Policy
The policy assignment. Uses Azure REST API version 2025-01-01. In version 2.x of the Azure Native provider, it used API version 2022-06-01. Other available API versions: 2020-09-01, 2021-06-01, 2022-06-01, 2023-04-01, 2024-04-01, 2024-05-01, 2025-03-01. These can be accessed by generating a local SDK package using the CLI command pulumi package add azure-native authorization [ApiVersion]. See the ../../../version-guide/#accessing-any-api-version-via-local-packages for details.
Example Usage
Create or update a policy assignment
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var policyAssignment = new AzureNative.Authorization.PolicyAssignment("policyAssignment", new()
{
Description = "Force resource names to begin with given DeptA and end with -LC",
DisplayName = "Enforce resource naming rules",
Metadata = new Dictionary<string, object?>
{
["assignedBy"] = "Special Someone",
},
NonComplianceMessages = new[]
{
new AzureNative.Authorization.Inputs.NonComplianceMessageArgs
{
Message = "Resource names must start with 'DeptA' and end with '-LC'.",
},
},
Parameters =
{
{ "prefix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
{
Value = "DeptA",
} },
{ "suffix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
{
Value = "-LC",
} },
},
PolicyAssignmentName = "EnforceNaming",
PolicyDefinitionId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
});
});Content copied to clipboard
package main
import (
authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := authorization.NewPolicyAssignment(ctx, "policyAssignment", &authorization.PolicyAssignmentArgs{
Description: pulumi.String("Force resource names to begin with given DeptA and end with -LC"),
DisplayName: pulumi.String("Enforce resource naming rules"),
Metadata: pulumi.Any(map[string]interface{}{
"assignedBy": "Special Someone",
}),
NonComplianceMessages: authorization.NonComplianceMessageArray{
&authorization.NonComplianceMessageArgs{
Message: pulumi.String("Resource names must start with 'DeptA' and end with '-LC'."),
},
},
Parameters: authorization.ParameterValuesValueMap{
"prefix": &authorization.ParameterValuesValueArgs{
Value: pulumi.Any("DeptA"),
},
"suffix": &authorization.ParameterValuesValueArgs{
Value: pulumi.Any("-LC"),
},
},
PolicyAssignmentName: pulumi.String("EnforceNaming"),
PolicyDefinitionId: pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
Scope: pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyAssignment;
import com.pulumi.azurenative.authorization.PolicyAssignmentArgs;
import com.pulumi.azurenative.authorization.inputs.NonComplianceMessageArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policyAssignment = new PolicyAssignment("policyAssignment", PolicyAssignmentArgs.builder()
.description("Force resource names to begin with given DeptA and end with -LC")
.displayName("Enforce resource naming rules")
.metadata(Map.of("assignedBy", "Special Someone"))
.nonComplianceMessages(NonComplianceMessageArgs.builder()
.message("Resource names must start with 'DeptA' and end with '-LC'.")
.build())
.parameters(Map.ofEntries(
Map.entry("prefix", ParameterValuesValueArgs.builder()
.value("DeptA")
.build()),
Map.entry("suffix", ParameterValuesValueArgs.builder()
.value("-LC")
.build())
))
.policyAssignmentName("EnforceNaming")
.policyDefinitionId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming")
.scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
.build());
}
}Content copied to clipboard
Create or update a policy assignment to enforce policy effect only on enrolled resources during resource creation or update.
