Subscription
Manages an Azure Subscription Policy Remediation.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = azure.core.getSubscription({});
const exampleGetPolicyDefintion = azure.policy.getPolicyDefintion({
displayName: "Allowed resource types",
});
const exampleSubscriptionPolicyAssignment = new azure.core.SubscriptionPolicyAssignment("example", {
name: "exampleAssignment",
subscriptionId: example.then(example => example.id),
policyDefinitionId: exampleGetPolicyDefintion.then(exampleGetPolicyDefintion => exampleGetPolicyDefintion.id),
parameters: JSON.stringify({
listOfAllowedLocations: {
value: [
"West Europe",
"East US",
],
},
}),
});
const exampleSubscriptionPolicyRemediation = new azure.core.SubscriptionPolicyRemediation("example", {
name: "example",
subscriptionId: example.then(example => example.id),
policyAssignmentId: exampleSubscriptionPolicyAssignment.id,
});Content copied to clipboard
import pulumi
import json
import pulumi_azure as azure
example = azure.core.get_subscription()
example_get_policy_defintion = azure.policy.get_policy_defintion(display_name="Allowed resource types")
example_subscription_policy_assignment = azure.core.SubscriptionPolicyAssignment("example",
name="exampleAssignment",
subscription_id=example.id,
policy_definition_id=example_get_policy_defintion.id,
parameters=json.dumps({
"listOfAllowedLocations": {
"value": [
"West Europe",
"East US",
],
},
}))
example_subscription_policy_remediation = azure.core.SubscriptionPolicyRemediation("example",
name="example",
subscription_id=example.id,
policy_assignment_id=example_subscription_policy_assignment.id)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = Azure.Core.GetSubscription.Invoke();
var exampleGetPolicyDefintion = Azure.Policy.GetPolicyDefintion.Invoke(new()
{
DisplayName = "Allowed resource types",
});
var exampleSubscriptionPolicyAssignment = new Azure.Core.SubscriptionPolicyAssignment("example", new()
{
Name = "exampleAssignment",
SubscriptionId = example.Apply(getSubscriptionResult => getSubscriptionResult.Id),
PolicyDefinitionId = exampleGetPolicyDefintion.Apply(getPolicyDefintionResult => getPolicyDefintionResult.Id),
Parameters = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["listOfAllowedLocations"] = new Dictionary<string, object?>
{
["value"] = new[]
{
"West Europe",
"East US",
},
},
}),
});
var exampleSubscriptionPolicyRemediation = new Azure.Core.SubscriptionPolicyRemediation("example", new()
{
Name = "example",
SubscriptionId = example.Apply(getSubscriptionResult => getSubscriptionResult.Id),
PolicyAssignmentId = exampleSubscriptionPolicyAssignment.Id,
});
});Content copied to clipboard
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/policy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := core.LookupSubscription(ctx, &core.LookupSubscriptionArgs{}, nil)
if err != nil {
return err
}
exampleGetPolicyDefintion, err := policy.GetPolicyDefintion(ctx, &policy.GetPolicyDefintionArgs{
DisplayName: pulumi.StringRef("Allowed resource types"),
}, nil)
if err != nil {
return err
}
tmpJSON0, err := json.Marshal(map[string]interface{}{
"listOfAllowedLocations": map[string]interface{}{
"value": []string{
"West Europe",
"East US",
},
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
exampleSubscriptionPolicyAssignment, err := core.NewSubscriptionPolicyAssignment(ctx, "example", &core.SubscriptionPolicyAssignmentArgs{
Name: pulumi.String("exampleAssignment"),
SubscriptionId: pulumi.String(example.Id),
PolicyDefinitionId: pulumi.String(exampleGetPolicyDefintion.Id),
Parameters: pulumi.String(json0),
})
if err != nil {
return err
}
_, err = core.NewSubscriptionPolicyRemediation(ctx, "example", &core.SubscriptionPolicyRemediationArgs{
Name: pulumi.String("example"),
SubscriptionId: pulumi.String(example.Id),
