We recommend using Azure Native.
Viewing docs for Azure v4.42.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
We recommend using Azure Native.
Viewing docs for Azure v4.42.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
Manages an Azure Policy Remediation at the specified Scope.
Example Usage
using Pulumi;
using Azure = Pulumi.Azure;
class MyStack : Stack
{
public MyStack()
{
var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new Azure.Core.ResourceGroupArgs
{
Location = "West Europe",
});
var exampleDefinition = new Azure.Policy.Definition("exampleDefinition", new Azure.Policy.DefinitionArgs
{
PolicyType = "Custom",
Mode = "All",
DisplayName = "my-policy-definition",
PolicyRule = @" {
""if"": {
""not"": {
""field"": ""location"",
""in"": ""[parameters('allowedLocations')]""
}
},
""then"": {
""effect"": ""audit""
}
}
",
Parameters = @" {
""allowedLocations"": {
""type"": ""Array"",
""metadata"": {
""description"": ""The list of allowed locations for resources."",
""displayName"": ""Allowed locations"",
""strongType"": ""location""
}
}
}
",
});
var exampleAssignment = new Azure.Policy.Assignment("exampleAssignment", new Azure.Policy.AssignmentArgs
{
Scope = exampleResourceGroup.Id,
PolicyDefinitionId = exampleDefinition.Id,
Description = "Policy Assignment created via an Acceptance Test",
DisplayName = "My Example Policy Assignment",
Parameters = @"{
""allowedLocations"": {
""value"": [ ""West Europe"" ]
}
}
",
});
var exampleRemediation = new Azure.Policy.Remediation("exampleRemediation", new Azure.Policy.RemediationArgs
{
Scope = exampleAssignment.Scope,
PolicyAssignmentId = exampleAssignment.Id,
LocationFilters =
{
"West Europe",
},
});
}
}
package main
import (
"fmt"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/policy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleDefinition, err := policy.NewDefinition(ctx, "exampleDefinition", &policy.DefinitionArgs{
PolicyType: pulumi.String("Custom"),
Mode: pulumi.String("All"),
DisplayName: pulumi.String("my-policy-definition"),
PolicyRule: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v", " {\n", " \"if\": {\n", " \"not\": {\n", " \"field\": \"location\",\n", " \"in\": \"[parameters('allowedLocations')]\"\n", " }\n", " },\n", " \"then\": {\n", " \"effect\": \"audit\"\n", " }\n", " }\n")),
Parameters: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v", " {\n", " \"allowedLocations\": {\n", " \"type\": \"Array\",\n", " \"metadata\": {\n", " \"description\": \"The list of allowed locations for resources.\",\n", " \"displayName\": \"Allowed locations\",\n", " \"strongType\": \"location\"\n", " }\n", " }\n", " }\n")),
})
if err != nil {
return err
}
exampleAssignment, err := policy.NewAssignment(ctx, "exampleAssignment", &policy.AssignmentArgs{
Scope: exampleResourceGroup.ID(),
PolicyDefinitionId: exampleDefinition.ID(),
Description: pulumi.String("Policy Assignment created via an Acceptance Test"),
DisplayName: pulumi.String("My Example Policy Assignment"),
Parameters: pulumi.String(fmt.Sprintf("%v%v%v%v%v", "{\n", " \"allowedLocations\": {\n", " \"value\": [ \"West Europe\" ]\n", " }\n", "}\n")),
})
if err != nil {
return err
}
_, err = policy.NewRemediation(ctx, "exampleRemediation", &policy.RemediationArgs{
Scope: exampleAssignment.Scope,
PolicyAssignmentId: exampleAssignment.ID(),
LocationFilters: pulumi.StringArray{
pulumi.String("West Europe"),
},
})
if err != nil {
return err
}
return nil
})
}
Example coming soon!