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var policyAssignment = new AzureNative.Authorization.PolicyAssignment("policyAssignment", new()
{
Description = "Force resource names to begin with given DeptA and end with -LC",
DisplayName = "Enforce resource naming rules",
EnforcementMode = AzureNative.Authorization.EnforcementMode.Enroll,
Metadata = new Dictionary<string, object?>
{
["assignedBy"] = "Special Someone",
},
Parameters =
{
{ "prefix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
{
Value = "DeptA",
} },
{ "suffix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
{
Value = "-LC",
} },
},
PolicyAssignmentName = "EnforceNamingEnroll",
PolicyDefinitionId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
});
});Content copied to clipboard
package main
import (
authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := authorization.NewPolicyAssignment(ctx, "policyAssignment", &authorization.PolicyAssignmentArgs{
Description: pulumi.String("Force resource names to begin with given DeptA and end with -LC"),
DisplayName: pulumi.String("Enforce resource naming rules"),
EnforcementMode: pulumi.String(authorization.EnforcementModeEnroll),
Metadata: pulumi.Any(map[string]interface{}{
"assignedBy": "Special Someone",
}),
Parameters: authorization.ParameterValuesValueMap{
"prefix": &authorization.ParameterValuesValueArgs{
Value: pulumi.Any("DeptA"),
},
"suffix": &authorization.ParameterValuesValueArgs{
Value: pulumi.Any("-LC"),
},
},
PolicyAssignmentName: pulumi.String("EnforceNamingEnroll"),
PolicyDefinitionId: pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
Scope: pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyAssignment;
import com.pulumi.azurenative.authorization.PolicyAssignmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policyAssignment = new PolicyAssignment("policyAssignment", PolicyAssignmentArgs.builder()
.description("Force resource names to begin with given DeptA and end with -LC")
.displayName("Enforce resource naming rules")
.enforcementMode("Enroll")
.metadata(Map.of("assignedBy", "Special Someone"))
.parameters(Map.ofEntries(
Map.entry("prefix", ParameterValuesValueArgs.builder()
.value("DeptA")
.build()),
Map.entry("suffix", ParameterValuesValueArgs.builder()
.value("-LC")
.build())
))
.policyAssignmentName("EnforceNamingEnroll")
.policyDefinitionId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming")
.scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
.build());
}
}Content copied to clipboard
Create or update a policy assignment with a system assigned identity
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var policyAssignment = new AzureNative.Authorization.PolicyAssignment("policyAssignment", new()
{
Description = "Force resource names to begin with given DeptA and end with -LC",
DisplayName = "Enforce resource naming rules",
EnforcementMode = AzureNative.Authorization.EnforcementMode.Default,
Identity = new AzureNative.Authorization.Inputs.IdentityArgs
{
Type = AzureNative.Authorization.ResourceIdentityType.SystemAssigned,
},
Location = "eastus",
Metadata = new Dictionary<string, object?>
{
["assignedBy"] = "Foo Bar",
},
Parameters =
{
{ "prefix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
{
Value = "DeptA",
} },
{ "suffix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
{
Value = "-LC",
} },
},
PolicyAssignmentName = "EnforceNaming",
PolicyDefinitionId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
});
});Content copied to clipboard
package main
import (
authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := authorization.NewPolicyAssignment(ctx, "policyAssignment", &authorization.PolicyAssignmentArgs{
Description: pulumi.String("Force resource names to begin with given DeptA and end with -LC"),
DisplayName: pulumi.String("Enforce resource naming rules"),
EnforcementMode: pulumi.String(authorization.EnforcementModeDefault),
Identity: &authorization.IdentityArgs{
Type: authorization.ResourceIdentityTypeSystemAssigned,
},
Location: pulumi.String("eastus"),
Metadata: pulumi.Any(map[string]interface{}{
"assignedBy": "Foo Bar",
}),
Parameters: authorization.ParameterValuesValueMap{
"prefix": &authorization.ParameterValuesValueArgs{
Value: pulumi.Any("DeptA"),
},
"suffix": &authorization.ParameterValuesValueArgs{
Value: pulumi.Any("-LC"),
},
},
PolicyAssignmentName: pulumi.String("EnforceNaming"),
PolicyDefinitionId: pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
Scope: pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyAssignment;
import com.pulumi.azurenative.authorization.PolicyAssignmentArgs;
import com.pulumi.azurenative.authorization.inputs.IdentityArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policyAssignment = new PolicyAssignment("policyAssignment", PolicyAssignmentArgs.builder()
.description("Force resource names to begin with given DeptA and end with -LC")
.displayName("Enforce resource naming rules")
.enforcementMode("Default")
.identity(IdentityArgs.builder()
.type("SystemAssigned")
.build())
.location("eastus")
.metadata(Map.of("assignedBy", "Foo Bar"))
.parameters(Map.ofEntries(
