terraform-azurerm-policy-as-code
Terraform modules that simplify the workflow of custom and built-in Azure Policies
MIT License
Bot releases are visible (Hide)
Published by gettek almost 3 years ago
- Added Policy Exceptions module
- Added optional variable for custom Policy
assignment_name - Bug-fix definition display name property
- Enhanced all module readme's by adding multiple examples
- Initial GitHub workflows
- Removed Custom CIS Benchmark Module example in favor of built-in example
Published by gettek almost 3 years ago
- Added Azure Policy Custom Guest Configuration (CGC), includes:
- PowerShell script to build and publish Guest Config Policies & Packages
- terraform examples that demonstrate CGC Workflow
- Simplified and fixed set_assignment logic
- Definition display name and description is now optional and can be populated from the .json file itself
- Fixed the v2 library upgrade script which incorrectly named
rules{}->policyRule{}- updated all polices to reflect the same ^
- Role Assignments are now optional with
skip_role_assignmentflag
Published by gettek almost 3 years ago
Removes metadata from assignment modules
An issue exists where policy assignment metadata conflicts with provider-generated metadata resulting in an inconsistent final plan on plan/apply stages. These attributes have been removed and a provider bug will be raised.
Azure has since introduced the system_data attribute to both policy definitions and assignments which includes these meta fields: createdBy, createdOn, updatedBy, updatedOn and is therefore no longer needed.
Published by gettek almost 3 years ago
- No longer restriced to TF <= 13.6
- Simplified policy library (added update helper script)
- Migrate to new provider resources:
azurerm_management_group_policy_assignmentazurerm_subscription_policy_assignmentazurerm_resource_group_policy_assignmentazurerm_resource_policy_assignment
- Simplified remediation role assignments by embedding into policy assignment modules
- Readme updates
Published by gettek over 3 years ago
1.2.0
- Restrict to TF <= 13.6 - see issue 11327
- BugFix: Inconsistent final plan when using default varialbe value
nullinstead of"" - Readme updates
- Policy library additions & updates:
- Compute
- Monitoring
- Security Center
Published by gettek over 3 years ago
-
identity_idOutput simplified for DINE & Modify Assignment Managed Identities - Bug Fix: Initiative module now generates unique
reference_idfor thepolicy_definition_referenceblock in order to prevent targetting requirements for plan/apply cycle issues - Added Azure Security Center policies to Library
- Added Compute (VM Diagnostics Agent LAD/WAD) policies to Library
- Examples updated with Azure Security Center policies in use