Docs Home
These are the docs for Azure Native v2. We recommenend using the latest version, Azure Native v3.
Azure Native v2 v2.90.0 published on Thursday, Mar 27, 2025 by Pulumi
azure-native-v2.authorization.PolicyAssignment
Explore with Pulumi AI
These are the docs for Azure Native v2. We recommenend using the latest version, Azure Native v3.
Azure Native v2 v2.90.0 published on Thursday, Mar 27, 2025 by Pulumi
- Example Usage
- Create or update a policy assignment
- Create or update a policy assignment with a system assigned identity
- Create or update a policy assignment with multiple non-compliance messages
- Create or update a policy assignment with overrides
- Create or update a policy assignment with resource selectors
- Create or update a policy assignment without enforcing policy effect during resource creation or update.
- Create PolicyAssignment Resource
- Constructor syntax
- Constructor example
- PolicyAssignment Resource Properties
- Inputs
- Outputs
- Supporting Types
- Import
- Package Details
The policy assignment. Azure REST API version: 2022-06-01. Prior API version in Azure Native 1.x: 2020-09-01.
Other available API versions: 2019-06-01, 2020-03-01, 2023-04-01, 2024-04-01, 2024-05-01, 2025-01-01.
Example Usage
Create or update a policy assignment
Create or update a policy assignment with a system assigned identity
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var policyAssignment = new AzureNative.Authorization.PolicyAssignment("policyAssignment", new()
{
Description = "Force resource names to begin with given DeptA and end with -LC",
DisplayName = "Enforce resource naming rules",
EnforcementMode = AzureNative.Authorization.EnforcementMode.Default,
Identity = new AzureNative.Authorization.Inputs.IdentityArgs
{
Type = AzureNative.Authorization.ResourceIdentityType.SystemAssigned,
},
Location = "eastus",
Metadata = new Dictionary<string, object?>
{
["assignedBy"] = "Foo Bar",
},
Parameters =
{
{ "prefix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
{
Value = "DeptA",
} },
{ "suffix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
{
Value = "-LC",
} },
},
PolicyAssignmentName = "EnforceNaming",
PolicyDefinitionId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
});
});
package main
import (
authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := authorization.NewPolicyAssignment(ctx, "policyAssignment", &authorization.PolicyAssignmentArgs{
Description: pulumi.String("Force resource names to begin with given DeptA and end with -LC"),
DisplayName: pulumi.String("Enforce resource naming rules"),
EnforcementMode: pulumi.String(authorization.EnforcementModeDefault),
Identity: &authorization.IdentityArgs{
Type: authorization.ResourceIdentityTypeSystemAssigned,
},
Location: pulumi.String("eastus"),
Metadata: pulumi.Any(map[string]interface{}{
"assignedBy": "Foo Bar",
}),
Parameters: authorization.ParameterValuesValueMap{
"prefix": &authorization.ParameterValuesValueArgs{
Value: pulumi.Any("DeptA"),
},
"suffix": &authorization.ParameterValuesValueArgs{
Value: pulumi.Any("-LC"),
},
},
PolicyAssignmentName: pulumi.String("EnforceNaming"),
PolicyDefinitionId: pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
Scope: pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyAssignment;
import com.pulumi.azurenative.authorization.PolicyAssignmentArgs;
import com.pulumi.azurenative.authorization.inputs.IdentityArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policyAssignment = new PolicyAssignment("policyAssignment", PolicyAssignmentArgs.builder()
.description("Force resource names to begin with given DeptA and end with -LC")
.displayName("Enforce resource naming rules")
.enforcementMode("Default")
.identity(IdentityArgs.builder()
.type("SystemAssigned")
.build())
.location("eastus")
.metadata(Map.of("assignedBy", "Foo Bar"))
.parameters(Map.ofEntries(
Map.entry("prefix", Map.of("value", "DeptA")),
Map.entry("suffix", Map.of("value", "-LC"))
))
.policyAssignmentName("EnforceNaming")
.policyDefinitionId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming")
.scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const policyAssignment = new azure_native.authorization.PolicyAssignment("policyAssignment", {
description: "Force resource names to begin with given DeptA and end with -LC",
displayName: "Enforce resource naming rules",
enforcementMode: azure_native.authorization.EnforcementMode.Default,
identity: {
type: azure_native.authorization.ResourceIdentityType.SystemAssigned,
},
location: "eastus",
metadata: {
assignedBy: "Foo Bar",
},
parameters: {
prefix: {
value: "DeptA",
},
suffix: {
value: "-LC",
},
},
policyAssignmentName: "EnforceNaming",
policyDefinitionId: "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
scope: "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
});
import pulumi
import pulumi_azure_native as azure_native
policy_assignment = azure_native.authorization.PolicyAssignment("policyAssignment",
description="Force resource names to begin with given DeptA and end with -LC",
display_name="Enforce resource naming rules",
enforcement_mode=azure_native.authorization.EnforcementMode.DEFAULT,
identity={
"type": azure_native.authorization.ResourceIdentityType.SYSTEM_ASSIGNED,
},
location="eastus",
metadata={
"assignedBy": "Foo Bar",
},
parameters={
"prefix": {
"value": "DeptA",
},
"suffix": {
"value": "-LC",
},
},
policy_assignment_name="EnforceNaming",
policy_definition_id="/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
scope="subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
resources:
policyAssignment:
type: azure-native:authorization:PolicyAssignment
properties:
description: Force resource names to begin with given DeptA and end with -LC
displayName: Enforce resource naming rules
enforcementMode: Default
identity:
type: SystemAssigned
location: eastus
metadata:
assignedBy: Foo Bar
parameters:
prefix:
value: DeptA
suffix:
value: -LC
policyAssignmentName: EnforceNaming
policyDefinitionId: /subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming
scope: subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2
Create or update a policy assignment with multiple non-compliance messages
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var policyAssignment = new AzureNative.Authorization.PolicyAssignment("policyAssignment", new()
{
DisplayName = "Enforce security policies",
NonComplianceMessages = new[]
{
new AzureNative.Authorization.Inputs.NonComplianceMessageArgs
{
Message = "Resources must comply with all internal security policies. See <internal site URL> for more info.",
},
new AzureNative.Authorization.Inputs.NonComplianceMessageArgs
{
Message = "Resource names must start with 'DeptA' and end with '-LC'.",
PolicyDefinitionReferenceId = "10420126870854049575",
},
new AzureNative.Authorization.Inputs.NonComplianceMessageArgs
{
Message = "Storage accounts must have firewall rules configured.",
PolicyDefinitionReferenceId = "8572513655450389710",
},
},
PolicyAssignmentName = "securityInitAssignment",
PolicyDefinitionId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative",
Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
});
});
package main
import (
authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := authorization.NewPolicyAssignment(ctx, "policyAssignment", &authorization.PolicyAssignmentArgs{
DisplayName: pulumi.String("Enforce security policies"),
NonComplianceMessages: authorization.NonComplianceMessageArray{
&authorization.NonComplianceMessageArgs{
Message: pulumi.String("Resources must comply with all internal security policies. See <internal site URL> for more info."),
},
&authorization.NonComplianceMessageArgs{
Message: pulumi.String("Resource names must start with 'DeptA' and end with '-LC'."),
PolicyDefinitionReferenceId: pulumi.String("10420126870854049575"),
},
&authorization.NonComplianceMessageArgs{
Message: pulumi.String("Storage accounts must have firewall rules configured."),
PolicyDefinitionReferenceId: pulumi.String("8572513655450389710"),
},
},
PolicyAssignmentName: pulumi.String("securityInitAssignment"),
PolicyDefinitionId: pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative"),
Scope: pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyAssignment;
import com.pulumi.azurenative.authorization.PolicyAssignmentArgs;
import com.pulumi.azurenative.authorization.inputs.NonComplianceMessageArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policyAssignment = new PolicyAssignment("policyAssignment", PolicyAssignmentArgs.builder()
.displayName("Enforce security policies")
.nonComplianceMessages(
NonComplianceMessageArgs.builder()
.message("Resources must comply with all internal security policies. See <internal site URL> for more info.")
