Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/claranet/terraform-azurerm-policy

Terraform module for Azure Policy
https://github.com/claranet/terraform-azurerm-policy

azure claranet module terraform

Last synced: about 2 months ago
JSON representation

Terraform module for Azure Policy

Lists

README 

        
# Azure Policy

[![Changelog](https://img.shields.io/badge/changelog-release-green.svg)](CHANGELOG.md) [![Notice](https://img.shields.io/badge/notice-copyright-yellow.svg)](NOTICE) [![Apache V2 License](https://img.shields.io/badge/license-Apache%20V2-orange.svg)](LICENSE) [![TF Registry](https://img.shields.io/badge/terraform-registry-blue.svg)](https://registry.terraform.io/modules/claranet/policy/azurerm/)



This module creates an Azure Policy definition and assigns it to a list of scopes IDs (Azure Susbcriptions or Resource Groups).



## Global versioning rule for Claranet Azure modules



| Module version | Terraform version | AzureRM version |

| -------------- | ----------------- | --------------- |

| >= 7.x.x       | 1.3.x             | >= 3.0          |

| >= 6.x.x       | 1.x               | >= 3.0          |

| >= 5.x.x       | 0.15.x            | >= 2.0          |

| >= 4.x.x       | 0.13.x / 0.14.x   | >= 2.0          |

| >= 3.x.x       | 0.12.x            | >= 2.0          |

| >= 2.x.x       | 0.12.x            | < 2.0           |

| <  2.x.x       | 0.11.x            | < 2.0           |



## Contributing



If you want to contribute to this repository, feel free to use our [pre-commit](https://pre-commit.com/) git hook configuration

which will help you automatically update and format some files for you by enforcing our Terraform code module best-practices.



More details are available in the [CONTRIBUTING.md](./CONTRIBUTING.md#pull-request-process) file.



## Usage



This module is optimized to work with the [Claranet terraform-wrapper](https://github.com/claranet/terraform-wrapper) tool

which set some terraform variables in the environment needed by this module.

More details about variables set by the `terraform-wrapper` available in the [documentation](https://github.com/claranet/terraform-wrapper#environment).



```hcl

module "azure_region" {

  source  = "claranet/regions/azurerm"

  version = "x.x.x"



  azure_region = var.azure_region

}



locals {

  policy_tags_rule = < 1.2, >= 1.2.22 |

| azurerm | ~> 3.0 |



## Modules



No modules.



## Resources



| Name | Type |

|------|------|

| [azurerm_management_group_policy_assignment.assign_policy_mgmt](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/management_group_policy_assignment) | resource |

| [azurerm_policy_definition.main_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/policy_definition) | resource |

| [azurerm_resource_group_policy_assignment.assign_policy_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group_policy_assignment) | resource |

| [azurerm_resource_policy_assignment.assign_policy_res](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_policy_assignment) | resource |

| [azurerm_subscription_policy_assignment.assign_policy_sub](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subscription_policy_assignment) | resource |

| [azurecaf_name.policy](https://registry.terraform.io/providers/aztfmod/azurecaf/latest/docs/data-sources/name) | data source |



## Inputs



| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

| name\_prefix | Optional prefix for the generated name | `string` | `""` | no |

| name\_suffix | Optional suffix for the generated name | `string` | `""` | no |

| policy\_assignments | Map with maps to configure assignments. Map key is the name of the assignment. | 
map(object({
    display_name  = string,
    description   = string,
    scope_id      = string,
    scope_type    = string,
    parameters    = string,
    identity_type = string,
    location      = string,
    enforce       = bool,
  }))
 | n/a | yes |

| policy\_description | The description of the policy definition. | `string` | `""` | no |

| policy\_display\_name | The display name of the policy definition. | `string` | n/a | yes |

| policy\_mgmt\_group\_name | Create the Policy Definition at the Management Group level | `string` | `null` | no |

| policy\_mode | The policy mode that allows you to specify which resource types will be evaluated. The value can be `All`, `Indexed` or `NotSpecified`. | `string` | `"All"` | no |

| policy\_name | The name of the policy definition. Defaults generated from CAF Provider or display name if CAF is disabled. | `string` | `""` | no |

| policy\_parameters\_content | Parameters for the policy definition. This field is a json object that allows you to parameterize your policy definition. | `string` | n/a | yes |

| policy\_rule\_content | The policy rule for the policy definition. This is a json object representing the rule that contains an if and a then block. | `string` | n/a | yes |

| use\_caf\_naming | Use the Azure CAF naming provider to generate default resource name. `policy_name` override this if set. Legacy default name is used if this is set to `false`. | `bool` | `true` | no |



## Outputs



| Name | Description |

|------|-------------|

| policy\_definition\_id | Azure policy ID |



## Related documentation



Microsoft Azure documentation: [docs.microsoft.com/en-us/azure/governance/policy/how-to/programmatically-create](https://docs.microsoft.com/en-us/azure/governance/policy/how-to/programmatically-create)