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West Europe"});
const exampleDefinition = new azure.policy.Definition("exampleDefinition", {
policyType: "Custom",
mode: "All",
displayName: "my-policy-definition",
policyRule: ` {
"if": {
"not": {
"field": "location",
"in": "[parameters('allowedLocations')]"
}
},
"then": {
"effect": "audit"
}
}
`,
parameters: ` {
"allowedLocations": {
"type": "Array",
"metadata": {
"description": "The list of allowed locations for resources.",
"displayName": "Allowed locations",
"strongType": "location"
}
}
}
`,
});
const exampleAssignment = new azure.policy.Assignment("exampleAssignment", {
scope: exampleResourceGroup.id,
policyDefinitionId: exampleDefinition.id,
description: "Policy Assignment created via an Acceptance Test",
displayName: "My Example Policy Assignment",
parameters: `{
"allowedLocations": {
"value": [ "West Europe" ]
}
}
`,
});
const exampleRemediation = new azure.policy.Remediation("exampleRemediation", {
scope: exampleAssignment.scope,
policyAssignmentId: exampleAssignment.id,
locationFilters: ["West Europe"],
});
import pulumi
import pulumi_azure as azure
example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West Europe")
example_definition = azure.policy.Definition("exampleDefinition",
policy_type="Custom",
mode="All",
display_name="my-policy-definition",
policy_rule=""" {
"if": {
"not": {
"field": "location",
"in": "[parameters('allowedLocations')]"
}
},
"then": {
"effect": "audit"
}
}
""",
parameters=""" {
"allowedLocations": {
"type": "Array",
"metadata": {
"description": "The list of allowed locations for resources.",
"displayName": "Allowed locations",
"strongType": "location"
}
}
}
""")
example_assignment = azure.policy.Assignment("exampleAssignment",
scope=example_resource_group.id,
policy_definition_id=example_definition.id,
description="Policy Assignment created via an Acceptance Test",
display_name="My Example Policy Assignment",
parameters="""{
"allowedLocations": {
"value": [ "West Europe" ]
}
}
""")
example_remediation = azure.policy.Remediation("exampleRemediation",
scope=example_assignment.scope,
policy_assignment_id=example_assignment.id,
location_filters=["West Europe"])
Example coming soon!
Create Remediation Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Remediation(name: string, args: RemediationArgs, opts?: CustomResourceOptions);@overload
def Remediation(resource_name: str,
args: RemediationArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Remediation(resource_name: str,
opts: Optional[ResourceOptions] = None,
policy_assignment_id: Optional[str] = None,
scope: Optional[str] = None,
location_filters: Optional[Sequence[str]] = None,
name: Optional[str] = None,
policy_definition_reference_id: Optional[str] = None,
resource_discovery_mode: Optional[str] = None)func NewRemediation(ctx *Context, name string, args RemediationArgs, opts ...ResourceOption) (*Remediation, error)public Remediation(string name, RemediationArgs args, CustomResourceOptions? opts = null)
public Remediation(String name, RemediationArgs args)
public Remediation(String name, RemediationArgs args, CustomResourceOptions options)
type: azure:policy:Remediation
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args RemediationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RemediationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RemediationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RemediationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RemediationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var remediationResource = new Azure.Policy.Remediation("remediationResource", new()
{
PolicyAssignmentId = "string",
Scope = "string",
LocationFilters = new[]
{
"string",
},
Name = "string",
PolicyDefinitionReferenceId = "string",
ResourceDiscoveryMode = "string",
});
example, err := policy.NewRemediation(ctx, "remediationResource", &policy.RemediationArgs{
PolicyAssignmentId: pulumi.String("string"),
Scope: pulumi.String("string"),
LocationFilters: pulumi.StringArray{
pulumi.String("string"),
},
Name: pulumi.String("string"),
PolicyDefinitionReferenceId: pulumi.String("string"),
ResourceDiscoveryMode: pulumi.String("string"),
})
var remediationResource = new Remediation("remediationResource", RemediationArgs.builder()
.policyAssignmentId("string")
.scope("string")
.locationFilters("string")
.name("string")
.policyDefinitionReferenceId("string")
.resourceDiscoveryMode("string")
.build());
remediation_resource = azure.policy.Remediation("remediationResource",
policy_assignment_id="string",
scope="string",
location_filters=["string"],
name="string",
policy_definition_reference_id="string",
resource_discovery_mode="string")
const remediationResource = new azure.policy.Remediation("remediationResource", {
policyAssignmentId: "string",
scope: "string",
locationFilters: ["string"],
name: "string",
policyDefinitionReferenceId: "string",
resourceDiscoveryMode: "string",
});
type: azure:policy:Remediation
properties:
locationFilters:
- string
name: string
policyAssignmentId: string
policyDefinitionReferenceId: string
resourceDiscoveryMode: string
scope: string
Remediation Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Remediation resource accepts the following input properties:
- Policy
Assignment stringId - The ID of the Policy Assignment that should be remediated.
- Scope string
- The Scope at which the Policy Remediation should be applied. Changing this forces a new resource to be created. A scope must be a Resource ID out of one of the following list:
- Location
Filters List<string> - A list of the resource locations that will be remediated.
- Name string
- The name of the Policy Remediation. Changing this forces a new resource to be created.
