0

I am trying to manage policies at management level in Azure. I found a template that crates a management group, sets policy and assigns the policy to the management group. Issue is when i created a management group with it, I couldnt destroy with "terraform destroy". So now i want to write a code that references an existing management group and set new policies and assignment.

This is the code i found.

data "azurerm_client_config" "config" {}
data "azurerm_subscrition" "sub" {}
resource "azurerm_management_group" "group1" {
  name             = "MyManagementGroup"
  subscription_ids = [
    "00000000-0000-0000-0000-000000000000",
    "11111111-1111-1111-1111-111111111111",
    "22222222-2222-2222-2222-222222222222",
  ]
}
resource "azurerm_role_definition" "roledefinition1" {
  role_definition_id = "00000000-0000-0000-0000-000000000000"
  name               = "Role Definition"
  scope              = "${azurerm_management_group.group1.id}"
  description        = "Custom role"
  permissions {
    actions     = ["*"]
    not_actions = []
  }
  assignable_scopes = [
    "${data.azurerm_subscription.sub.id}", 
  ]
}
resource "azurerm_role_assignment" "roleassignment1" {
  scope                = "${azurerm_management_group.group1.id}"
  role_definition_name = "${azurerm_role_definition.roledefinition1.name}"
  principal_id         = "${data.azurerm_client_config.config.service_principal_object_id}"
}
resource "azurerm_policy_definition" "policy" {
  name         = "TestPolicy"
  policy_type  = "Custom"
  display_name = "Test policy definition"
  scope        = "${azurerm_management_group.group1.id}"
  policy_rule  = <<POLICY_RULE
    {
    "if": {
      "true"
    },
    "then": {
      "effect": "audit"
    }
  }
POLICY_RULE
}
resource "azurerm_policy_assignment" "test" {
  name                 = "example-policy-assignment"
  scope                = "${azurerm_management_group.group1.id}"
  policy_definition_id = "${azurerm_policy_definition.policy.id}"
  description          = "Policy Assignment"
  display_name         = "Test Policy Assignment"
Maku Niyi
  • 1
  • Welcome to Stack Overflow! Can you be more specific about the actual issues you're facing? What have you tried? Also, if possible, try to reduce your code to the minimum required to reproduce the issue. – Dan Mar 25 '20 at 16:25
  • Hii @Maku Niyi...I was facing a problem that might be thought to be a spin-off of the instance you've quoted here, I just wanted to ask you, as you mention "scope" in azurerm_policy_definition does it not throw an unexpected keyword declaration error ? – Swarnabja Bhaumik Jan 13 '21 at 20:52

0 Answers0