We recommend using Azure Native.
Viewing docs for Azure v4.42.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
We recommend using Azure Native.
Viewing docs for Azure v4.42.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
Manages the Security Center Assessment for Azure Security Center.
Example Usage
using System.IO;
using Pulumi;
using Azure = Pulumi.Azure;
class MyStack : Stack
{
public MyStack()
{
var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new Azure.Core.ResourceGroupArgs
{
Location = "West Europe",
});
var exampleVirtualNetwork = new Azure.Network.VirtualNetwork("exampleVirtualNetwork", new Azure.Network.VirtualNetworkArgs
{
ResourceGroupName = exampleResourceGroup.Name,
Location = exampleResourceGroup.Location,
AddressSpaces =
{
"10.0.0.0/16",
},
});
var @internal = new Azure.Network.Subnet("internal", new Azure.Network.SubnetArgs
{
ResourceGroupName = exampleResourceGroup.Name,
VirtualNetworkName = exampleVirtualNetwork.Name,
AddressPrefixes =
{
"10.0.2.0/24",
},
});
var exampleLinuxVirtualMachineScaleSet = new Azure.Compute.LinuxVirtualMachineScaleSet("exampleLinuxVirtualMachineScaleSet", new Azure.Compute.LinuxVirtualMachineScaleSetArgs
{
ResourceGroupName = exampleResourceGroup.Name,
Location = exampleResourceGroup.Location,
Sku = "Standard_F2",
Instances = 1,
AdminUsername = "adminuser",
AdminSshKeys =
{
new Azure.Compute.Inputs.LinuxVirtualMachineScaleSetAdminSshKeyArgs
{
Username = "adminuser",
PublicKey = File.ReadAllText("~/.ssh/id_rsa.pub"),
},
},
SourceImageReference = new Azure.Compute.Inputs.LinuxVirtualMachineScaleSetSourceImageReferenceArgs
{
Publisher = "Canonical",
Offer = "UbuntuServer",
Sku = "16.04-LTS",
Version = "latest",
},
OsDisk = new Azure.Compute.Inputs.LinuxVirtualMachineScaleSetOsDiskArgs
{
StorageAccountType = "Standard_LRS",
Caching = "ReadWrite",
},
NetworkInterfaces =
{
new Azure.Compute.Inputs.LinuxVirtualMachineScaleSetNetworkInterfaceArgs
{
Name = "example",
Primary = true,
IpConfigurations =
{
new Azure.Compute.Inputs.LinuxVirtualMachineScaleSetNetworkInterfaceIpConfigurationArgs
{
Name = "internal",
Primary = true,
SubnetId = @internal.Id,
},
},
},
},
});
var exampleAssessmentPolicy = new Azure.SecurityCenter.AssessmentPolicy("exampleAssessmentPolicy", new Azure.SecurityCenter.AssessmentPolicyArgs
{
DisplayName = "Test Display Name",
Severity = "Medium",
Description = "Test Description",
});
var exampleAssessment = new Azure.SecurityCenter.Assessment("exampleAssessment", new Azure.SecurityCenter.AssessmentArgs
{
AssessmentPolicyId = exampleAssessmentPolicy.Id,
TargetResourceId = exampleLinuxVirtualMachineScaleSet.Id,
Status = new Azure.SecurityCenter.Inputs.AssessmentStatusArgs
{
Code = "Healthy",
},
});
}
}
package main
import (
"io/ioutil"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/compute"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/network"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/securitycenter"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func readFileOrPanic(path string) pulumi.StringPtrInput {