- Policy
Definition stringReference Id - The unique ID for the policy definition within the policy set definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition.
- Resource
Discovery stringMode - The way that resources to remediate are discovered. Possible values are
ExistingNonCompliant,ReEvaluateCompliance. Defaults toExistingNonCompliant.
- Policy
Assignment stringId - The ID of the Policy Assignment that should be remediated.
- Scope string
- The Scope at which the Policy Remediation should be applied. Changing this forces a new resource to be created. A scope must be a Resource ID out of one of the following list:
- Location
Filters []string - A list of the resource locations that will be remediated.
- Name string
- The name of the Policy Remediation. Changing this forces a new resource to be created.
- Policy
Definition stringReference Id - The unique ID for the policy definition within the policy set definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition.
- Resource
Discovery stringMode - The way that resources to remediate are discovered. Possible values are
ExistingNonCompliant,ReEvaluateCompliance. Defaults toExistingNonCompliant.
- policy
Assignment StringId - The ID of the Policy Assignment that should be remediated.
- scope String
- The Scope at which the Policy Remediation should be applied. Changing this forces a new resource to be created. A scope must be a Resource ID out of one of the following list:
- location
Filters List<String> - A list of the resource locations that will be remediated.
- name String
- The name of the Policy Remediation. Changing this forces a new resource to be created.
- policy
Definition StringReference Id - The unique ID for the policy definition within the policy set definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition.
- resource
Discovery StringMode - The way that resources to remediate are discovered. Possible values are
ExistingNonCompliant,ReEvaluateCompliance. Defaults toExistingNonCompliant.
- policy
Assignment stringId - The ID of the Policy Assignment that should be remediated.
- scope string
- The Scope at which the Policy Remediation should be applied. Changing this forces a new resource to be created. A scope must be a Resource ID out of one of the following list:
- location
Filters string[] - A list of the resource locations that will be remediated.
- name string
- The name of the Policy Remediation. Changing this forces a new resource to be created.
- policy
Definition stringReference Id - The unique ID for the policy definition within the policy set definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition.
- resource
Discovery stringMode - The way that resources to remediate are discovered. Possible values are
ExistingNonCompliant,ReEvaluateCompliance. Defaults toExistingNonCompliant.
- policy_
assignment_ strid - The ID of the Policy Assignment that should be remediated.
- scope str
- The Scope at which the Policy Remediation should be applied. Changing this forces a new resource to be created. A scope must be a Resource ID out of one of the following list:
- location_
filters Sequence[str] - A list of the resource locations that will be remediated.
- name str
- The name of the Policy Remediation. Changing this forces a new resource to be created.
- policy_
definition_ strreference_ id - The unique ID for the policy definition within the policy set definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition.
- resource_
discovery_ strmode - The way that resources to remediate are discovered. Possible values are
ExistingNonCompliant,ReEvaluateCompliance. Defaults toExistingNonCompliant.
- policy
Assignment StringId - The ID of the Policy Assignment that should be remediated.
- scope String
- The Scope at which the Policy Remediation should be applied. Changing this forces a new resource to be created. A scope must be a Resource ID out of one of the following list:
- location
Filters List<String> - A list of the resource locations that will be remediated.
- name String
- The name of the Policy Remediation. Changing this forces a new resource to be created.
- policy
Definition StringReference Id - The unique ID for the policy definition within the policy set definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition.
- resource
Discovery StringMode - The way that resources to remediate are discovered. Possible values are
ExistingNonCompliant,ReEvaluateCompliance. Defaults toExistingNonCompliant.
Outputs
All input properties are implicitly available as output properties. Additionally, the Remediation resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Remediation Resource
Get an existing Remediation resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RemediationState, opts?: CustomResourceOptions): Remediation@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
location_filters: Optional[Sequence[str]] = None,
name: Optional[str] = None,
policy_assignment_id: Optional[str] = None,
policy_definition_reference_id: Optional[str] = None,
resource_discovery_mode: Optional[str] = None,
scope: Optional[str] = None) -> Remediationfunc GetRemediation(ctx *Context, name string, id IDInput, state *RemediationState, opts ...ResourceOption) (*Remediation, error)public static Remediation Get(string name, Input<string> id, RemediationState? state, CustomResourceOptions? opts = null)public static Remediation get(String name, Output<String> id, RemediationState state, CustomResourceOptions options)resources: _: type: azure:policy:Remediation get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Location
Filters List<string> - A list of the resource locations that will be remediated.
- Name string
- The name of the Policy Remediation. Changing this forces a new resource to be created.