.build(),
NonComplianceMessageArgs.builder()
.message("Resource names must start with 'DeptA' and end with '-LC'.")
.policyDefinitionReferenceId("10420126870854049575")
.build(),
NonComplianceMessageArgs.builder()
.message("Storage accounts must have firewall rules configured.")
.policyDefinitionReferenceId("8572513655450389710")
.build())
.policyAssignmentName("securityInitAssignment")
.policyDefinitionId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative")
.scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const policyAssignment = new azure_native.authorization.PolicyAssignment("policyAssignment", {
displayName: "Enforce security policies",
nonComplianceMessages: [
{
message: "Resources must comply with all internal security policies. See <internal site URL> for more info.",
},
{
message: "Resource names must start with 'DeptA' and end with '-LC'.",
policyDefinitionReferenceId: "10420126870854049575",
},
{
message: "Storage accounts must have firewall rules configured.",
policyDefinitionReferenceId: "8572513655450389710",
},
],
policyAssignmentName: "securityInitAssignment",
policyDefinitionId: "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative",
scope: "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
});
import pulumi
import pulumi_azure_native as azure_native
policy_assignment = azure_native.authorization.PolicyAssignment("policyAssignment",
display_name="Enforce security policies",
non_compliance_messages=[
{
"message": "Resources must comply with all internal security policies. See <internal site URL> for more info.",
},
{
"message": "Resource names must start with 'DeptA' and end with '-LC'.",
"policy_definition_reference_id": "10420126870854049575",
},
{
"message": "Storage accounts must have firewall rules configured.",
"policy_definition_reference_id": "8572513655450389710",
},
],
policy_assignment_name="securityInitAssignment",
policy_definition_id="/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative",
scope="subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
resources:
policyAssignment:
type: azure-native:authorization:PolicyAssignment
properties:
displayName: Enforce security policies
nonComplianceMessages:
- message: Resources must comply with all internal security policies. See <internal site URL> for more info.
- message: Resource names must start with 'DeptA' and end with '-LC'.
policyDefinitionReferenceId: '10420126870854049575'
- message: Storage accounts must have firewall rules configured.
policyDefinitionReferenceId: '8572513655450389710'
policyAssignmentName: securityInitAssignment
policyDefinitionId: /subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative
scope: subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2
Create or update a policy assignment with overrides
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var policyAssignment = new AzureNative.Authorization.PolicyAssignment("policyAssignment", new()
{
Description = "Limit the resource location and resource SKU",
DisplayName = "Limit the resource location and resource SKU",
Metadata = new Dictionary<string, object?>
{
["assignedBy"] = "Special Someone",
},
Overrides = new[]
{
new AzureNative.Authorization.Inputs.OverrideArgs
{
Kind = AzureNative.Authorization.OverrideKind.PolicyEffect,
Selectors = new[]
{
new AzureNative.Authorization.Inputs.SelectorArgs
{
In = new[]
{
"Limit_Skus",
"Limit_Locations",
},
Kind = AzureNative.Authorization.SelectorKind.PolicyDefinitionReferenceId,
},
},
Value = "Audit",
},
},
PolicyAssignmentName = "CostManagement",
PolicyDefinitionId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
});
});
package main
import (
authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := authorization.NewPolicyAssignment(ctx, "policyAssignment", &authorization.PolicyAssignmentArgs{
Description: pulumi.String("Limit the resource location and resource SKU"),
DisplayName: pulumi.String("Limit the resource location and resource SKU"),
Metadata: pulumi.Any(map[string]interface{}{
"assignedBy": "Special Someone",
}),
Overrides: authorization.OverrideArray{
&authorization.OverrideArgs{
Kind: pulumi.String(authorization.OverrideKindPolicyEffect),
Selectors: authorization.SelectorArray{
&authorization.SelectorArgs{
In: pulumi.StringArray{
pulumi.String("Limit_Skus"),
pulumi.String("Limit_Locations"),
},
Kind: pulumi.String(authorization.SelectorKindPolicyDefinitionReferenceId),
},
},
Value: pulumi.String("Audit"),
},
},
PolicyAssignmentName: pulumi.String("CostManagement"),
PolicyDefinitionId: pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement"),
Scope: pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyAssignment;
import com.pulumi.azurenative.authorization.PolicyAssignmentArgs;
import com.pulumi.azurenative.authorization.inputs.OverrideArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policyAssignment = new PolicyAssignment("policyAssignment", PolicyAssignmentArgs.builder()
.description("Limit the resource location and resource SKU")
.displayName("Limit the resource location and resource SKU")
.metadata(Map.of("assignedBy", "Special Someone"))
.overrides(OverrideArgs.builder()
.kind("policyEffect")
.selectors(SelectorArgs.builder()
.in(
"Limit_Skus",
"Limit_Locations")
.kind("policyDefinitionReferenceId")
.build())
.value("Audit")
.build())
.policyAssignmentName("CostManagement")
.policyDefinitionId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement")
.scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const policyAssignment = new azure_native.authorization.PolicyAssignment("policyAssignment", {
description: "Limit the resource location and resource SKU",
displayName: "Limit the resource location and resource SKU",
metadata: {
assignedBy: "Special Someone",
},
overrides: [{
kind: azure_native.authorization.OverrideKind.PolicyEffect,
selectors: [{
"in": [
"Limit_Skus",
"Limit_Locations",
],
kind: azure_native.authorization.SelectorKind.PolicyDefinitionReferenceId,
}],
value: "Audit",
}],
policyAssignmentName: "CostManagement",
policyDefinitionId: "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
scope: "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
});
import pulumi
import pulumi_azure_native as azure_native
policy_assignment = azure_native.authorization.PolicyAssignment("policyAssignment",
description="Limit the resource location and resource SKU",
display_name="Limit the resource location and resource SKU",
metadata={
"assignedBy": "Special Someone",
},
overrides=[{
"kind": azure_native.authorization.OverrideKind.POLICY_EFFECT,
"selectors": [{
"in_": [
"Limit_Skus",
"Limit_Locations",
],
"kind": azure_native.authorization.SelectorKind.POLICY_DEFINITION_REFERENCE_ID,
}],
"value": "Audit",
}],
policy_assignment_name="CostManagement",
policy_definition_id="/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
scope="subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
resources:
policyAssignment:
type: azure-native:authorization:PolicyAssignment
properties:
description: Limit the resource location and resource SKU
displayName: Limit the resource location and resource SKU
metadata:
assignedBy: Special Someone
overrides:
- kind: policyEffect
selectors:
- in:
- Limit_Skus
- Limit_Locations
kind: policyDefinitionReferenceId
value: Audit
policyAssignmentName: CostManagement
policyDefinitionId: /subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement
scope: subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2
Create or update a policy assignment with resource selectors
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var policyAssignment = new AzureNative.Authorization.PolicyAssignment("policyAssignment", new()
{
Description = "Limit the resource location and resource SKU",