PolicyAssignmentId: exampleSubscriptionPolicyAssignment.ID(),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.inputs.GetSubscriptionArgs;
import com.pulumi.azure.policy.PolicyFunctions;
import com.pulumi.azure.policy.inputs.GetPolicyDefintionArgs;
import com.pulumi.azure.core.SubscriptionPolicyAssignment;
import com.pulumi.azure.core.SubscriptionPolicyAssignmentArgs;
import com.pulumi.azure.core.SubscriptionPolicyRemediation;
import com.pulumi.azure.core.SubscriptionPolicyRemediationArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = CoreFunctions.getSubscription();
final var exampleGetPolicyDefintion = PolicyFunctions.getPolicyDefintion(GetPolicyDefintionArgs.builder()
.displayName("Allowed resource types")
.build());
var exampleSubscriptionPolicyAssignment = new SubscriptionPolicyAssignment("exampleSubscriptionPolicyAssignment", SubscriptionPolicyAssignmentArgs.builder()
.name("exampleAssignment")
.subscriptionId(example.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
.policyDefinitionId(exampleGetPolicyDefintion.applyValue(getPolicyDefintionResult -> getPolicyDefintionResult.id()))
.parameters(serializeJson(
jsonObject(
jsonProperty("listOfAllowedLocations", jsonObject(
jsonProperty("value", jsonArray(
"West Europe",
"East US"
))
))
)))
.build());
var exampleSubscriptionPolicyRemediation = new SubscriptionPolicyRemediation("exampleSubscriptionPolicyRemediation", SubscriptionPolicyRemediationArgs.builder()
.name("example")
.subscriptionId(example.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
.policyAssignmentId(exampleSubscriptionPolicyAssignment.id())
.build());
}
}Content copied to clipboard
resources:
exampleSubscriptionPolicyAssignment:
type: azure:core:SubscriptionPolicyAssignment
name: example
properties:
name: exampleAssignment
subscriptionId: ${example.id}
policyDefinitionId: ${exampleGetPolicyDefintion.id}
parameters:
fn::toJSON:
listOfAllowedLocations:
value:
- West Europe
- East US
exampleSubscriptionPolicyRemediation:
type: azure:core:SubscriptionPolicyRemediation
name: example
properties:
name: example
subscriptionId: ${example.id}
policyAssignmentId: ${exampleSubscriptionPolicyAssignment.id}
variables:
example:
fn::invoke:
function: azure:core:getSubscription
arguments: {}
exampleGetPolicyDefintion:
fn::invoke:
function: azure:policy:getPolicyDefintion
arguments:
displayName: Allowed resource typesContent copied to clipboard
Import
Policy Remediations can be imported using the resource id, e.g.
$ pulumi import azure:core/subscriptionPolicyRemediation:SubscriptionPolicyRemediation example /subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.PolicyInsights/remediations/remediation1Content copied to clipboard
Properties
Link copied to clipboard
A number between 0.0 to 1.0 representing the percentage failure threshold. The remediation will fail if the percentage of failed remediation operations (i.e. failed deployments) exceeds this threshold.
Link copied to clipboard
A list of the resource locations that will be remediated.
Link copied to clipboard
Determines how many resources to remediate at any given time. Can be used to increase or reduce the pace of the remediation. If not provided, the default parallel deployments value is used.
Link copied to clipboard
The ID of the Policy Assignment that should be remediated.
Link copied to clipboard
The unique ID for the policy definition reference within the policy set definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Determines the max number of resources that can be remediated by the remediation job. If not provided, the default resource count is used.
Link copied to clipboard
The way that resources to remediate are discovered. Possible values are ExistingNonCompliant, ReEvaluateCompliance. Defaults to ExistingNonCompliant.
Link copied to clipboard
The Subscription ID at which the Policy Remediation should be applied. Changing this forces a new resource to be created.