Map.entry("prefix", ParameterValuesValueArgs.builder()
.value("DeptA")
.build()),
Map.entry("suffix", ParameterValuesValueArgs.builder()
.value("-LC")
.build())
))
.policyAssignmentName("EnforceNaming")
.policyDefinitionId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming")
.scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
.build());
}
}Content copied to clipboard
Create or update a policy assignment with multiple non-compliance messages
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var policyAssignment = new AzureNative.Authorization.PolicyAssignment("policyAssignment", new()
{
DisplayName = "Enforce security policies",
NonComplianceMessages = new[]
{
new AzureNative.Authorization.Inputs.NonComplianceMessageArgs
{
Message = "Resources must comply with all internal security policies. See <internal site URL> for more info.",
},
new AzureNative.Authorization.Inputs.NonComplianceMessageArgs
{
Message = "Resource names must start with 'DeptA' and end with '-LC'.",
PolicyDefinitionReferenceId = "10420126870854049575",
},
new AzureNative.Authorization.Inputs.NonComplianceMessageArgs
{
Message = "Storage accounts must have firewall rules configured.",
PolicyDefinitionReferenceId = "8572513655450389710",
},
},
PolicyAssignmentName = "securityInitAssignment",
PolicyDefinitionId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative",
Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
});
});Content copied to clipboard
package main
import (
authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := authorization.NewPolicyAssignment(ctx, "policyAssignment", &authorization.PolicyAssignmentArgs{
DisplayName: pulumi.String("Enforce security policies"),
NonComplianceMessages: authorization.NonComplianceMessageArray{
&authorization.NonComplianceMessageArgs{
Message: pulumi.String("Resources must comply with all internal security policies. See <internal site URL> for more info."),
},
&authorization.NonComplianceMessageArgs{
Message: pulumi.String("Resource names must start with 'DeptA' and end with '-LC'."),
PolicyDefinitionReferenceId: pulumi.String("10420126870854049575"),
},
&authorization.NonComplianceMessageArgs{
Message: pulumi.String("Storage accounts must have firewall rules configured."),
PolicyDefinitionReferenceId: pulumi.String("8572513655450389710"),
},
},
PolicyAssignmentName: pulumi.String("securityInitAssignment"),
PolicyDefinitionId: pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative"),
Scope: pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyAssignment;
import com.pulumi.azurenative.authorization.PolicyAssignmentArgs;
import com.pulumi.azurenative.authorization.inputs.NonComplianceMessageArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policyAssignment = new PolicyAssignment("policyAssignment", PolicyAssignmentArgs.builder()
.displayName("Enforce security policies")
.nonComplianceMessages(
NonComplianceMessageArgs.builder()
.message("Resources must comply with all internal security policies. See <internal site URL> for more info.")
.build(),
NonComplianceMessageArgs.builder()
.message("Resource names must start with 'DeptA' and end with '-LC'.")
.policyDefinitionReferenceId("10420126870854049575")
.build(),
NonComplianceMessageArgs.builder()
.message("Storage accounts must have firewall rules configured.")
.policyDefinitionReferenceId("8572513655450389710")
.build())
.policyAssignmentName("securityInitAssignment")
.policyDefinitionId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative")
.scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
.build());
}
}Content copied to clipboard
Create or update a policy assignment with overrides
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var policyAssignment = new AzureNative.Authorization.PolicyAssignment("policyAssignment", new()
{
DefinitionVersion = "1.*.*",
Description = "Limit the resource location and resource SKU",
DisplayName = "Limit the resource location and resource SKU",
Metadata = new Dictionary<string, object?>
{
["assignedBy"] = "Special Someone",
},
Overrides = new[]
{
new AzureNative.Authorization.Inputs.OverrideArgs
{
Kind = AzureNative.Authorization.OverrideKind.PolicyEffect,
Selectors = new[]
{
new AzureNative.Authorization.Inputs.SelectorArgs
{
In = new[]
{
"Limit_Skus",
"Limit_Locations",
},
Kind = AzureNative.Authorization.SelectorKind.PolicyDefinitionReferenceId,
},
},
Value = "Audit",
},
new AzureNative.Authorization.Inputs.OverrideArgs
{
Kind = AzureNative.Authorization.OverrideKind.DefinitionVersion,
Selectors = new[]
{
new AzureNative.Authorization.Inputs.SelectorArgs
{
In = new[]
{
"eastUSEuap",
"centralUSEuap",
},
Kind = AzureNative.Authorization.SelectorKind.ResourceLocation,
},
},
Value = "2.*.*",
},
},
PolicyAssignmentName = "CostManagement",
PolicyDefinitionId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
});
});Content copied to clipboard
package main
import (
authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := authorization.NewPolicyAssignment(ctx, "policyAssignment", &authorization.PolicyAssignmentArgs{
DefinitionVersion: pulumi.String("1.*.*"),
Description: pulumi.String("Limit the resource location and resource SKU"),