DisplayName = "Limit the resource location and resource SKU",
Metadata = new Dictionary<string, object?>
{
["assignedBy"] = "Special Someone",
},
PolicyAssignmentName = "CostManagement",
PolicyDefinitionId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
ResourceSelectors = new[]
{
new AzureNative.Authorization.Inputs.ResourceSelectorArgs
{
Name = "SDPRegions",
Selectors = new[]
{
new AzureNative.Authorization.Inputs.SelectorArgs
{
In = new[]
{
"eastus2euap",
"centraluseuap",
},
Kind = AzureNative.Authorization.SelectorKind.ResourceLocation,
},
},
},
},
Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
});
});
package main
import (
authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := authorization.NewPolicyAssignment(ctx, "policyAssignment", &authorization.PolicyAssignmentArgs{
Description: pulumi.String("Limit the resource location and resource SKU"),
DisplayName: pulumi.String("Limit the resource location and resource SKU"),
Metadata: pulumi.Any(map[string]interface{}{
"assignedBy": "Special Someone",
}),
PolicyAssignmentName: pulumi.String("CostManagement"),
PolicyDefinitionId: pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement"),
ResourceSelectors: authorization.ResourceSelectorArray{
&authorization.ResourceSelectorArgs{
Name: pulumi.String("SDPRegions"),
Selectors: authorization.SelectorArray{
&authorization.SelectorArgs{
In: pulumi.StringArray{
pulumi.String("eastus2euap"),
pulumi.String("centraluseuap"),
},
Kind: pulumi.String(authorization.SelectorKindResourceLocation),
},
},
},
},
Scope: pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyAssignment;
import com.pulumi.azurenative.authorization.PolicyAssignmentArgs;
import com.pulumi.azurenative.authorization.inputs.ResourceSelectorArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policyAssignment = new PolicyAssignment("policyAssignment", PolicyAssignmentArgs.builder()
.description("Limit the resource location and resource SKU")
.displayName("Limit the resource location and resource SKU")
.metadata(Map.of("assignedBy", "Special Someone"))
.policyAssignmentName("CostManagement")
.policyDefinitionId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement")
.resourceSelectors(ResourceSelectorArgs.builder()
.name("SDPRegions")
.selectors(SelectorArgs.builder()
.in(
"eastus2euap",
"centraluseuap")
.kind("resourceLocation")
.build())
.build())
.scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const policyAssignment = new azure_native.authorization.PolicyAssignment("policyAssignment", {
description: "Limit the resource location and resource SKU",
displayName: "Limit the resource location and resource SKU",
metadata: {
assignedBy: "Special Someone",
},
policyAssignmentName: "CostManagement",
policyDefinitionId: "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
resourceSelectors: [{
name: "SDPRegions",
selectors: [{
"in": [
"eastus2euap",
"centraluseuap",
],
kind: azure_native.authorization.SelectorKind.ResourceLocation,
}],
}],
scope: "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
});
import pulumi
import pulumi_azure_native as azure_native
policy_assignment = azure_native.authorization.PolicyAssignment("policyAssignment",
description="Limit the resource location and resource SKU",
display_name="Limit the resource location and resource SKU",
metadata={
"assignedBy": "Special Someone",
},
policy_assignment_name="CostManagement",
policy_definition_id="/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
resource_selectors=[{
"name": "SDPRegions",
"selectors": [{
"in_": [
"eastus2euap",
"centraluseuap",
],
"kind": azure_native.authorization.SelectorKind.RESOURCE_LOCATION,
}],
}],
scope="subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
resources:
policyAssignment:
type: azure-native:authorization:PolicyAssignment
properties:
description: Limit the resource location and resource SKU
displayName: Limit the resource location and resource SKU
metadata:
assignedBy: Special Someone
policyAssignmentName: CostManagement
policyDefinitionId: /subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement
resourceSelectors:
- name: SDPRegions
selectors:
- in:
- eastus2euap
- centraluseuap
kind: resourceLocation
scope: subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2
Create or update a policy assignment without enforcing policy effect during resource creation or update.
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var policyAssignment = new AzureNative.Authorization.PolicyAssignment("policyAssignment", new()
{
Description = "Force resource names to begin with given DeptA and end with -LC",
DisplayName = "Enforce resource naming rules",
EnforcementMode = AzureNative.Authorization.EnforcementMode.DoNotEnforce,
Metadata = new Dictionary<string, object?>
{
["assignedBy"] = "Special Someone",
},
Parameters =
{
{ "prefix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
{
Value = "DeptA",
} },
{ "suffix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
{
Value = "-LC",
} },
},
PolicyAssignmentName = "EnforceNaming",
PolicyDefinitionId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
});
});
package main
import (
authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := authorization.NewPolicyAssignment(ctx, "policyAssignment", &authorization.PolicyAssignmentArgs{
Description: pulumi.String("Force resource names to begin with given DeptA and end with -LC"),
DisplayName: pulumi.String("Enforce resource naming rules"),
EnforcementMode: pulumi.String(authorization.EnforcementModeDoNotEnforce),
Metadata: pulumi.Any(map[string]interface{}{
"assignedBy": "Special Someone",
}),
Parameters: authorization.ParameterValuesValueMap{
"prefix": &authorization.ParameterValuesValueArgs{
Value: pulumi.Any("DeptA"),
},
"suffix": &authorization.ParameterValuesValueArgs{
Value: pulumi.Any("-LC"),
},
},
PolicyAssignmentName: pulumi.String("EnforceNaming"),
PolicyDefinitionId: pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
Scope: pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyAssignment;
import com.pulumi.azurenative.authorization.PolicyAssignmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policyAssignment = new PolicyAssignment("policyAssignment", PolicyAssignmentArgs.builder()
.description("Force resource names to begin with given DeptA and end with -LC")
.displayName("Enforce resource naming rules")
.enforcementMode("DoNotEnforce")
.metadata(Map.of("assignedBy", "Special Someone"))
.parameters(Map.ofEntries(
Map.entry("prefix", Map.of("value", "DeptA")),
Map.entry("suffix", Map.of("value", "-LC"))
))
.policyAssignmentName("EnforceNaming")
.policyDefinitionId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming")
.scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const policyAssignment = new azure_native.authorization.PolicyAssignment("policyAssignment", {
description: "Force resource names to begin with given DeptA and end with -LC",
displayName: "Enforce resource naming rules",
enforcementMode: azure_native.authorization.EnforcementMode.DoNotEnforce,
metadata: {
assignedBy: "Special Someone",
},
parameters: {
prefix: {
value: "DeptA",
},
suffix: {
value: "-LC",
},
},
policyAssignmentName: "EnforceNaming",
policyDefinitionId: "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
scope: "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
});
import pulumi
import pulumi_azure_native as azure_native
policy_assignment = azure_native.authorization.PolicyAssignment("policyAssignment",
description="Force resource names to begin with given DeptA and end with -LC",
display_name="Enforce resource naming rules",
enforcement_mode=azure_native.authorization.EnforcementMode.DO_NOT_ENFORCE,
metadata={
"assignedBy": "Special Someone",
},
parameters={
"prefix": {
"value": "DeptA",
