Docs
PackagesWe recommend using Azure Native.
azure.core.ResourceGroupPolicyExemption
Explore with Pulumi AI
Manages a Resource Group Policy Exemption.
Example Usage
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new()
{
Location = "westus",
});
var examplePolicyDefintion = Azure.Policy.GetPolicyDefintion.Invoke(new()
{
DisplayName = "Allowed locations",
});
var exampleResourceGroupPolicyAssignment = new Azure.Core.ResourceGroupPolicyAssignment("exampleResourceGroupPolicyAssignment", new()
{
ResourceGroupId = exampleResourceGroup.Id,
PolicyDefinitionId = examplePolicyDefintion.Apply(getPolicyDefintionResult => getPolicyDefintionResult.Id),
Parameters = exampleResourceGroup.Location.Apply(location => JsonSerializer.Serialize(new Dictionary<string, object?>
{
["listOfAllowedLocations"] = new Dictionary<string, object?>
{
["value"] = new[]
{
location,
},
},
})),
});
var exampleResourceGroupPolicyExemption = new Azure.Core.ResourceGroupPolicyExemption("exampleResourceGroupPolicyExemption", new()
{
ResourceGroupId = exampleResourceGroup.Id,
PolicyAssignmentId = exampleResourceGroupPolicyAssignment.Id,
ExemptionCategory = "Mitigated",
});
});
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/policy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
Location: pulumi.String("westus"),
})
if err != nil {
return err
}
examplePolicyDefintion, err := policy.GetPolicyDefintion(ctx, &policy.GetPolicyDefintionArgs{
DisplayName: pulumi.StringRef("Allowed locations"),
}, nil)
if err != nil {
return err
}
exampleResourceGroupPolicyAssignment, err := core.NewResourceGroupPolicyAssignment(ctx, "exampleResourceGroupPolicyAssignment", &core.ResourceGroupPolicyAssignmentArgs{
ResourceGroupId: exampleResourceGroup.ID(),
PolicyDefinitionId: *pulumi.String(examplePolicyDefintion.Id),
Parameters: exampleResourceGroup.Location.ApplyT(func(location string) (pulumi.String, error) {
var _zero pulumi.String
tmpJSON0, err := json.Marshal(map[string]interface{}{
"listOfAllowedLocations": map[string]interface{}{
"value": []string{
location,
},
},
})
if err != nil {
return _zero, err
}
json0 := string(tmpJSON0)
return pulumi.String(json0), nil
}).(pulumi.StringOutput),
})
if err != nil {
return err
}
_, err = core.NewResourceGroupPolicyExemption(ctx, "exampleResourceGroupPolicyExemption", &core.ResourceGroupPolicyExemptionArgs{
ResourceGroupId: exampleResourceGroup.ID(),
PolicyAssignmentId: exampleResourceGroupPolicyAssignment.ID(),
ExemptionCategory: pulumi.String("Mitigated"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.policy.PolicyFunctions;
import com.pulumi.azure.policy.inputs.GetPolicyDefintionArgs;
import com.pulumi.azure.core.ResourceGroupPolicyAssignment;
import com.pulumi.azure.core.ResourceGroupPolicyAssignmentArgs;
import com.pulumi.azure.core.ResourceGroupPolicyExemption;
import com.pulumi.azure.core.ResourceGroupPolicyExemptionArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
.location("westus")
.build());
final var examplePolicyDefintion = PolicyFunctions.getPolicyDefintion(GetPolicyDefintionArgs.builder()
.displayName("Allowed locations")
.build());
var exampleResourceGroupPolicyAssignment = new ResourceGroupPolicyAssignment("exampleResourceGroupPolicyAssignment", ResourceGroupPolicyAssignmentArgs.builder()
.resourceGroupId(exampleResourceGroup.id())
.policyDefinitionId(examplePolicyDefintion.applyValue(getPolicyDefintionResult -> getPolicyDefintionResult.id()))
.parameters(exampleResourceGroup.location().applyValue(location -> serializeJson(
jsonObject(
jsonProperty("listOfAllowedLocations", jsonObject(
jsonProperty("value", jsonArray(location))
))
))))
.build());
var exampleResourceGroupPolicyExemption = new ResourceGroupPolicyExemption("exampleResourceGroupPolicyExemption", ResourceGroupPolicyExemptionArgs.builder()
.resourceGroupId(exampleResourceGroup.id())
.policyAssignmentId(exampleResourceGroupPolicyAssignment.id())
.exemptionCategory("Mitigated")
.build());
}
}
import pulumi
import json
import pulumi_azure as azure
example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="westus")
example_policy_defintion = azure.policy.get_policy_defintion(display_name="Allowed locations")
example_resource_group_policy_assignment = azure.core.ResourceGroupPolicyAssignment("exampleResourceGroupPolicyAssignment",