data, err := ioutil.ReadFile(path)
if err != nil {
panic(err.Error())
}
return pulumi.String(string(data))
}
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleVirtualNetwork, err := network.NewVirtualNetwork(ctx, "exampleVirtualNetwork", &network.VirtualNetworkArgs{
ResourceGroupName: exampleResourceGroup.Name,
Location: exampleResourceGroup.Location,
AddressSpaces: pulumi.StringArray{
pulumi.String("10.0.0.0/16"),
},
})
if err != nil {
return err
}
internal, err := network.NewSubnet(ctx, "internal", &network.SubnetArgs{
ResourceGroupName: exampleResourceGroup.Name,
VirtualNetworkName: exampleVirtualNetwork.Name,
AddressPrefixes: pulumi.StringArray{
pulumi.String("10.0.2.0/24"),
},
})
if err != nil {
return err
}
exampleLinuxVirtualMachineScaleSet, err := compute.NewLinuxVirtualMachineScaleSet(ctx, "exampleLinuxVirtualMachineScaleSet", &compute.LinuxVirtualMachineScaleSetArgs{
ResourceGroupName: exampleResourceGroup.Name,
Location: exampleResourceGroup.Location,
Sku: pulumi.String("Standard_F2"),
Instances: pulumi.Int(1),
AdminUsername: pulumi.String("adminuser"),
AdminSshKeys: compute.LinuxVirtualMachineScaleSetAdminSshKeyArray{
&compute.LinuxVirtualMachineScaleSetAdminSshKeyArgs{
Username: pulumi.String("adminuser"),
PublicKey: readFileOrPanic("~/.ssh/id_rsa.pub"),
},
},
SourceImageReference: &compute.LinuxVirtualMachineScaleSetSourceImageReferenceArgs{
Publisher: pulumi.String("Canonical"),
Offer: pulumi.String("UbuntuServer"),
Sku: pulumi.String("16.04-LTS"),
Version: pulumi.String("latest"),
},
OsDisk: &compute.LinuxVirtualMachineScaleSetOsDiskArgs{
StorageAccountType: pulumi.String("Standard_LRS"),
Caching: pulumi.String("ReadWrite"),
},
NetworkInterfaces: compute.LinuxVirtualMachineScaleSetNetworkInterfaceArray{
&compute.LinuxVirtualMachineScaleSetNetworkInterfaceArgs{
Name: pulumi.String("example"),
Primary: pulumi.Bool(true),
IpConfigurations: compute.LinuxVirtualMachineScaleSetNetworkInterfaceIpConfigurationArray{
&compute.LinuxVirtualMachineScaleSetNetworkInterfaceIpConfigurationArgs{
Name: pulumi.String("internal"),
Primary: pulumi.Bool(true),
SubnetId: internal.ID(),
},
},
},
},
})
if err != nil {
return err
}
exampleAssessmentPolicy, err := securitycenter.NewAssessmentPolicy(ctx, "exampleAssessmentPolicy", &securitycenter.AssessmentPolicyArgs{
DisplayName: pulumi.String("Test Display Name"),
Severity: pulumi.String("Medium"),
Description: pulumi.String("Test Description"),
})
if err != nil {
return err
}
_, err = securitycenter.NewAssessment(ctx, "exampleAssessment", &securitycenter.AssessmentArgs{
AssessmentPolicyId: exampleAssessmentPolicy.ID(),
TargetResourceId: exampleLinuxVirtualMachineScaleSet.ID(),
Status: &securitycenter.AssessmentStatusArgs{
Code: pulumi.String("Healthy"),
},
})
if err != nil {
return err
}
return nil
})
}
Example coming soon!