},
"suffix": {
"value": "-LC",
},
},
policy_assignment_name="EnforceNaming",
policy_definition_id="/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
scope="subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
resources:
policyAssignment:
type: azure-native:authorization:PolicyAssignment
properties:
description: Force resource names to begin with given DeptA and end with -LC
displayName: Enforce resource naming rules
enforcementMode: DoNotEnforce
metadata:
assignedBy: Special Someone
parameters:
prefix:
value: DeptA
suffix:
value: -LC
policyAssignmentName: EnforceNaming
policyDefinitionId: /subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming
scope: subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2
Create PolicyAssignment Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new PolicyAssignment(name: string, args: PolicyAssignmentArgs, opts?: CustomResourceOptions);@overload
def PolicyAssignment(resource_name: str,
args: PolicyAssignmentArgs,
opts: Optional[ResourceOptions] = None)
@overload
def PolicyAssignment(resource_name: str,
opts: Optional[ResourceOptions] = None,
scope: Optional[str] = None,
non_compliance_messages: Optional[Sequence[NonComplianceMessageArgs]] = None,
enforcement_mode: Optional[Union[str, EnforcementMode]] = None,
identity: Optional[IdentityArgs] = None,
location: Optional[str] = None,
metadata: Optional[Any] = None,
description: Optional[str] = None,
not_scopes: Optional[Sequence[str]] = None,
overrides: Optional[Sequence[OverrideArgs]] = None,
parameters: Optional[Mapping[str, ParameterValuesValueArgs]] = None,
policy_assignment_name: Optional[str] = None,
policy_definition_id: Optional[str] = None,
resource_selectors: Optional[Sequence[ResourceSelectorArgs]] = None,
display_name: Optional[str] = None)func NewPolicyAssignment(ctx *Context, name string, args PolicyAssignmentArgs, opts ...ResourceOption) (*PolicyAssignment, error)public PolicyAssignment(string name, PolicyAssignmentArgs args, CustomResourceOptions? opts = null)public PolicyAssignment(String name, PolicyAssignmentArgs args)
public PolicyAssignment(String name, PolicyAssignmentArgs args, CustomResourceOptions options)
type: azure-native:authorization:PolicyAssignment
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. PolicyAssignmentArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. PolicyAssignmentArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. PolicyAssignmentArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. PolicyAssignmentArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. PolicyAssignmentArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var policyAssignmentResource = new AzureNative.Authorization.PolicyAssignment("policyAssignmentResource", new()
{
Scope = "string",
NonComplianceMessages = new[]
{
{
{ "message", "string" },
{ "policyDefinitionReferenceId", "string" },
},
},
EnforcementMode = "string",
Identity =
{
{ "type", "SystemAssigned" },
{ "userAssignedIdentities", new[]
{
"string",
} },
},
Location = "string",
Metadata = "any",
Description = "string",
NotScopes = new[]
{
"string",
},
Overrides = new[]
{
{
{ "kind", "string" },
{ "selectors", new[]
{
{
{ "in", new[]
{
"string",
} },
{ "kind", "string" },
{ "notIn", new[]
{
"string",
} },
},
} },
{ "value", "string" },
},
},
Parameters =
{
{ "string",
{
{ "value", "any" },
} },
},
PolicyAssignmentName = "string",
PolicyDefinitionId = "string",
ResourceSelectors = new[]
{
{
{ "name", "string" },
{ "selectors", new[]
{
{
{ "in", new[]
{
"string",
} },
{ "kind", "string" },
{ "notIn", new[]
{
"string",
} },
},
} },
},
},
DisplayName = "string",
});
example, err := authorization.NewPolicyAssignment(ctx, "policyAssignmentResource", &authorization.PolicyAssignmentArgs{
Scope: "string",
NonComplianceMessages: []map[string]interface{}{
map[string]interface{}{
"message": "string",
"policyDefinitionReferenceId": "string",
},
},
EnforcementMode: "string",
Identity: map[string]interface{}{
"type": "SystemAssigned",
"userAssignedIdentities": []string{
"string",
},
},
Location: "string",
Metadata: "any",
Description: "string",
NotScopes: []string{
"string",
},
Overrides: []map[string]interface{}{
map[string]interface{}{
"kind": "string",
"selectors": []map[string]interface{}{
map[string]interface{}{
"in": []string{
"string",
},
"kind": "string",
"notIn": []string{
"string",
},
},
},
"value": "string",
},
},
Parameters: map[string]interface{}{
"string": map[string]interface{}{
"value": "any",
},
},
PolicyAssignmentName: "string",
PolicyDefinitionId: "string",
ResourceSelectors: []map[string]interface{}{
map[string]interface{}{
"name": "string",
"selectors": []map[string]interface{}{
map[string]interface{}{
"in": []string{
"string",
},
"kind": "string",
"notIn": []string{
"string",
},
},
},
},
},
DisplayName: "string",
})
var policyAssignmentResource = new PolicyAssignment("policyAssignmentResource", PolicyAssignmentArgs.builder()
.scope("string")
.nonComplianceMessages(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.enforcementMode("string")
.identity(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.location("string")
.metadata("any")
.description("string")
.notScopes("string")
.overrides(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.parameters(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.policyAssignmentName("string")
.policyDefinitionId("string")
.resourceSelectors(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.displayName("string")
.build());
policy_assignment_resource = azure_native.authorization.PolicyAssignment("policyAssignmentResource",
scope=string,
non_compliance_messages=[{
message: string,
policyDefinitionReferenceId: string,
}],
enforcement_mode=string,
identity={
type: SystemAssigned,
userAssignedIdentities: [string],
},
location=string,
metadata=any,
description=string,
not_scopes=[string],
overrides=[{
kind: string,
selectors: [{
in: [string],
kind: string,
notIn: [string],
}],
value: string,
}],
parameters={
string: {
value: any,
},
},
policy_assignment_name=string,
policy_definition_id=string,
resource_selectors=[{
name: string,
selectors: [{
in: [string],
kind: string,
notIn: [string],
}],
}],
display_name=string)
const policyAssignmentResource = new azure_native.authorization.PolicyAssignment("policyAssignmentResource", {
scope: "string",
nonComplianceMessages: [{
message: "string",
policyDefinitionReferenceId: "string",
}],
enforcementMode: "string",
identity: {
type: "SystemAssigned",
userAssignedIdentities: ["string"],
},
location: "string",
metadata: "any",
description: "string",
notScopes: ["string"],
overrides: [{
kind: "string",
selectors: [{
"in": ["string"],
kind: "string",
notIn: ["string"],
}],
value: "string",
}],
parameters: {
string: {
value: "any",
},
},
policyAssignmentName: "string",
policyDefinitionId: "string",
resourceSelectors: [{
name: "string",
selectors: [{
"in": ["string"],
kind: "string",
notIn: ["string"],
}],
}],
displayName: "string",
});
type: azure-native:authorization:PolicyAssignment
properties:
description: string
displayName: string
enforcementMode: string
identity:
type: SystemAssigned
userAssignedIdentities:
- string
location: string
metadata: any
nonComplianceMessages:
- message: string
policyDefinitionReferenceId: string
notScopes:
- string
overrides:
- kind: string
selectors:
- in:
- string
kind: string
notIn:
- string
value: string
parameters:
string:
value: any
policyAssignmentName: string
policyDefinitionId: string
resourceSelectors:
- name: string
selectors:
- in:
- string
kind: string
notIn:
- string
scope: string
PolicyAssignment Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The PolicyAssignment resource accepts the following input properties:
- Scope
string
This property is required. 