resource_group_id=example_resource_group.id,
policy_definition_id=example_policy_defintion.id,
parameters=example_resource_group.location.apply(lambda location: json.dumps({
"listOfAllowedLocations": {
"value": [location],
},
})))
example_resource_group_policy_exemption = azure.core.ResourceGroupPolicyExemption("exampleResourceGroupPolicyExemption",
resource_group_id=example_resource_group.id,
policy_assignment_id=example_resource_group_policy_assignment.id,
exemption_category="Mitigated")
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "westus"});
const examplePolicyDefintion = azure.policy.getPolicyDefintion({
displayName: "Allowed locations",
});
const exampleResourceGroupPolicyAssignment = new azure.core.ResourceGroupPolicyAssignment("exampleResourceGroupPolicyAssignment", {
resourceGroupId: exampleResourceGroup.id,
policyDefinitionId: examplePolicyDefintion.then(examplePolicyDefintion => examplePolicyDefintion.id),
parameters: exampleResourceGroup.location.apply(location => JSON.stringify({
listOfAllowedLocations: {
value: [location],
},
})),
});
const exampleResourceGroupPolicyExemption = new azure.core.ResourceGroupPolicyExemption("exampleResourceGroupPolicyExemption", {
resourceGroupId: exampleResourceGroup.id,
policyAssignmentId: exampleResourceGroupPolicyAssignment.id,
exemptionCategory: "Mitigated",
});
resources:
exampleResourceGroup:
type: azure:core:ResourceGroup
properties:
location: westus
exampleResourceGroupPolicyAssignment:
type: azure:core:ResourceGroupPolicyAssignment
properties:
resourceGroupId: ${exampleResourceGroup.id}
policyDefinitionId: ${examplePolicyDefintion.id}
parameters:
fn::toJSON:
listOfAllowedLocations:
value:
- ${exampleResourceGroup.location}
exampleResourceGroupPolicyExemption:
type: azure:core:ResourceGroupPolicyExemption
properties:
resourceGroupId: ${exampleResourceGroup.id}
policyAssignmentId: ${exampleResourceGroupPolicyAssignment.id}
exemptionCategory: Mitigated
variables:
examplePolicyDefintion:
fn::invoke:
Function: azure:policy:getPolicyDefintion
Arguments:
displayName: Allowed locations
Create ResourceGroupPolicyExemption Resource
new ResourceGroupPolicyExemption(name: string, args: ResourceGroupPolicyExemptionArgs, opts?: CustomResourceOptions);@overload
def ResourceGroupPolicyExemption(resource_name: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
display_name: Optional[str] = None,
exemption_category: Optional[str] = None,
expires_on: Optional[str] = None,
metadata: Optional[str] = None,
name: Optional[str] = None,
policy_assignment_id: Optional[str] = None,
policy_definition_reference_ids: Optional[Sequence[str]] = None,
resource_group_id: Optional[str] = None)
@overload
def ResourceGroupPolicyExemption(resource_name: str,
args: ResourceGroupPolicyExemptionArgs,
opts: Optional[ResourceOptions] = None)func NewResourceGroupPolicyExemption(ctx *Context, name string, args ResourceGroupPolicyExemptionArgs, opts ...ResourceOption) (*ResourceGroupPolicyExemption, error)public ResourceGroupPolicyExemption(string name, ResourceGroupPolicyExemptionArgs args, CustomResourceOptions? opts = null)
public ResourceGroupPolicyExemption(String name, ResourceGroupPolicyExemptionArgs args)
public ResourceGroupPolicyExemption(String name, ResourceGroupPolicyExemptionArgs args, CustomResourceOptions options)
type: azure:core:ResourceGroupPolicyExemption
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ResourceGroupPolicyExemptionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ResourceGroupPolicyExemptionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ResourceGroupPolicyExemptionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ResourceGroupPolicyExemptionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ResourceGroupPolicyExemptionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
ResourceGroupPolicyExemption Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The ResourceGroupPolicyExemption resource accepts the following input properties:
- Exemption
Category string The category of this policy exemption. Possible values are
WaiverandMitigated.- Policy
Assignment stringId The ID of the Policy Assignment to be exempted at the specified Scope. Changing this forces a new resource to be created.