DisplayName: pulumi.String("Limit the resource location and resource SKU"),
Metadata: pulumi.Any(map[string]interface{}{
"assignedBy": "Special Someone",
}),
Overrides: authorization.OverrideArray{
&authorization.OverrideArgs{
Kind: pulumi.String(authorization.OverrideKindPolicyEffect),
Selectors: authorization.SelectorArray{
&authorization.SelectorArgs{
In: pulumi.StringArray{
pulumi.String("Limit_Skus"),
pulumi.String("Limit_Locations"),
},
Kind: pulumi.String(authorization.SelectorKindPolicyDefinitionReferenceId),
},
},
Value: pulumi.String("Audit"),
},
&authorization.OverrideArgs{
Kind: pulumi.String(authorization.OverrideKindDefinitionVersion),
Selectors: authorization.SelectorArray{
&authorization.SelectorArgs{
In: pulumi.StringArray{
pulumi.String("eastUSEuap"),
pulumi.String("centralUSEuap"),
},
Kind: pulumi.String(authorization.SelectorKindResourceLocation),
},
},
Value: pulumi.String("2.*.*"),
},
},
PolicyAssignmentName: pulumi.String("CostManagement"),
PolicyDefinitionId: pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement"),
Scope: pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyAssignment;
import com.pulumi.azurenative.authorization.PolicyAssignmentArgs;
import com.pulumi.azurenative.authorization.inputs.OverrideArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policyAssignment = new PolicyAssignment("policyAssignment", PolicyAssignmentArgs.builder()
.definitionVersion("1.*.*")
.description("Limit the resource location and resource SKU")
.displayName("Limit the resource location and resource SKU")
.metadata(Map.of("assignedBy", "Special Someone"))
.overrides(
OverrideArgs.builder()
.kind("policyEffect")
.selectors(SelectorArgs.builder()
.in(
"Limit_Skus",
"Limit_Locations")
.kind("policyDefinitionReferenceId")
.build())
.value("Audit")
.build(),
OverrideArgs.builder()
.kind("definitionVersion")
.selectors(SelectorArgs.builder()
.in(
"eastUSEuap",
"centralUSEuap")
.kind("resourceLocation")
.build())
.value("2.*.*")
.build())
.policyAssignmentName("CostManagement")
.policyDefinitionId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement")
.scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
.build());
}
}Content copied to clipboard
Create or update a policy assignment with resource selectors
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var policyAssignment = new AzureNative.Authorization.PolicyAssignment("policyAssignment", new()
{
Description = "Limit the resource location and resource SKU",
DisplayName = "Limit the resource location and resource SKU",
Metadata = new Dictionary<string, object?>
{
["assignedBy"] = "Special Someone",
},
PolicyAssignmentName = "CostManagement",
PolicyDefinitionId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
ResourceSelectors = new[]
{
new AzureNative.Authorization.Inputs.ResourceSelectorArgs
{
Name = "SDPRegions",
Selectors = new[]
{
new AzureNative.Authorization.Inputs.SelectorArgs
{
In = new[]
{
"eastus2euap",
"centraluseuap",
},
Kind = AzureNative.Authorization.SelectorKind.ResourceLocation,
},
},
},
},
Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
});
});Content copied to clipboard
package main
import (
authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := authorization.NewPolicyAssignment(ctx, "policyAssignment", &authorization.PolicyAssignmentArgs{
Description: pulumi.String("Limit the resource location and resource SKU"),
DisplayName: pulumi.String("Limit the resource location and resource SKU"),
Metadata: pulumi.Any(map[string]interface{}{
"assignedBy": "Special Someone",
}),
PolicyAssignmentName: pulumi.String("CostManagement"),
PolicyDefinitionId: pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement"),
ResourceSelectors: authorization.ResourceSelectorArray{
&authorization.ResourceSelectorArgs{
Name: pulumi.String("SDPRegions"),
Selectors: authorization.SelectorArray{
&authorization.SelectorArgs{
In: pulumi.StringArray{
pulumi.String("eastus2euap"),
pulumi.String("centraluseuap"),
},
Kind: pulumi.String(authorization.SelectorKindResourceLocation),
},
},
},
},
Scope: pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyAssignment;
import com.pulumi.azurenative.authorization.PolicyAssignmentArgs;
import com.pulumi.azurenative.authorization.inputs.ResourceSelectorArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policyAssignment = new PolicyAssignment("policyAssignment", PolicyAssignmentArgs.builder()
.description("Limit the resource location and resource SKU")
.displayName("Limit the resource location and resource SKU")
.metadata(Map.of("assignedBy", "Special Someone"))
.policyAssignmentName("CostManagement")
.policyDefinitionId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement")
.resourceSelectors(ResourceSelectorArgs.builder()
.name("SDPRegions")
.selectors(SelectorArgs.builder()
.in(
"eastus2euap",
"centraluseuap")
.kind("resourceLocation")
.build())
.build())
.scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
.build());
}
}Content copied to clipboard
Create or update a policy assignment without enforcing policy effect during resource creation or update.