Changes to this property will trigger replacement. - The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
- Description string
- This message will be part of response in case of policy violation.
- Display
Name string - The display name of the policy assignment.
- Enforcement
Mode string | Pulumi.Azure Native. Authorization. Enforcement Mode - The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.
- Identity
Pulumi.
Azure Native. Authorization. Inputs. Identity - The managed identity associated with the policy assignment.
- Location string
- The location of the policy assignment. Only required when utilizing managed identity.
- Metadata object
- The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.
- Non
Compliance List<Pulumi.Messages Azure Native. Authorization. Inputs. Non Compliance Message> - The messages that describe why a resource is non-compliant with the policy.
- Not
Scopes List<string> - The policy's excluded scopes.
- Overrides
List<Pulumi.
Azure Native. Authorization. Inputs. Override> - The policy property value override.
- Parameters
Dictionary<string, Pulumi.
Azure Native. Authorization. Inputs. Parameter Values Value Args> - The parameter values for the assigned policy rule. The keys are the parameter names.
- Policy
Assignment Name - The name of the policy assignment.
- Policy
Definition stringId - The ID of the policy definition or policy set definition being assigned.
- Resource
Selectors List<Pulumi.Azure Native. Authorization. Inputs. Resource Selector> - The resource selector list to filter policies by resource properties.
- Scope
string
This property is required. Changes to this property will trigger replacement. - The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
- Description string
- This message will be part of response in case of policy violation.
- Display
Name string - The display name of the policy assignment.
- Enforcement
Mode string | EnforcementMode - The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.
- Identity
Identity
Args - The managed identity associated with the policy assignment.
- Location string
- The location of the policy assignment. Only required when utilizing managed identity.
- Metadata interface{}
- The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.
- Non
Compliance []NonMessages Compliance Message Args - The messages that describe why a resource is non-compliant with the policy.
- Not
Scopes []string - The policy's excluded scopes.
- Overrides
[]Override
Args - The policy property value override.
- Parameters
map[string]Parameter
Values Value Args - The parameter values for the assigned policy rule. The keys are the parameter names.
- Policy
Assignment Name - The name of the policy assignment.
- Policy
Definition stringId - The ID of the policy definition or policy set definition being assigned.
- Resource
Selectors []ResourceSelector Args - The resource selector list to filter policies by resource properties.
- scope
String
This property is required. Changes to this property will trigger replacement. - The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
- description String
- This message will be part of response in case of policy violation.
- display
Name String - The display name of the policy assignment.
- enforcement
Mode String | EnforcementMode - The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.
- identity Identity
- The managed identity associated with the policy assignment.
- location String
- The location of the policy assignment. Only required when utilizing managed identity.
- metadata Object
- The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.
- non
Compliance List<NonMessages Compliance Message> - The messages that describe why a resource is non-compliant with the policy.
- not
Scopes List<String> - The policy's excluded scopes.
- overrides List<Override>
- The policy property value override.
- parameters
Map<String,Parameter
Values Value Args> - The parameter values for the assigned policy rule. The keys are the parameter names.
- policy
Assignment Name - The name of the policy assignment.
- policy
Definition StringId - The ID of the policy definition or policy set definition being assigned.
- resource
Selectors List<ResourceSelector> - The resource selector list to filter policies by resource properties.
- scope
string
This property is required. Changes to this property will trigger replacement. - The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
- description string
- This message will be part of response in case of policy violation.
- display
Name string - The display name of the policy assignment.
- enforcement
Mode string | EnforcementMode - The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.
- identity Identity
- The managed identity associated with the policy assignment.
- location string
- The location of the policy assignment. Only required when utilizing managed identity.
- metadata any
- The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.
- non
Compliance NonMessages Compliance Message[] - The messages that describe why a resource is non-compliant with the policy.
- not
Scopes string[] - The policy's excluded scopes.
- overrides Override[]
- The policy property value override.
- parameters
{[key: string]: Parameter
Values Value Args} - The parameter values for the assigned policy rule. The keys are the parameter names.
- policy
Assignment Name - The name of the policy assignment.
- policy
Definition stringId - The ID of the policy definition or policy set definition being assigned.
- resource
Selectors ResourceSelector[] - The resource selector list to filter policies by resource properties.
- scope
str
This property is required. Changes to this property will trigger replacement. - The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
- description str
- This message will be part of response in case of policy violation.
- display_
name str - The display name of the policy assignment.
- enforcement_
mode str | EnforcementMode - The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.
- identity
Identity
Args - The managed identity associated with the policy assignment.
- location str
- The location of the policy assignment. Only required when utilizing managed identity.
- metadata Any
- The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.
- non_
compliance_ Sequence[Nonmessages Compliance Message Args] - The messages that describe why a resource is non-compliant with the policy.
- not_
scopes Sequence[str] - The policy's excluded scopes.
- overrides
Sequence[Override
Args] - The policy property value override.
- parameters
Mapping[str, Parameter
Values Value Args] - The parameter values for the assigned policy rule. The keys are the parameter names.
- policy_
assignment_ name - The name of the policy assignment.
- policy_
definition_ strid - The ID of the policy definition or policy set definition being assigned.
- resource_
selectors Sequence[ResourceSelector Args] - The resource selector list to filter policies by resource properties.
- scope
String
This property is required. Changes to this property will trigger replacement. - The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
- description String
- This message will be part of response in case of policy violation.
- display
Name String - The display name of the policy assignment.
- enforcement
Mode String | "Default" | "DoNot Enforce" - The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.
- identity Property Map
- The managed identity associated with the policy assignment.
- location String
- The location of the policy assignment. Only required when utilizing managed identity.