- Resource
Group stringId The Resource Group ID where the Policy Exemption should be applied. Changing this forces a new resource to be created.
- Description string
A description to use for this Policy Exemption.
- Display
Name string A friendly display name to use for this Policy Exemption.
- Expires
On string The expiration date and time in UTC ISO 8601 format of this policy exemption.
- Metadata string
The metadata for this policy exemption. This is a JSON string representing additional metadata that should be stored with the policy exemption.
- Name string
The name of the Policy Exemption. Changing this forces a new resource to be created.
- Policy
Definition List<string>Reference Ids The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
- Exemption
Category string The category of this policy exemption. Possible values are
WaiverandMitigated.- Policy
Assignment stringId The ID of the Policy Assignment to be exempted at the specified Scope. Changing this forces a new resource to be created.
- Resource
Group stringId The Resource Group ID where the Policy Exemption should be applied. Changing this forces a new resource to be created.
- Description string
A description to use for this Policy Exemption.
- Display
Name string A friendly display name to use for this Policy Exemption.
- Expires
On string The expiration date and time in UTC ISO 8601 format of this policy exemption.
- Metadata string
The metadata for this policy exemption. This is a JSON string representing additional metadata that should be stored with the policy exemption.
- Name string
The name of the Policy Exemption. Changing this forces a new resource to be created.
- Policy
Definition []stringReference Ids The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
- exemption
Category String The category of this policy exemption. Possible values are
WaiverandMitigated.- policy
Assignment StringId The ID of the Policy Assignment to be exempted at the specified Scope. Changing this forces a new resource to be created.
- resource
Group StringId The Resource Group ID where the Policy Exemption should be applied. Changing this forces a new resource to be created.
- description String
A description to use for this Policy Exemption.
- display
Name String A friendly display name to use for this Policy Exemption.
- expires
On String The expiration date and time in UTC ISO 8601 format of this policy exemption.
- metadata String
The metadata for this policy exemption. This is a JSON string representing additional metadata that should be stored with the policy exemption.
- name String
The name of the Policy Exemption. Changing this forces a new resource to be created.
- policy
Definition List<String>Reference Ids The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
- exemption
Category string The category of this policy exemption. Possible values are
WaiverandMitigated.- policy
Assignment stringId The ID of the Policy Assignment to be exempted at the specified Scope. Changing this forces a new resource to be created.
- resource
Group stringId The Resource Group ID where the Policy Exemption should be applied. Changing this forces a new resource to be created.
- description string
A description to use for this Policy Exemption.
- display
Name string A friendly display name to use for this Policy Exemption.
- expires
On string The expiration date and time in UTC ISO 8601 format of this policy exemption.
- metadata string
The metadata for this policy exemption. This is a JSON string representing additional metadata that should be stored with the policy exemption.
- name string
The name of the Policy Exemption. Changing this forces a new resource to be created.
