terraform-azurerm-policy-as-code

Terraform modules that simplify the workflow of custom and built-in Azure Policies

MIT License

Stars
148
Committers
3
View Code on GitHub Visit Website
Ecosystems: Terraform, Azure

Bot releases are visible (Hide)

terraform-azurerm-policy-as-code - 2.9.2 Latest Release

Published by gettek 8 months ago

What's Changed

Full Changelog: https://github.com/gettek/terraform-azurerm-policy-as-code/compare/2.9.1...2.9.2

terraform-azurerm-policy-as-code - 2.9.1

Published by gettek 8 months ago

What's Changed

Full Changelog: https://github.com/gettek/terraform-azurerm-policy-as-code/compare/2.9.0...2.9.1

terraform-azurerm-policy-as-code - 2.9.0

Published by gettek 8 months ago

What's Changed

ENHANCEMENTS:

  • Most requested: Re-using the same policy definition multiple times in an initiative (#97 / #67 / #40 / #37)
    • see the initiative README
  • Lifecycle replacement triggers for Policy Set Definition member updates (#94 / #50 / #36)
    • adding/removing definitions from a set or updating definition parameters would often cause the resource manager API to complain
    • Note: this may introduce a breaking change to existing builds in which case redeployment of sets and set_assignments will be required
    • requires terraform >= 1.4

FEATURES:

  • Dynamically build initiative non-compliance messages based of values present in the definition, in order of:
    • metadata.non_compliance_message, description, display_name
    • Default message: Flagged by Policy: <policy_name>

UPDATES:

terraform-azurerm-policy-as-code - 2.8.3

Published by gettek about 1 year ago

What's Changed

Full Changelog: https://github.com/gettek/terraform-azurerm-policy-as-code/compare/2.8.2...2.8.3

terraform-azurerm-policy-as-code - 2.8.2

Published by gettek over 1 year ago

assignment_name should be trimmed to 24 characters if scope is at Management Group and 64 characters for all other scopes

See #82

What's Changed

Full Changelog: https://github.com/gettek/terraform-azurerm-policy-as-code/compare/2.8.1...2.8.2

terraform-azurerm-policy-as-code - 2.8.1

Published by gettek over 1 year ago

What's Changed

Full Changelog: https://github.com/gettek/terraform-azurerm-policy-as-code/compare/2.8.0...2.8.1

terraform-azurerm-policy-as-code - 2.8.0

Published by gettek over 1 year ago

What's Changed

  • *_assignment modules in #73:
    • Breaking Change: re_evaluate_compliance [bool] replaces resource_discovery_mode [string]
      • setting this to true will Re-Evaluate Compliance for remediation tasks
    • New Feature: support for Resource selectors (preview) and Overrides (preview) - requires AzureRM >=3.49.0
    • Fix output for definition_reference_ids and added output initiative.reference_ids
    • Prevent remediation when assignment_enforcement_mode=false by @pmatthews05 in #72
  • Bumped minimum provider version requirements
  • Improved pre-commit
  • Fixes #68
  • Fixes #71

New Contributors

Full Changelog: https://github.com/gettek/terraform-azurerm-policy-as-code/compare/2.7.2...2.8.0

terraform-azurerm-policy-as-code - 2.7.2

Published by gettek over 1 year ago

  • Fixes #66
  • Improved workflow for Machine Configurations

What's Changed

Full Changelog: https://github.com/gettek/terraform-azurerm-policy-as-code/compare/2.7.1...2.7.2

terraform-azurerm-policy-as-code - 2.7.1

Published by gettek almost 2 years ago

Fixes #62 - Role Assignment syntax was incorrect

What's Changed

Full Changelog: https://github.com/gettek/terraform-azurerm-policy-as-code/compare/2.7.0...2.7.1

terraform-azurerm-policy-as-code - 2.7.0

Published by gettek almost 2 years ago

Fixes #58 - Adds support for User Assigned Managed Identities at assignment
Fixes #59 - Syntax fix on def_assignment

What's Changed

Full Changelog: https://github.com/gettek/terraform-azurerm-policy-as-code/compare/2.6.5...2.7.0

terraform-azurerm-policy-as-code - 2.6.5

Published by gettek almost 2 years ago

Fixes #52 - initiative module now populates parameter displayName making it easier to identify definition references in the Azure Portal

What's Changed

Full Changelog: https://github.com/gettek/terraform-azurerm-policy-as-code/compare/2.6.4...2.6.5

terraform-azurerm-policy-as-code - 2.6.4

Published by gettek about 2 years ago

Better handling of empty parameters (second fix: https://github.com/gettek/terraform-azurerm-policy-as-code/issues/46)