- metadata Any
- The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.
- non
Compliance List<Property Map>Messages - The messages that describe why a resource is non-compliant with the policy.
- not
Scopes List<String> - The policy's excluded scopes.
- overrides List<Property Map>
- The policy property value override.
- parameters Map<Property Map>
- The parameter values for the assigned policy rule. The keys are the parameter names.
- policy
Assignment Name - The name of the policy assignment.
- policy
Definition StringId - The ID of the policy definition or policy set definition being assigned.
- resource
Selectors List<Property Map> - The resource selector list to filter policies by resource properties.
Outputs
All input properties are implicitly available as output properties. Additionally, the PolicyAssignment resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- The name of the policy assignment.
- System
Data Pulumi.Azure Native. Authorization. Outputs. System Data Response - The system metadata relating to this resource.
- Type string
- The type of the policy assignment.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- The name of the policy assignment.
- System
Data SystemData Response - The system metadata relating to this resource.
- Type string
- The type of the policy assignment.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- The name of the policy assignment.
- system
Data SystemData Response - The system metadata relating to this resource.
- type String
- The type of the policy assignment.
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- The name of the policy assignment.
- system
Data SystemData Response - The system metadata relating to this resource.
- type string
- The type of the policy assignment.
- id str
- The provider-assigned unique ID for this managed resource.
- name str
- The name of the policy assignment.
- system_
data SystemData Response - The system metadata relating to this resource.
- type str
- The type of the policy assignment.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- The name of the policy assignment.
- system
Data Property Map - The system metadata relating to this resource.
- type String
- The type of the policy assignment.
Supporting Types
EnforcementMode, EnforcementModeArgs
, EnforcementModeArgs
- Default
- DefaultThe policy effect is enforced during resource creation or update.
- Do
Not Enforce - DoNotEnforceThe policy effect is not enforced during resource creation or update.
- Enforcement
Mode Default - DefaultThe policy effect is enforced during resource creation or update.
- Enforcement
Mode Do Not Enforce - DoNotEnforceThe policy effect is not enforced during resource creation or update.
- Default
- DefaultThe policy effect is enforced during resource creation or update.
- Do
Not Enforce - DoNotEnforceThe policy effect is not enforced during resource creation or update.
- Default
- DefaultThe policy effect is enforced during resource creation or update.
- Do
Not Enforce - DoNotEnforceThe policy effect is not enforced during resource creation or update.
- DEFAULT
- DefaultThe policy effect is enforced during resource creation or update.
- DO_NOT_ENFORCE
- DoNotEnforceThe policy effect is not enforced during resource creation or update.
- "Default"
- DefaultThe policy effect is enforced during resource creation or update.
- "Do
Not Enforce" - DoNotEnforceThe policy effect is not enforced during resource creation or update.
Identity, IdentityArgs
, IdentityArgs
- Type
Pulumi.
Azure Native. Authorization. Resource Identity Type - The identity type. This is the only required field when adding a system or user assigned identity to a resource.
- User
Assigned List<string>Identities - The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- Type
Resource
Identity Type - The identity type. This is the only required field when adding a system or user assigned identity to a resource.
- User
Assigned []stringIdentities - The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- type
Resource
Identity Type - The identity type. This is the only required field when adding a system or user assigned identity to a resource.
- user
Assigned List<String>Identities - The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- type
Resource
Identity Type - The identity type. This is the only required field when adding a system or user assigned identity to a resource.
- user
Assigned string[]Identities - The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- type
Resource
Identity Type - The identity type. This is the only required field when adding a system or user assigned identity to a resource.
- user_
assigned_ Sequence[str]identities - The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- type
"System
Assigned" | "User Assigned" | "None" - The identity type. This is the only required field when adding a system or user assigned identity to a resource.
- user
Assigned List<String>Identities - The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
IdentityResponse, IdentityResponseArgs
, IdentityResponseArgs
- Principal
Id This property is required. string - The principal ID of the resource identity. This property will only be provided for a system assigned identity
- Tenant
Id This property is required. string - The tenant ID of the resource identity. This property will only be provided for a system assigned identity
- Type string
- The identity type. This is the only required field when adding a system or user assigned identity to a resource.
- User
Assigned Dictionary<string, Pulumi.Identities Azure Native. Authorization. Inputs. Identity Response User Assigned Identities> - The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- Principal
Id This property is required. string - The principal ID of the resource identity. This property will only be provided for a system assigned identity
- Tenant
Id This property is required. string - The tenant ID of the resource identity. This property will only be provided for a system assigned identity
- Type string
- The identity type. This is the only required field when adding a system or user assigned identity to a resource.
- User
Assigned map[string]IdentityIdentities Response User Assigned Identities - The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- principal
Id This property is required. String - The principal ID of the resource identity. This property will only be provided for a system assigned identity
- tenant
Id This property is required. String - The tenant ID of the resource identity. This property will only be provided for a system assigned identity
- type String
- The identity type. This is the only required field when adding a system or user assigned identity to a resource.
- user
Assigned Map<String,IdentityIdentities Response User Assigned Identities> - The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- principal
Id This property is required. string - The principal ID of the resource identity. This property will only be provided for a system assigned identity
- tenant
Id This property is required. string - The tenant ID of the resource identity. This property will only be provided for a system assigned identity
- type string
- The identity type. This is the only required field when adding a system or user assigned identity to a resource.
- user
Assigned {[key: string]: IdentityIdentities Response User Assigned Identities} - The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- principal_
id This property is required. str - The principal ID of the resource identity. This property will only be provided for a system assigned identity
- tenant_
id This property is required. str - The tenant ID of the resource identity. This property will only be provided for a system assigned identity
- type str
- The identity type. This is the only required field when adding a system or user assigned identity to a resource.
- user_
assigned_ Mapping[str, Identityidentities Response User Assigned Identities] - The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- principal
Id This property is required. String - The principal ID of the resource identity. This property will only be provided for a system assigned identity
- tenant
Id This property is required. String - The tenant ID of the resource identity. This property will only be provided for a system assigned identity
- type String
- The identity type. This is the only required field when adding a system or user assigned identity to a resource.
- user
Assigned Map<Property Map>Identities - The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
IdentityResponseUserAssignedIdentities, IdentityResponseUserAssignedIdentitiesArgs
, IdentityResponseUserAssignedIdentitiesArgs
- Client
Id This property is required. string - The client id of user assigned identity.
- Principal
Id This property is required. string - The principal id of user assigned identity.
- Client
Id This property is required. string - The client id of user assigned identity.
- Principal
Id This property is required. string - The principal id of user assigned identity.
- client
Id This property is required. String - The client id of user assigned identity.
- principal
Id This property is required. String - The principal id of user assigned identity.
- client
Id This property is required. string - The client id of user assigned identity.
- principal
Id This property is required. string - The principal id of user assigned identity.
- client_
id This property is required. str - The client id of user assigned identity.
- principal_
id This property is required. str - The principal id of user assigned identity.
- client
Id This property is required. String - The client id of user assigned identity.
- principal
Id This property is required. String - The principal id of user assigned identity.