- Policy
Assignment stringId - The ID of the Policy Assignment that should be remediated.
- Policy
Definition stringReference Id - The unique ID for the policy definition within the policy set definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition.
- Resource
Discovery stringMode - The way that resources to remediate are discovered. Possible values are
ExistingNonCompliant,ReEvaluateCompliance. Defaults toExistingNonCompliant. - Scope string
- The Scope at which the Policy Remediation should be applied. Changing this forces a new resource to be created. A scope must be a Resource ID out of one of the following list:
- Location
Filters []string - A list of the resource locations that will be remediated.
- Name string
- The name of the Policy Remediation. Changing this forces a new resource to be created.
- Policy
Assignment stringId - The ID of the Policy Assignment that should be remediated.
- Policy
Definition stringReference Id - The unique ID for the policy definition within the policy set definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition.
- Resource
Discovery stringMode - The way that resources to remediate are discovered. Possible values are
ExistingNonCompliant,ReEvaluateCompliance. Defaults toExistingNonCompliant. - Scope string
- The Scope at which the Policy Remediation should be applied. Changing this forces a new resource to be created. A scope must be a Resource ID out of one of the following list:
- location
Filters List<String> - A list of the resource locations that will be remediated.
- name String
- The name of the Policy Remediation. Changing this forces a new resource to be created.
- policy
Assignment StringId - The ID of the Policy Assignment that should be remediated.
- policy
Definition StringReference Id - The unique ID for the policy definition within the policy set definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition.
- resource
Discovery StringMode - The way that resources to remediate are discovered. Possible values are
ExistingNonCompliant,ReEvaluateCompliance. Defaults toExistingNonCompliant. - scope String
- The Scope at which the Policy Remediation should be applied. Changing this forces a new resource to be created. A scope must be a Resource ID out of one of the following list:
- location
Filters string[] - A list of the resource locations that will be remediated.
- name string
- The name of the Policy Remediation. Changing this forces a new resource to be created.
- policy
Assignment stringId - The ID of the Policy Assignment that should be remediated.
- policy
Definition stringReference Id - The unique ID for the policy definition within the policy set definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition.
- resource
Discovery stringMode - The way that resources to remediate are discovered. Possible values are
ExistingNonCompliant,ReEvaluateCompliance. Defaults toExistingNonCompliant. - scope string
- The Scope at which the Policy Remediation should be applied. Changing this forces a new resource to be created. A scope must be a Resource ID out of one of the following list:
- location_
filters Sequence[str] - A list of the resource locations that will be remediated.
- name str
- The name of the Policy Remediation. Changing this forces a new resource to be created.
- policy_
assignment_ strid - The ID of the Policy Assignment that should be remediated.
- policy_
definition_ strreference_ id - The unique ID for the policy definition within the policy set definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition.
- resource_
discovery_ strmode - The way that resources to remediate are discovered. Possible values are
ExistingNonCompliant,ReEvaluateCompliance. Defaults toExistingNonCompliant. - scope str
- The Scope at which the Policy Remediation should be applied. Changing this forces a new resource to be created. A scope must be a Resource ID out of one of the following list:
- location
Filters List<String> - A list of the resource locations that will be remediated.
- name String
- The name of the Policy Remediation. Changing this forces a new resource to be created.
- policy
Assignment StringId - The ID of the Policy Assignment that should be remediated.
- policy
Definition StringReference Id - The unique ID for the policy definition within the policy set definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition.
- resource
Discovery StringMode - The way that resources to remediate are discovered. Possible values are
ExistingNonCompliant,ReEvaluateCompliance. Defaults toExistingNonCompliant. - scope String
- The Scope at which the Policy Remediation should be applied. Changing this forces a new resource to be created. A scope must be a Resource ID out of one of the following list:
Import
Policy Remediations can be imported using the resource id, e.g.
$ pulumi import azure:policy/remediation:Remediation example /subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.PolicyInsights/remediations/remediation1
or
$ pulumi import azure:policy/remediation:Remediation example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.PolicyInsights/remediations/remediation1
or
$ pulumi import azure:policy/remediation:Remediation example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Compute/virtualMachines/vm1/providers/Microsoft.PolicyInsights/remediations/remediation1
or
$ pulumi import azure:policy/remediation:Remediation example /providers/Microsoft.Management/managementGroups/my-mgmt-group-id/providers/Microsoft.PolicyInsights/remediations/remediation1
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurermTerraform Provider.
We recommend using Azure Native.
Viewing docs for Azure v4.42.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