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
import * from "fs";
const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West Europe"});
const exampleVirtualNetwork = new azure.network.VirtualNetwork("exampleVirtualNetwork", {
resourceGroupName: exampleResourceGroup.name,
location: exampleResourceGroup.location,
addressSpaces: ["10.0.0.0/16"],
});
const internal = new azure.network.Subnet("internal", {
resourceGroupName: exampleResourceGroup.name,
virtualNetworkName: exampleVirtualNetwork.name,
addressPrefixes: ["10.0.2.0/24"],
});
const exampleLinuxVirtualMachineScaleSet = new azure.compute.LinuxVirtualMachineScaleSet("exampleLinuxVirtualMachineScaleSet", {
resourceGroupName: exampleResourceGroup.name,
location: exampleResourceGroup.location,
sku: "Standard_F2",
instances: 1,
adminUsername: "adminuser",
adminSshKeys: [{
username: "adminuser",
publicKey: fs.readFileSync("~/.ssh/id_rsa.pub"),
}],
sourceImageReference: {
publisher: "Canonical",
offer: "UbuntuServer",
sku: "16.04-LTS",
version: "latest",
},
osDisk: {
storageAccountType: "Standard_LRS",
caching: "ReadWrite",
},
networkInterfaces: [{
name: "example",
primary: true,
ipConfigurations: [{
name: "internal",
primary: true,
subnetId: internal.id,
}],
}],
});
const exampleAssessmentPolicy = new azure.securitycenter.AssessmentPolicy("exampleAssessmentPolicy", {
displayName: "Test Display Name",
severity: "Medium",
description: "Test Description",
});
const exampleAssessment = new azure.securitycenter.Assessment("exampleAssessment", {
assessmentPolicyId: exampleAssessmentPolicy.id,
targetResourceId: exampleLinuxVirtualMachineScaleSet.id,
status: {
code: "Healthy",
},
});
import pulumi
import pulumi_azure as azure
example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West Europe")
example_virtual_network = azure.network.VirtualNetwork("exampleVirtualNetwork",
resource_group_name=example_resource_group.name,
location=example_resource_group.location,
address_spaces=["10.0.0.0/16"])
internal = azure.network.Subnet("internal",
resource_group_name=example_resource_group.name,
virtual_network_name=example_virtual_network.name,
address_prefixes=["10.0.2.0/24"])
example_linux_virtual_machine_scale_set = azure.compute.LinuxVirtualMachineScaleSet("exampleLinuxVirtualMachineScaleSet",
resource_group_name=example_resource_group.name,
location=example_resource_group.location,
sku="Standard_F2",
instances=1,
admin_username="adminuser",
admin_ssh_keys=[azure.compute.LinuxVirtualMachineScaleSetAdminSshKeyArgs(
username="adminuser",
public_key=(lambda path: open(path).read())("~/.ssh/id_rsa.pub"),
)],
source_image_reference=azure.compute.LinuxVirtualMachineScaleSetSourceImageReferenceArgs(
publisher="Canonical",
offer="UbuntuServer",
sku="16.04-LTS",
version="latest",
),
os_disk=azure.compute.LinuxVirtualMachineScaleSetOsDiskArgs(
storage_account_type="Standard_LRS",
caching="ReadWrite",
),
network_interfaces=[azure.compute.LinuxVirtualMachineScaleSetNetworkInterfaceArgs(
name="example",
primary=True,
ip_configurations=[azure.compute.LinuxVirtualMachineScaleSetNetworkInterfaceIpConfigurationArgs(
name="internal",
primary=True,
subnet_id=internal.id,
)],
)])
example_assessment_policy = azure.securitycenter.AssessmentPolicy("exampleAssessmentPolicy",
display_name="Test Display Name",
severity="Medium",
description="Test Description")
example_assessment = azure.securitycenter.Assessment("exampleAssessment",
assessment_policy_id=example_assessment_policy.id,
target_resource_id=example_linux_virtual_machine_scale_set.id,
status=azure.securitycenter.AssessmentStatusArgs(
code="Healthy",
))
Example coming soon!
Create Assessment Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Assessment(name: string, args: AssessmentArgs, opts?: CustomResourceOptions);@overload
def Assessment(resource_name: str,
args: AssessmentArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Assessment(resource_name: str,
opts: Optional[ResourceOptions] = None,
assessment_policy_id: Optional[str] = None,
status: Optional[AssessmentStatusArgs] = None,
target_resource_id: Optional[str] = None,
additional_data: Optional[Mapping[str, str]] = None)func NewAssessment(ctx *Context, name string, args AssessmentArgs, opts ...ResourceOption) (*Assessment, error)public Assessment(string name, AssessmentArgs args, CustomResourceOptions? opts = null)
public Assessment(String name, AssessmentArgs args)
public Assessment(String name, AssessmentArgs args, CustomResourceOptions options)
type: azure:securitycenter:Assessment
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AssessmentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AssessmentArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AssessmentArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AssessmentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AssessmentArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var assessmentResource = new Azure.SecurityCenter.Assessment("assessmentResource", new()
{
AssessmentPolicyId = "string",
Status = new Azure.SecurityCenter.Inputs.AssessmentStatusArgs
{
Code = "string",
Cause = "string",
Description = "string",
},
TargetResourceId = "string",
AdditionalData =
{
{ "string", "string" },
},
});
example, err := securitycenter.NewAssessment(ctx, "assessmentResource", &securitycenter.AssessmentArgs{