NonComplianceMessage, NonComplianceMessageArgs
, NonComplianceMessageArgs
- Message
This property is required. string - A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
- Policy
Definition stringReference Id - The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
- Message
This property is required. string - A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
- Policy
Definition stringReference Id - The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
- message
This property is required. String - A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
- policy
Definition StringReference Id - The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
- message
This property is required. string - A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
- policy
Definition stringReference Id - The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
- message
This property is required. str - A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
- policy_
definition_ strreference_ id - The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
- message
This property is required. String - A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
- policy
Definition StringReference Id - The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
NonComplianceMessageResponse, NonComplianceMessageResponseArgs
, NonComplianceMessageResponseArgs
- Message
This property is required. string - A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
- Policy
Definition stringReference Id - The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
- Message
This property is required. string - A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
- Policy
Definition stringReference Id - The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
- message
This property is required. String - A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
- policy
Definition StringReference Id - The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
- message
This property is required. string - A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
- policy
Definition stringReference Id - The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
- message
This property is required. str - A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
- policy_
definition_ strreference_ id - The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
- message
This property is required. String - A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
- policy
Definition StringReference Id - The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
Override, OverrideArgs
, OverrideArgs
- Kind
string | Pulumi.
Azure Native. Authorization. Override Kind - The override kind.
- Selectors
List<Pulumi.
Azure Native. Authorization. Inputs. Selector> - The list of the selector expressions.
- Value string
- The value to override the policy property.
- Kind
string | Override
Kind - The override kind.
- Selectors []Selector
- The list of the selector expressions.
- Value string
- The value to override the policy property.
- kind
String | Override
Kind - The override kind.
- selectors List<Selector>
- The list of the selector expressions.
- value String
- The value to override the policy property.
- kind
string | Override
Kind - The override kind.
- selectors Selector[]
- The list of the selector expressions.
- value string
- The value to override the policy property.
- kind
str | Override
Kind - The override kind.
- selectors Sequence[Selector]
- The list of the selector expressions.
- value str
- The value to override the policy property.
- kind
String | "policy
Effect" - The override kind.
- selectors List<Property Map>
- The list of the selector expressions.
- value String
- The value to override the policy property.
OverrideKind, OverrideKindArgs
, OverrideKindArgs
- Policy
Effect - policyEffectIt will override the policy effect type.
- Override
Kind Policy Effect - policyEffectIt will override the policy effect type.
- Policy
Effect - policyEffectIt will override the policy effect type.
- Policy
Effect - policyEffectIt will override the policy effect type.
- POLICY_EFFECT
- policyEffectIt will override the policy effect type.
- "policy
Effect" - policyEffectIt will override the policy effect type.
OverrideResponse, OverrideResponseArgs
, OverrideResponseArgs
- Kind string
- The override kind.
- Selectors
List<Pulumi.
Azure Native. Authorization. Inputs. Selector Response> - The list of the selector expressions.
- Value string
- The value to override the policy property.
- Kind string
- The override kind.
- Selectors
[]Selector
Response - The list of the selector expressions.
- Value string
- The value to override the policy property.
- kind String
- The override kind.
- selectors
List<Selector
Response> - The list of the selector expressions.
- value String
- The value to override the policy property.
- kind string
- The override kind.
- selectors
Selector
Response[] - The list of the selector expressions.
- value string
- The value to override the policy property.
- kind str
- The override kind.
- selectors
Sequence[Selector
Response] - The list of the selector expressions.
- value str
- The value to override the policy property.
- kind String
- The override kind.
- selectors List<Property Map>
- The list of the selector expressions.
- value String
- The value to override the policy property.
ParameterValuesValue, ParameterValuesValueArgs
, ParameterValuesValueArgs
- Value object
- The value of the parameter.
- Value interface{}
- The value of the parameter.
- value Object
- The value of the parameter.
- value any
- The value of the parameter.
- value Any
- The value of the parameter.
- value Any
- The value of the parameter.
ParameterValuesValueResponse, ParameterValuesValueResponseArgs
, ParameterValuesValueResponseArgs
- Value object
- The value of the parameter.
- Value interface{}
- The value of the parameter.
- value Object
- The value of the parameter.
- value any
- The value of the parameter.
- value Any
- The value of the parameter.
- value Any
- The value of the parameter.
ResourceIdentityType, ResourceIdentityTypeArgs
, ResourceIdentityTypeArgs
- System
Assigned - SystemAssignedIndicates that a system assigned identity is associated with the resource.
- User
Assigned - UserAssignedIndicates that a system assigned identity is associated with the resource.
- None
- NoneIndicates that no identity is associated with the resource or that the existing identity should be removed.
- Resource
Identity Type System Assigned - SystemAssignedIndicates that a system assigned identity is associated with the resource.
- Resource
Identity Type User Assigned - UserAssignedIndicates that a system assigned identity is associated with the resource.
- Resource
Identity Type None - NoneIndicates that no identity is associated with the resource or that the existing identity should be removed.
- System
Assigned - SystemAssignedIndicates that a system assigned identity is associated with the resource.
- User
Assigned - UserAssignedIndicates that a system assigned identity is associated with the resource.
- None
- NoneIndicates that no identity is associated with the resource or that the existing identity should be removed.
- System
Assigned - SystemAssignedIndicates that a system assigned identity is associated with the resource.
- User
Assigned - UserAssignedIndicates that a system assigned identity is associated with the resource.
- None
- NoneIndicates that no identity is associated with the resource or that the existing identity should be removed.
- SYSTEM_ASSIGNED
- SystemAssignedIndicates that a system assigned identity is associated with the resource.
- USER_ASSIGNED
- UserAssignedIndicates that a system assigned identity is associated with the resource.
- NONE
- NoneIndicates that no identity is associated with the resource or that the existing identity should be removed.
- "System
Assigned" - SystemAssignedIndicates that a system assigned identity is associated with the resource.
- "User
Assigned" - UserAssignedIndicates that a system assigned identity is associated with the resource.
- "None"
- NoneIndicates that no identity is associated with the resource or that the existing identity should be removed.
ResourceSelector, ResourceSelectorArgs
, ResourceSelectorArgs
- Name string
- The name of the resource selector.
- Selectors
List<Pulumi.
Azure Native. Authorization. Inputs. Selector> - The list of the selector expressions.
- Name string
- The name of the resource selector.
- Selectors []Selector
- The list of the selector expressions.
- name String
- The name of the resource selector.
- selectors List<Selector>
- The list of the selector expressions.
- name string
- The name of the resource selector.
- selectors Selector[]
- The list of the selector expressions.
- name str
- The name of the resource selector.
- selectors Sequence[Selector]
- The list of the selector expressions.
- name String
- The name of the resource selector.
- selectors List<Property Map>
- The list of the selector expressions.
ResourceSelectorResponse, ResourceSelectorResponseArgs
, ResourceSelectorResponseArgs
- Name string
- The name of the resource selector.
- Selectors
List<Pulumi.
Azure Native. Authorization. Inputs. Selector Response> - The list of the selector expressions.
- Name string
- The name of the resource selector.
