英文:
how to use azurerm_subscription_policy_remediation with existing policy
问题
我在将策略作为数据块读取以纠正策略时遇到了问题。
错误出现在 scope_id 部分。我使用了 azurerm_resouce_group.id,但它显示:“策略分配名称:“Test-Inherit-RequiredTag-IheritedTag”未找到”。
我尝试使用订阅 ID,然后它要求添加“/subscriptions/”,所以我添加了它。现在它显示“格式错误或无效”。
我还尝试过:
scope_id = "/subscriptions/00000000-0000-0000-0000-00000000000/providers/microsoft.authorization/policyassignments/test-inherit-requiredtag-iheritedtag"
对于 scope_id,预期是什么?
data "azurerm_policy_assignment" "policy_assignment1" {
name = "Test-Inherit-RequiredTag-InheritedTag"
scope_id = "/subscriptions/${var.subscription_id}"
}
resource "azurerm_subscription_policy_remediation" "remediation1" {
name = "remediation1-inherit-tag"
subscription_id = var.subscription_id
policy_assignment_id = data.azurerm_policy_assignment.policy_assignment1.id
}
英文:
I'm having trouble reading in a policy as a data block to remediate the policy.
The error is with the scope_id. I have used a azurerm_resouce_group.id, but it says
"Policy Assignment Name: "Test-Inherit-RequiredTag-IheritedTag" was not found"
I'm trying with the subscription Id , which it then said it expected "/subscriptions/" so I added that. Now it is "malformed or invalid."
I have also tried
scope_id = "/subscriptions/00000000-0000-0000-0000-00000000000/providers/microsoft.authorization/policyassignments/test-inherit-requiredtag-iheritedtag"
What is expected for the scope_id ?
data "azurerm_policy_assignment" "policy_assignment1" {
name = "Test-Inherit-RequiredTag-InheritedTag"
scope_id = "/subscriptions/${var.subscription_id}"
}
resource "azurerm_subscription_policy_remediation" "remediation1" {
name = "remediation1-inherit-tag"
subscription_id = var.subscription_id
policy_assignment_id = data.azurerm_policy_assignment.policy_assignment1.id
}
答案1
得分: 4
> 我尝试使用 azurerm_subscription_policy_remediation 与我的现有策略,并成功执行了 terrafrom_plan 和 terraform_apply 命令。
我参考了这个 官方 Terraform 豁免文件 和 官方 Terraform 补救文件 中的代码,并做了相应修改。
问题中提到的模块。
data "azurerm_policy_assignment" "policy_assignment1" {
name = "Test-Inherit-RequiredTag-InheritedTag"
scope_id = "/subscriptions/${var.subscription_id}"
}
对我也没有起作用,所以我根据需求修改了模块,最终能够产生你想要的输出。
我的 main.tf 代码:
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "=3.59.0"
}
}
}
provider "azurerm" {
features {}
}
data "azurerm_subscription" "example" {}
data "azurerm_policy_set_definition" "example" {
display_name = "Audit machines with insecure password security settings"
}
resource "azurerm_subscription_policy_assignment" "example" {
name = "exampleAssignment"
subscription_id = data.azurerm_subscription.example.id
policy_definition_id = data.azurerm_policy_set_definition.example.id
location = "westus"
identity {
type = "SystemAssigned"
}
}
resource "azurerm_subscription_policy_remediation" "example" {
name = "example"
subscription_id = data.azurerm_subscription.example.id
policy_assignment_id = azurerm_subscription_policy_assignment.example.id
}
输出:
执行 terrafrom_plan 时
执行 terraform_apply 时
通过使用脚本,我成功执行了所有 Terraform 步骤并获得了所需的输出。
英文:
> I tried to use azurerm_subscription_policy_remediation with my existing policy and I was successfully executed the terrafrom_plan & terraform_apply commands.
I have referred the code from this official Terraform exemption document & [official Terraform remediation document] and modified it accordingly.
The module mentioned in the question.
data "azurerm_policy_assignment" "policy_assignment1" {
name = "Test-Inherit-RequiredTag-InheritedTag"
scope_id = "/subscriptions/${var.subscription_id}"
}
It was not worked for me as well, so I ended up modifying the modules as per the requirement and able to produce the output you're looking for.
My main.tf code:-
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "=3.59.0"
}
}
}
provider "azurerm" {
features {}
}
data "azurerm_subscription" "example" {}
data "azurerm_policy_set_definition" "example" {
display_name = "Audit machines with insecure password security settings"
}
resource "azurerm_subscription_policy_assignment" "example" {
name = "exampleAssignment"
subscription_id = data.azurerm_subscription.example.id
policy_definition_id = data.azurerm_policy_set_definition.example.id
location = "westus"
identity {
type = "SystemAssigned"
}
}
resource "azurerm_subscription_policy_remediation" "example" {
name = "example"
subscription_id = data.azurerm_subscription.example.id
policy_assignment_id = azurerm_subscription_policy_assignment.example.id
}
Output:
While executing terrafrom_plan
While executing terraform_apply
By using the script, I was successfully performed all terraform steps and the desired output.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论