementGroups/group1/providers/Microsoft.Authorization/policyExemptions/exemption1