- policy
Definition string[]Reference Ids The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
- exemption_
category str The category of this policy exemption. Possible values are
WaiverandMitigated.- policy_
assignment_ strid The ID of the Policy Assignment to be exempted at the specified Scope. Changing this forces a new resource to be created.
- resource_
group_ strid The Resource Group ID where the Policy Exemption should be applied. Changing this forces a new resource to be created.
- description str
A description to use for this Policy Exemption.
- display_
name str A friendly display name to use for this Policy Exemption.
- expires_
on str The expiration date and time in UTC ISO 8601 format of this policy exemption.
- metadata str
The metadata for this policy exemption. This is a JSON string representing additional metadata that should be stored with the policy exemption.
- name str
The name of the Policy Exemption. Changing this forces a new resource to be created.
- policy_
definition_ Sequence[str]reference_ ids The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
- exemption
Category String The category of this policy exemption. Possible values are
WaiverandMitigated.- policy
Assignment StringId The ID of the Policy Assignment to be exempted at the specified Scope. Changing this forces a new resource to be created.
- resource
Group StringId The Resource Group ID where the Policy Exemption should be applied. Changing this forces a new resource to be created.
- description String
A description to use for this Policy Exemption.
- display
Name String A friendly display name to use for this Policy Exemption.
- expires
On String The expiration date and time in UTC ISO 8601 format of this policy exemption.
- metadata String
The metadata for this policy exemption. This is a JSON string representing additional metadata that should be stored with the policy exemption.
- name String
The name of the Policy Exemption. Changing this forces a new resource to be created.
- policy
Definition List<String>Reference Ids The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
Outputs
All input properties are implicitly available as output properties. Additionally, the ResourceGroupPolicyExemption resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Id string
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
- id string
The provider-assigned unique ID for this managed resource.
- id str
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
Look up Existing ResourceGroupPolicyExemption Resource
Get an existing ResourceGroupPolicyExemption resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ResourceGroupPolicyExemptionState, opts?: CustomResourceOptions): ResourceGroupPolicyExemption@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
display_name: Optional[str] = None,
exemption_category: Optional[str] = None,
expires_on: Optional[str] = None,
metadata: Optional[str] = None,
name: Optional[str] = None,
policy_assignment_id: Optional[str] = None,
policy_definition_reference_ids: Optional[Sequence[str]] = None,
resource_group_id: Optional[str] = None) -> ResourceGroupPolicyExemptionfunc GetResourceGroupPolicyExemption(ctx *Context, name string, id IDInput, state *ResourceGroupPolicyExemptionState, opts ...ResourceOption) (*ResourceGroupPolicyExemption, error)public static ResourceGroupPolicyExemption Get(string name, Input<string> id, ResourceGroupPolicyExemptionState? state, CustomResourceOptions? opts = null)public static ResourceGroupPolicyExemption get(String name, Output<String> id, ResourceGroupPolicyExemptionState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Description string
A description to use for this Policy Exemption.
- Display
Name string A friendly display name to use for this Policy Exemption.
- Exemption
Category string The category of this policy exemption. Possible values are
WaiverandMitigated.- Expires
On string The expiration date and time in UTC ISO 8601 format of this policy exemption.
- Metadata string
The metadata for this policy exemption. This is a JSON string representing additional metadata that should be stored with the policy exemption.
- Name string
The name of the Policy Exemption. Changing this forces a new resource to be created.
- Policy
Assignment stringId The ID of the Policy Assignment to be exempted at the specified Scope. Changing this forces a new resource to be created.
- Policy
Definition List<string>Reference Ids The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
- Resource
Group stringId The Resource Group ID where the Policy Exemption should be applied. Changing this forces a new resource to be created.
- Description string
A description to use for this Policy Exemption.
- Display
Name string A friendly display name to use for this Policy Exemption.
- Exemption
Category string The category of this policy exemption. Possible values are
WaiverandMitigated.- Expires
On string The expiration date and time in UTC ISO 8601 format of this policy exemption.
