Code Monkey home page Code Monkey logo

terraform-azurerm-disallow-ragrs-policy's Introduction

terraform-azurerm-disallow-ragrs-policy

This Terraform module creates an Azure policy definition that disallows the creation of storage accounts with the Standard_RAGRS sku type unless they have the appropriate exemption tag. The policy definition can be assigned to a management group or subscription. Current exemption tag is "Exempt: Disallow Standard_RAGRS".

https://rudycorradetti.com/2023/05/12/terraform-azurerm-disallow-ragrs-policy-a-terraform-module-to-prevent-or-audit-the-creation-of-standard_ragrs-storage-accounts/

Inputs

Name Description Type Default Required
policy_definition_name The name of the policy definition. string "Disallow Standard_RAGRS Storage Account Type" no
policy_display_name The display name of the policy definition. string "Disallow Standard_RAGRS Storage Account Type" no
policy_description The description of the policy definition. string "This policy definition denies the creation of Standard_RAGRS storage accounts unless they have the tag - Exempt: Disallow Standard_RAGRS" no
management_group_id The ID of the management group where the policy definition should be created. string "/providers/Microsoft.Management/managementGroups/Your_Management_Group_ID yes
policy_exempt_tag The tag to be used for exemptions. If a storage account has this tag, it won't be audited by the policy. string "Exempt: Disallow Standard_RAGRS" no
policy_effect The effect of the policy. Choose between 'auditIfNotExists' and 'deny'. string "auditIfNotExists" no

Outputs

There are no outputs for this module.

Usage

# Deploy policy definition in deny mode
module "disallow_ragrs_policy" {
  source  = "./terraform-azurerm-disallow-ragrs-policy"
  # version = "1.0.0"
  # policy effect - default is auditIfNotExists. Comment out the line below to use the default value.
  policy_effect = "deny"
  # management_group_id = "/providers/Microsoft.Management/managementGroups/Your_Management_Group_ID"
}

# Assign the policy to the management group
resource "azurerm_management_group_policy_assignment" "disallow_ra_grs_storage_assignment" {
  name               = "Deny Standard_RAGRS"
  management_group_id = "/providers/Microsoft.Management/managementGroups/Your_Management_Group_ID"
  # Acquired after deploying the policy definition
  policy_definition_id = "/providers/Microsoft.Management/managementGroups/Your_Management_Group_ID/providers/Microsoft.Authorization/policyDefinitions/Disallow Standard_RAGRS Storage Account Type"
}

terraform-azurerm-disallow-ragrs-policy's People

Contributors

rcfromcle avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.