What's Changed

Full Changelog: https://github.com/gettek/terraform-azurerm-policy-as-code/compare/2.6.3...2.6.4

terraform-azurerm-policy-as-code - 2.6.3

Published by gettek about 2 years ago

terraform-azurerm-policy-as-code - 2.6.2

Published by gettek about 2 years ago

  • Simplified examples
  • *-assignment modules:
    • Support for new remediation properties: resource_count, parallel_deployments and failure_percentage
    • Requires hashicorp/azurerm >=3.21.0
  • Scripts:
    • convert_from_tf_plan.ps1: export policies from a terraform plan output for easy library imports
    • precommit.ps1: precommit tasks that generate tf docs
  • fixes: #38 merge_parameters = false will create unique parameter references for each member definition
  • fixes: #41 (thanks to @thecomalley)
terraform-azurerm-policy-as-code - 2.6.1

Published by gettek over 2 years ago

  • definition module:
    • fixes #33: Improved lookups for multiple local definition filepaths
    • fixes #32: coalesce() did not correctly evaluate policy object metadata into local.metadata
  • initiative module:
    • fixes #20: A long awaited enhancement - new Boolean variable var.merge_effects allows member definitions to have unique "effect" parameters at assignment
  • *-assignment modules:
    • fixes #31: New variable var.assignment_metadata
  • set_assignment module:
    • fixes #29: Breaking change: var.non_compliance_message attribute changed to var.non_compliance_messages to allow both default and definition-specific messages
terraform-azurerm-policy-as-code - 2.6.0

Published by gettek over 2 years ago

  • definition module:
    • Improved attribute substitution
    • New attribute file_path for custom policies located outside the module library
  • *-assignment modules:
    • New optional attribute to specify a different remediation_scope
  • set_assignment module:
  • Removes Input variable resource_discovery_mode from azurerm_management_group_policy_remediation (see: https://github.com/hashicorp/terraform-provider-azurerm/issues/17007)
  • Improved definition and initiative metadata logic
  • Better examples and updated ReadMe's
terraform-azurerm-policy-as-code - 2.5.1

Published by gettek over 2 years ago

  • Fixes old issue where initial plan/apply of set_assignment would suffer from an Error: Invalid for_each argument. Now there is no need to run -var="skip_remediation=true" on first time plan/apply.
  • policy_definition_reference_ids are no longer md5 hashed making it easier to identify references.
terraform-azurerm-policy-as-code - 2.5.0

Published by gettek over 2 years ago

  • def_assignment & set_assignment modules now use the split remediation resources (#13) (AzureRM >=3.0.0):
    • azurerm_management_group_policy_remediation
    • azurerm_subscription_policy_remediation
    • azurerm_resource_group_policy_remediation
    • azurerm_resource_policy_remediation
  • exemption module replaces arm template deployment in favor of new provider resources (AzureRM >=3.2.0):
    • azurerm_management_group_policy_exemption
    • azurerm_subscription_policy_exemption
    • azurerm_resource_group_policy_exemption
    • azurerm_resource_policy_exemption
  • Added support for optional Non-Compliance Message at assignment
  • Changed back variable for clarity management_group => management_group_id
  • Minor updated to GitHhub Workflows and Documentation

AzureRM Provider >= 3.0.0 Upgrade Notes:

Error: no schema available for module.{assignment_name}.azurerm_policy_remediation.rem[0] while reading state; this is a bug in Terraform and should be reported

Use def_assignment and set_assignment module <=2.4.0 to safely remove all existing remediation resources before upgrading to this version. To do this simply specify skip_remediation=true.

terraform-azurerm-policy-as-code - 2.4.0

Published by gettek over 2 years ago

  • management_group_name is deprecated in favour of management_group_id
    • changed variable management_group_name => management_group
    • populate with either name or group_id attribute, but not id
    • now an optional parameter as defaults to current subscription
  • Added some variable validation for constructive error messages
terraform-azurerm-policy-as-code - 2.3.1

Published by gettek almost 3 years ago

  • Removed try {} block from policy_object local in the definition module to better present errors when definition files are not found
  • Improved Custom Guest Config Package Builds
  • Added CD Workflow for examples-guest-config
  • Added markdown_generator.ps1 script to better present local definition library
Related Projects
terraform-azurerm-avm-res-operationalinsights-workspace

Azure Log Analytics Workspace AVM Module

18 Oct 2023 11
terraform-azurerm-avm-ptn-alz

Terraform module to deploy Azure Landing Zones

14 Apr 2023 62
terraform-azurerm-application-gateway-firewall-policy

Terraform module for Microsoft Azure to manage Application Gateway Firewall Policy resource.

22 Jul 2024 0
terraform-aws-iam

Terraform module to create AWS IAM resources 🇺🇦

26 Oct 2017 785
terraform-aws-config

Enables AWS Config and adds managed config rules with good defaults.

07 Dec 2017 229
terraform-azurerm-avm-res-keyvault-vault

Azure Verified Module for Key Vault

30 Aug 2023 22
terraform-azurerm-lz-vending

Terraform module to deploy landing zone subscriptions (and much more) in Azure

25 May 2022 165