{"id":20463194,"url":"https://github.com/devwithkrishna/azure-create-policy-exceptions","last_synced_at":"2026-04-18T07:36:19.089Z","repository":{"id":251671276,"uuid":"837909671","full_name":"devwithkrishna/azure-create-policy-exceptions","owner":"devwithkrishna","description":"An automation to programmatically create policy exceptions in Azure Cloud","archived":false,"fork":false,"pushed_at":"2025-05-10T14:17:20.000Z","size":306,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-05-10T15:27:04.559Z","etag":null,"topics":["azure","azure-polic","dependabot","github","poetry","python","resource-graph-query"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/devwithkrishna.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-08-04T12:07:56.000Z","updated_at":"2025-05-10T14:17:17.000Z","dependencies_parsed_at":null,"dependency_job_id":"f44240c7-a219-4de6-806e-641bee9bae30","html_url":"https://github.com/devwithkrishna/azure-create-policy-exceptions","commit_stats":null,"previous_names":["devwithkrishna/azure-create-policy-exceptions"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/devwithkrishna/azure-create-policy-exceptions","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devwithkrishna%2Fazure-create-policy-exceptions","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devwithkrishna%2Fazure-create-policy-exceptions/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devwithkrishna%2Fazure-create-policy-exceptions/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devwithkrishna%2Fazure-create-policy-exceptions/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/devwithkrishna","download_url":"https://codeload.github.com/devwithkrishna/azure-create-policy-exceptions/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devwithkrishna%2Fazure-create-policy-exceptions/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31961347,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-18T00:39:45.007Z","status":"online","status_checked_at":"2026-04-18T02:00:07.018Z","response_time":103,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["azure","azure-polic","dependabot","github","poetry","python","resource-graph-query"],"created_at":"2024-11-15T13:09:49.684Z","updated_at":"2026-04-18T07:36:19.059Z","avatar_url":"https://github.com/devwithkrishna.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# azure-create-policy-exceptions\nAn automation to programmatically create policy exceptions in Azure Cloud\n\n# Why Automation for Policy Exemptions is Essential\n\nIn modern cloud environments, policies play a crucial role in maintaining security, compliance,\nand governance. However, there are instances where exceptions to these policies are necessary due to specific circumstances \nor operational needs. Automating the process of creating and managing policy exemptions offers several key benefits:\n\n* Efficiency\n* Consistency\n* Scalability\n* Auditability\n* Reduced Administrative Overhead\n\n# Overview of Policy Exemption Automation\n\nPolicy exemption automation simplifies the process of managing exceptions to cloud policies. \n\n\u003e[!NOTE]\n\u003e Policy Exemptions are applied at Subscription level scope\n\nHere’s a brief overview of how it works:\n\n## Triggering Automation:\n\nAutomation can be triggered manually (e.g., via a request form) or automatically (e.g., based on specific conditions or events).\n\n## Input Collection:\n\nGather necessary details such as policy name, exemption reason, scope (e.g., subscription or resource group), and expiration date.\n\n## Validation:\n\nValidate inputs to ensure they meet the criteria and constraints. checks of the entered policy assignmentexists on the scope provided.\n\n## Create/Update Exemption:\n\nUse Azure python SDKs to create or update the policy exemption based on the provided details.\n\n# Inputs\n\n| Input               | Description | Required |\n|---------------------|-------------|----------|\n| policy_name | Policy Name to be given Exception to | :heavy_check_mark: |\n| subscription_name | From which subscription we need to provide exemption. the scope | :heavy_check_mark: |\n| expires_after | Policy exemption should be automatically revoked after how long | :heavy_check_mark: |\n| unit | How long . Possible values are `hour` , `day`, `month` | :heavy_check_mark: |\n\n* The Expiration of Policy Exemption depends on 2 factors . expires_after value and the unit.\n\n* Lets say the value of expires_after is `3` and unit is `day` - the expiration will be after `3 days` of executing the job \n\n* If value of expires_after is `2` and unit is `hour` - the expiration will be after `2 hours` of executing the job \n\n* If value of expires_after is `4` and unit is `month` - the expiration will be after `4 months` of executing the job \n\n# Streamlit UI\n\n* Using streamlit to Create pythin application \n\n![policy-exemption-example.jpeg](policy-exemption-example.jpeg)\n\n* Provide valid Subscription Name  \n\n* This returns the Subscription Id corresponding to the Subscription name\n\n* If entered Subscription Name is not found, None value is returned for Subscription Id \n\n* Once a valid subscription Id is returned using it, it will show us all assigned policies at the subscription level\n\n* Select the policy from dropdown which needs exemption\n\n* Provide a expires after value like 1 or 2 or 10 or 4.5 etc and unit value like day or month or hour.\n\n* Click on Apply Exemption to apply exemption.\n\n# Run code locally\n\n* Clone the repository and change direcctory into this\n\n* Install all dependancies using `poetry install`\n\n* Execute `poetry run streamlit run .\\streamlit_app.py`\n\n\n# Azure Python SDKs used\nuse azure-identity for auth\n\n* The Azure Identity library provides Microsoft Entra ID (formerly Azure Active Directory) token authentication support across the Azure SDK \n[azure-identity for auth](https://learn.microsoft.com/en-us/python/api/overview/azure/identity-readme?view=azure-python)\n\n* We need the below Env variables present for the code to execute without any exceptions\n[environmentcredential](https://learn.microsoft.com/en-us/python/api/azure-identity/azure.identity.environmentcredential?view=azure-python)\n\n```markdown\nService principal with secret:\n\nAZURE_TENANT_ID: ID of the service principal's tenant. Also called its 'directory' ID.\n\nAZURE_CLIENT_ID: the service principal's client ID\n\nAZURE_CLIENT_SECRET: one of the service principal's client secrets\n```\n\n* This is the Microsoft Azure Resource Management Client Library [azure-mgmt-resource-policy](https://learn.microsoft.com/en-us/python/api/azure-mgmt-resource/azure.mgmt.resource.policy.v2022_06_01.operations.policyassignmentsoperations?view=azure-python#azure-mgmt-resource-policy-v2022-06-01-operations-policyassignmentsoperations-list)\n\n* This is Microsoft python SDK for executing resource graph query [azure.mgmt.resourcegraph](https://learn.microsoft.com/en-us/python/api/azure-mgmt-resourcegraph/azure.mgmt.resourcegraph.resourcegraphclient?view=azure-python)\n\n* This package is used to throw detailed exceptions of exceptions [azure.core.exceptions](https://learn.microsoft.com/en-us/python/api/azure-core/azure.core.exceptions?view=azure-python)\n\n\u003e[!TIP]\n\u003e The policy exemption name length must not exceed '64' characters. I am using the same as policy name for exception.\n\u003e You can choose to change it as you see fit \n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdevwithkrishna%2Fazure-create-policy-exceptions","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdevwithkrishna%2Fazure-create-policy-exceptions","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdevwithkrishna%2Fazure-create-policy-exceptions/lists"}