AssessmentPolicyId: pulumi.String("string"),
Status: &securitycenter.AssessmentStatusArgs{
Code: pulumi.String("string"),
Cause: pulumi.String("string"),
Description: pulumi.String("string"),
},
TargetResourceId: pulumi.String("string"),
AdditionalData: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var assessmentResource = new Assessment("assessmentResource", AssessmentArgs.builder()
.assessmentPolicyId("string")
.status(AssessmentStatusArgs.builder()
.code("string")
.cause("string")
.description("string")
.build())
.targetResourceId("string")
.additionalData(Map.of("string", "string"))
.build());
assessment_resource = azure.securitycenter.Assessment("assessmentResource",
assessment_policy_id="string",
status={
"code": "string",
"cause": "string",
"description": "string",
},
target_resource_id="string",
additional_data={
"string": "string",
})
const assessmentResource = new azure.securitycenter.Assessment("assessmentResource", {
assessmentPolicyId: "string",
status: {
code: "string",
cause: "string",
description: "string",
},
targetResourceId: "string",
additionalData: {
string: "string",
},
});
type: azure:securitycenter:Assessment
properties:
additionalData:
string: string
assessmentPolicyId: string
status:
cause: string
code: string
description: string
targetResourceId: string
Assessment Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Assessment resource accepts the following input properties:
- Assessment
Policy stringId - The ID of the security Assessment policy to apply to this resource. Changing this forces a new security Assessment to be created.
- Status
Assessment
Status - A
statusblock as defined below. - Target
Resource stringId - The ID of the target resource. Changing this forces a new security Assessment to be created.
- Additional
Data Dictionary<string, string> - A map of additional data to associate with the assessment.
- Assessment
Policy stringId - The ID of the security Assessment policy to apply to this resource. Changing this forces a new security Assessment to be created.
- Status
Assessment
Status Args - A
statusblock as defined below. - Target
Resource stringId - The ID of the target resource. Changing this forces a new security Assessment to be created.
- Additional
Data map[string]string - A map of additional data to associate with the assessment.
- assessment
Policy StringId - The ID of the security Assessment policy to apply to this resource. Changing this forces a new security Assessment to be created.
- status
Assessment
Status - A
statusblock as defined below. - target
Resource StringId - The ID of the target resource. Changing this forces a new security Assessment to be created.
- additional
Data Map<String,String> - A map of additional data to associate with the assessment.
- assessment
Policy stringId - The ID of the security Assessment policy to apply to this resource. Changing this forces a new security Assessment to be created.
- status
Assessment
Status - A
statusblock as defined below. - target
Resource stringId - The ID of the target resource. Changing this forces a new security Assessment to be created.
- additional
Data {[key: string]: string} - A map of additional data to associate with the assessment.
- assessment_
policy_ strid - The ID of the security Assessment policy to apply to this resource. Changing this forces a new security Assessment to be created.
- status
Assessment
Status Args - A
statusblock as defined below. - target_
resource_ strid - The ID of the target resource. Changing this forces a new security Assessment to be created.
- additional_
data Mapping[str, str] - A map of additional data to associate with the assessment.
- assessment
Policy StringId - The ID of the security Assessment policy to apply to this resource. Changing this forces a new security Assessment to be created.
- status Property Map
- A
statusblock as defined below. - target
Resource StringId - The ID of the target resource. Changing this forces a new security Assessment to be created.
- additional
Data Map<String> - A map of additional data to associate with the assessment.
Outputs
All input properties are implicitly available as output properties. Additionally, the Assessment resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Assessment Resource
Get an existing Assessment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AssessmentState, opts?: CustomResourceOptions): Assessment@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
additional_data: Optional[Mapping[str, str]] = None,
assessment_policy_id: Optional[str] = None,
status: Optional[AssessmentStatusArgs] = None,
target_resource_id: Optional[str] = None) -> Assessmentfunc GetAssessment(ctx *Context, name string, id IDInput, state *AssessmentState, opts ...ResourceOption) (*Assessment, error)public static Assessment Get(string name, Input<string> id, AssessmentState? state, CustomResourceOptions? opts = null)public static Assessment get(String name, Output<String> id, AssessmentState state, CustomResourceOptions options)resources: _: type: azure:securitycenter:Assessment get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Additional
Data Dictionary<string, string> - A map of additional data to associate with the assessment.