- Selectors
[]Selector
Response - The list of the selector expressions.
- name String
- The name of the resource selector.
- selectors
List<Selector
Response> - The list of the selector expressions.
- name string
- The name of the resource selector.
- selectors
Selector
Response[] - The list of the selector expressions.
- name str
- The name of the resource selector.
- selectors
Sequence[Selector
Response] - The list of the selector expressions.
- name String
- The name of the resource selector.
- selectors List<Property Map>
- The list of the selector expressions.
Selector, SelectorArgs
, SelectorArgs
- In List<string>
- The list of values to filter in.
- Kind
string | Pulumi.
Azure Native. Authorization. Selector Kind - The selector kind.
- Not
In List<string> - The list of values to filter out.
- In []string
- The list of values to filter in.
- Kind
string | Selector
Kind - The selector kind.
- Not
In []string - The list of values to filter out.
- in List<String>
- The list of values to filter in.
- kind
String | Selector
Kind - The selector kind.
- not
In List<String> - The list of values to filter out.
- in string[]
- The list of values to filter in.
- kind
string | Selector
Kind - The selector kind.
- not
In string[] - The list of values to filter out.
- in_ Sequence[str]
- The list of values to filter in.
- kind
str | Selector
Kind - The selector kind.
- not_
in Sequence[str] - The list of values to filter out.
- in List<String>
- The list of values to filter in.
- kind
String | "resource
Location" | "resource Type" | "resource Without Location" | "policy Definition Reference Id" - The selector kind.
- not
In List<String> - The list of values to filter out.
SelectorKind, SelectorKindArgs
, SelectorKindArgs
- Resource
Location - resourceLocationThe selector kind to filter policies by the resource location.
- Resource
Type - resourceTypeThe selector kind to filter policies by the resource type.
- Resource
Without Location - resourceWithoutLocationThe selector kind to filter policies by the resource without location.
- Policy
Definition Reference Id - policyDefinitionReferenceIdThe selector kind to filter policies by the policy definition reference ID.
- Selector
Kind Resource Location - resourceLocationThe selector kind to filter policies by the resource location.
- Selector
Kind Resource Type - resourceTypeThe selector kind to filter policies by the resource type.
- Selector
Kind Resource Without Location - resourceWithoutLocationThe selector kind to filter policies by the resource without location.
- Selector
Kind Policy Definition Reference Id - policyDefinitionReferenceIdThe selector kind to filter policies by the policy definition reference ID.
- Resource
Location - resourceLocationThe selector kind to filter policies by the resource location.
- Resource
Type - resourceTypeThe selector kind to filter policies by the resource type.
- Resource
Without Location - resourceWithoutLocationThe selector kind to filter policies by the resource without location.
- Policy
Definition Reference Id - policyDefinitionReferenceIdThe selector kind to filter policies by the policy definition reference ID.
- Resource
Location - resourceLocationThe selector kind to filter policies by the resource location.
- Resource
Type - resourceTypeThe selector kind to filter policies by the resource type.
- Resource
Without Location - resourceWithoutLocationThe selector kind to filter policies by the resource without location.
- Policy
Definition Reference Id - policyDefinitionReferenceIdThe selector kind to filter policies by the policy definition reference ID.
- RESOURCE_LOCATION
- resourceLocationThe selector kind to filter policies by the resource location.
- RESOURCE_TYPE
- resourceTypeThe selector kind to filter policies by the resource type.
- RESOURCE_WITHOUT_LOCATION
- resourceWithoutLocationThe selector kind to filter policies by the resource without location.
- POLICY_DEFINITION_REFERENCE_ID
- policyDefinitionReferenceIdThe selector kind to filter policies by the policy definition reference ID.
- "resource
Location" - resourceLocationThe selector kind to filter policies by the resource location.
- "resource
Type" - resourceTypeThe selector kind to filter policies by the resource type.
- "resource
Without Location" - resourceWithoutLocationThe selector kind to filter policies by the resource without location.
- "policy
Definition Reference Id" - policyDefinitionReferenceIdThe selector kind to filter policies by the policy definition reference ID.
SelectorResponse, SelectorResponseArgs
, SelectorResponseArgs
SystemDataResponse, SystemDataResponseArgs
, SystemDataResponseArgs
- Created
At string - The timestamp of resource creation (UTC).
- Created
By string - The identity that created the resource.
- Created
By stringType - The type of identity that created the resource.
- Last
Modified stringAt - The timestamp of resource last modification (UTC)
- Last
Modified stringBy - The identity that last modified the resource.
- Last
Modified stringBy Type - The type of identity that last modified the resource.
- Created
At string - The timestamp of resource creation (UTC).
- Created
By string - The identity that created the resource.
- Created
By stringType - The type of identity that created the resource.
- Last
Modified stringAt - The timestamp of resource last modification (UTC)
- Last
Modified stringBy - The identity that last modified the resource.
- Last
Modified stringBy Type - The type of identity that last modified the resource.
- created
At String - The timestamp of resource creation (UTC).
- created
By String - The identity that created the resource.
- created
By StringType - The type of identity that created the resource.
- last
Modified StringAt - The timestamp of resource last modification (UTC)
- last
Modified StringBy - The identity that last modified the resource.
- last
Modified StringBy Type - The type of identity that last modified the resource.
- created
At string - The timestamp of resource creation (UTC).
- created
By string - The identity that created the resource.
- created
By stringType - The type of identity that created the resource.
- last
Modified stringAt - The timestamp of resource last modification (UTC)
- last
Modified stringBy - The identity that last modified the resource.
- last
Modified stringBy Type - The type of identity that last modified the resource.
- created_
at str - The timestamp of resource creation (UTC).
- created_
by str - The identity that created the resource.
- created_
by_ strtype - The type of identity that created the resource.
- last_
modified_ strat - The timestamp of resource last modification (UTC)
- last_
modified_ strby - The identity that last modified the resource.
- last_
modified_ strby_ type - The type of identity that last modified the resource.
- created
At String - The timestamp of resource creation (UTC).
- created
By String - The identity that created the resource.
- created
By StringType - The type of identity that created the resource.
- last
Modified StringAt - The timestamp of resource last modification (UTC)
- last
Modified StringBy - The identity that last modified the resource.
- last
Modified StringBy Type - The type of identity that last modified the resource.
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:authorization:PolicyAssignment EnforceNaming /{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- azure-native-v2 pulumi/pulumi-azure-native
- License
- Apache-2.0
These are the docs for Azure Native v2. We recommenend using the latest version, Azure Native v3.
Azure Native v2 v2.90.0 published on Thursday, Mar 27, 2025 by Pulumi
- Example Usage
- Create or update a policy assignment
- Create or update a policy assignment with a system assigned identity
- Create or update a policy assignment with multiple non-compliance messages
- Create or update a policy assignment with overrides
- Create or update a policy assignment with resource selectors
- Create or update a policy assignment without enforcing policy effect during resource creation or update.
- Create PolicyAssignment Resource
- Constructor syntax
- Constructor example
- PolicyAssignment Resource Properties
- Inputs
- Outputs
- Supporting Types
- Import
- Package Details