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var policyAssignment = new AzureNative.Authorization.PolicyAssignment("policyAssignment", new()
{
Description = "Force resource names to begin with given DeptA and end with -LC",
DisplayName = "Enforce resource naming rules",
EnforcementMode = AzureNative.Authorization.EnforcementMode.DoNotEnforce,
Metadata = new Dictionary<string, object?>
{
["assignedBy"] = "Special Someone",
},
Parameters =
{
{ "prefix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
{
Value = "DeptA",
} },
{ "suffix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
{
Value = "-LC",
} },
},
PolicyAssignmentName = "EnforceNaming",
PolicyDefinitionId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
});
});Content copied to clipboard
package main
import (
authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := authorization.NewPolicyAssignment(ctx, "policyAssignment", &authorization.PolicyAssignmentArgs{
Description: pulumi.String("Force resource names to begin with given DeptA and end with -LC"),
DisplayName: pulumi.String("Enforce resource naming rules"),
EnforcementMode: pulumi.String(authorization.EnforcementModeDoNotEnforce),
Metadata: pulumi.Any(map[string]interface{}{
"assignedBy": "Special Someone",
}),
Parameters: authorization.ParameterValuesValueMap{
"prefix": &authorization.ParameterValuesValueArgs{
Value: pulumi.Any("DeptA"),
},
"suffix": &authorization.ParameterValuesValueArgs{
Value: pulumi.Any("-LC"),
},
},
PolicyAssignmentName: pulumi.String("EnforceNaming"),
PolicyDefinitionId: pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
Scope: pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyAssignment;
import com.pulumi.azurenative.authorization.PolicyAssignmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policyAssignment = new PolicyAssignment("policyAssignment", PolicyAssignmentArgs.builder()
.description("Force resource names to begin with given DeptA and end with -LC")
.displayName("Enforce resource naming rules")
.enforcementMode("DoNotEnforce")
.metadata(Map.of("assignedBy", "Special Someone"))
.parameters(Map.ofEntries(
Map.entry("prefix", ParameterValuesValueArgs.builder()
.value("DeptA")
.build()),
Map.entry("suffix", ParameterValuesValueArgs.builder()
.value("-LC")
.build())
))
.policyAssignmentName("EnforceNaming")
.policyDefinitionId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming")
.scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
.build());
}
}Content copied to clipboard
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:authorization:PolicyAssignment EnforceNaming /{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}Content copied to clipboard
Properties
Link copied to clipboard
The type of policy assignment. Possible values are NotSpecified, System, SystemHidden, and Custom. Immutable.
Link copied to clipboard
The Azure API version of the resource.
Link copied to clipboard
The version of the policy definition to use.
Link copied to clipboard
This message will be part of response in case of policy violation.
Link copied to clipboard
The display name of the policy assignment.
Link copied to clipboard
The effective version of the policy definition in use. This is only present if requested via the $expand query parameter.
Link copied to clipboard
The policy assignment enforcement mode. Possible values are Default, DoNotEnforce, and Enroll
Link copied to clipboard
The managed identity associated with the policy assignment.
Link copied to clipboard
The instance ID of the policy assignment. This ID only and always changes when the assignment is deleted and recreated.
Link copied to clipboard
The latest version of the policy definition available. This is only present if requested via the $expand query parameter.
Link copied to clipboard
The messages that describe why a resource is non-compliant with the policy.
Link copied to clipboard
The policy property value override.
Link copied to clipboard
The parameter values for the assigned policy rule. The keys are the parameter names.
Link copied to clipboard
The ID of the policy definition or policy set definition being assigned.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
The resource selector list to filter policies by resource properties.
Link copied to clipboard
The system metadata relating to this resource.