- Assessment
Policy stringId - The ID of the security Assessment policy to apply to this resource. Changing this forces a new security Assessment to be created.
- Status
Assessment
Status - A
statusblock as defined below. - Target
Resource stringId - The ID of the target resource. Changing this forces a new security Assessment to be created.
- Additional
Data map[string]string - A map of additional data to associate with the assessment.
- Assessment
Policy stringId - The ID of the security Assessment policy to apply to this resource. Changing this forces a new security Assessment to be created.
- Status
Assessment
Status Args - A
statusblock as defined below. - Target
Resource stringId - The ID of the target resource. Changing this forces a new security Assessment to be created.
- additional
Data Map<String,String> - A map of additional data to associate with the assessment.
- assessment
Policy StringId - The ID of the security Assessment policy to apply to this resource. Changing this forces a new security Assessment to be created.
- status
Assessment
Status - A
statusblock as defined below. - target
Resource StringId - The ID of the target resource. Changing this forces a new security Assessment to be created.
- additional
Data {[key: string]: string} - A map of additional data to associate with the assessment.
- assessment
Policy stringId - The ID of the security Assessment policy to apply to this resource. Changing this forces a new security Assessment to be created.
- status
Assessment
Status - A
statusblock as defined below. - target
Resource stringId - The ID of the target resource. Changing this forces a new security Assessment to be created.
- additional_
data Mapping[str, str] - A map of additional data to associate with the assessment.
- assessment_
policy_ strid - The ID of the security Assessment policy to apply to this resource. Changing this forces a new security Assessment to be created.
- status
Assessment
Status Args - A
statusblock as defined below. - target_
resource_ strid - The ID of the target resource. Changing this forces a new security Assessment to be created.
- additional
Data Map<String> - A map of additional data to associate with the assessment.
- assessment
Policy StringId - The ID of the security Assessment policy to apply to this resource. Changing this forces a new security Assessment to be created.
- status Property Map
- A
statusblock as defined below. - target
Resource StringId - The ID of the target resource. Changing this forces a new security Assessment to be created.
Supporting Types
AssessmentStatus, AssessmentStatusArgs
- Code string
- Specifies the programmatic code of the assessment status. Possible values are
Healthy,UnhealthyandNotApplicable. - Cause string
- Specifies the cause of the assessment status.
- Description string
- Specifies the human readable description of the assessment status.
- Code string
- Specifies the programmatic code of the assessment status. Possible values are
Healthy,UnhealthyandNotApplicable. - Cause string
- Specifies the cause of the assessment status.
- Description string
- Specifies the human readable description of the assessment status.
- code String
- Specifies the programmatic code of the assessment status. Possible values are
Healthy,UnhealthyandNotApplicable. - cause String
- Specifies the cause of the assessment status.
- description String
- Specifies the human readable description of the assessment status.
- code string
- Specifies the programmatic code of the assessment status. Possible values are
Healthy,UnhealthyandNotApplicable. - cause string
- Specifies the cause of the assessment status.
- description string
- Specifies the human readable description of the assessment status.
- code str
- Specifies the programmatic code of the assessment status. Possible values are
Healthy,UnhealthyandNotApplicable. - cause str
- Specifies the cause of the assessment status.
- description str
- Specifies the human readable description of the assessment status.
- code String
- Specifies the programmatic code of the assessment status. Possible values are
Healthy,UnhealthyandNotApplicable. - cause String
- Specifies the cause of the assessment status.
- description String
- Specifies the human readable description of the assessment status.
Import
Security Assessment can be imported using the resource id, e.g.
$ pulumi import azure:securitycenter/assessment:Assessment example /subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/resGroup1/providers/Microsoft.Compute/virtualMachineScaleSets/vmss1/providers/Microsoft.Security/assessments/00000000-0000-0000-0000-000000000000
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurermTerraform Provider.
We recommend using Azure Native.
Viewing docs for Azure v4.42.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