- Metadata string
The metadata for this policy exemption. This is a JSON string representing additional metadata that should be stored with the policy exemption.
- Name string
The name of the Policy Exemption. Changing this forces a new resource to be created.
- Policy
Assignment stringId The ID of the Policy Assignment to be exempted at the specified Scope. Changing this forces a new resource to be created.
- Policy
Definition []stringReference Ids The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
- Resource
Group stringId The Resource Group ID where the Policy Exemption should be applied. Changing this forces a new resource to be created.
- description String
A description to use for this Policy Exemption.
- display
Name String A friendly display name to use for this Policy Exemption.
- exemption
Category String The category of this policy exemption. Possible values are
WaiverandMitigated.- expires
On String The expiration date and time in UTC ISO 8601 format of this policy exemption.
- metadata String
The metadata for this policy exemption. This is a JSON string representing additional metadata that should be stored with the policy exemption.
- name String
The name of the Policy Exemption. Changing this forces a new resource to be created.
- policy
Assignment StringId The ID of the Policy Assignment to be exempted at the specified Scope. Changing this forces a new resource to be created.
- policy
Definition List<String>Reference Ids The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
- resource
Group StringId The Resource Group ID where the Policy Exemption should be applied. Changing this forces a new resource to be created.
- description string
A description to use for this Policy Exemption.
- display
Name string A friendly display name to use for this Policy Exemption.
- exemption
Category string The category of this policy exemption. Possible values are
WaiverandMitigated.- expires
On string The expiration date and time in UTC ISO 8601 format of this policy exemption.
- metadata string
The metadata for this policy exemption. This is a JSON string representing additional metadata that should be stored with the policy exemption.
- name string
The name of the Policy Exemption. Changing this forces a new resource to be created.
- policy
Assignment stringId The ID of the Policy Assignment to be exempted at the specified Scope. Changing this forces a new resource to be created.
- policy
Definition string[]Reference Ids The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
- resource
Group stringId The Resource Group ID where the Policy Exemption should be applied. Changing this forces a new resource to be created.
- description str
A description to use for this Policy Exemption.
- display_
name str A friendly display name to use for this Policy Exemption.
- exemption_
category str The category of this policy exemption. Possible values are
WaiverandMitigated.- expires_
on str The expiration date and time in UTC ISO 8601 format of this policy exemption.
- metadata str
The metadata for this policy exemption. This is a JSON string representing additional metadata that should be stored with the policy exemption.
- name str
The name of the Policy Exemption. Changing this forces a new resource to be created.
- policy_
assignment_ strid The ID of the Policy Assignment to be exempted at the specified Scope. Changing this forces a new resource to be created.
- policy_
definition_ Sequence[str]reference_ ids The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
- resource_
group_ strid The Resource Group ID where the Policy Exemption should be applied. Changing this forces a new resource to be created.
- description String
A description to use for this Policy Exemption.
- display
Name String A friendly display name to use for this Policy Exemption.
- exemption
Category String The category of this policy exemption. Possible values are
WaiverandMitigated.- expires
On String The expiration date and time in UTC ISO 8601 format of this policy exemption.
- metadata String
The metadata for this policy exemption. This is a JSON string representing additional metadata that should be stored with the policy exemption.
- name String
The name of the Policy Exemption. Changing this forces a new resource to be created.
- policy
Assignment StringId The ID of the Policy Assignment to be exempted at the specified Scope. Changing this forces a new resource to be created.
- policy
Definition List<String>Reference Ids The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
- resource
Group StringId The Resource Group ID where the Policy Exemption should be applied. Changing this forces a new resource to be created.
Import
Policy Exemptions can be imported using the resource id, e.g.
$ pulumi import azure:core/resourceGroupPolicyExemption:ResourceGroupPolicyExemption exemption1 /subscriptions/00000000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.Authorization/policyExemptions/exemption1
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
azurermTerraform Provider.