Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Bicep resource definition
The remediations resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.PolicyInsights/remediations resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.PolicyInsights/remediations@2018-07-01-preview' = {
scope: resourceSymbolicName or scope
name: 'string'
properties: {
deploymentStatus: {
failedDeployments: int
successfulDeployments: int
totalDeployments: int
}
filters: {
locations: [
'string'
]
}
policyAssignmentId: 'string'
policyDefinitionReferenceId: 'string'
}
}
Property Values
Microsoft.PolicyInsights/remediations
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) |
| properties | Properties for the remediation. | RemediationProperties |
| scope | Use when creating a resource at a scope that is different than the deployment scope. | Set this property to the symbolic name of a resource to apply the extension resource. |
RemediationDeploymentSummary
| Name | Description | Value |
|---|---|---|
| failedDeployments | The number of deployments required by the remediation that have failed. | int |
| successfulDeployments | The number of deployments required by the remediation that have succeeded. | int |
| totalDeployments | The number of deployments required by the remediation. | int |
RemediationFilters
| Name | Description | Value |
|---|---|---|
| locations | The resource locations that will be remediated. | string[] |
RemediationProperties
| Name | Description | Value |
|---|---|---|
| deploymentStatus | The deployment status summary for all deployments created by the remediation. | RemediationDeploymentSummary |
| filters | The filters that will be applied to determine which resources to remediate. | RemediationFilters |
| policyAssignmentId | The resource ID of the policy assignment that should be remediated. | string |
| policyDefinitionReferenceId | The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition. | string |
ARM template resource definition
The remediations resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.PolicyInsights/remediations resource, add the following JSON to your template.
{
"type": "Microsoft.PolicyInsights/remediations",
"apiVersion": "2018-07-01-preview",
"name": "string",
"properties": {
"deploymentStatus": {
"failedDeployments": "int",
"successfulDeployments": "int",
"totalDeployments": "int"
},
"filters": {
"locations": [ "string" ]
},
"policyAssignmentId": "string",
"policyDefinitionReferenceId": "string"
}
}
Property Values
Microsoft.PolicyInsights/remediations
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2018-07-01-preview' |
| name | The resource name | string (required) |
| properties | Properties for the remediation. | RemediationProperties |
| type | The resource type | 'Microsoft.PolicyInsights/remediations' |
RemediationDeploymentSummary
| Name | Description | Value |
|---|---|---|
| failedDeployments | The number of deployments required by the remediation that have failed. | int |
| successfulDeployments | The number of deployments required by the remediation that have succeeded. | int |
| totalDeployments | The number of deployments required by the remediation. | int |
RemediationFilters
| Name | Description | Value |
|---|---|---|
| locations | The resource locations that will be remediated. | string[] |
RemediationProperties
| Name | Description | Value |
|---|---|---|
| deploymentStatus | The deployment status summary for all deployments created by the remediation. | RemediationDeploymentSummary |
| filters | The filters that will be applied to determine which resources to remediate. | RemediationFilters |
| policyAssignmentId | The resource ID of the policy assignment that should be remediated. | string |
| policyDefinitionReferenceId | The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition. | string |
Usage Examples
Terraform (AzAPI provider) resource definition
The remediations resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.PolicyInsights/remediations resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.PolicyInsights/remediations@2018-07-01-preview"
name = "string"
parent_id = "string"
body = {
properties = {
deploymentStatus = {
failedDeployments = int
successfulDeployments = int
totalDeployments = int
}
filters = {
locations = [
"string"
]
}
policyAssignmentId = "string"
policyDefinitionReferenceId = "string"
}
}
}
Property Values
Microsoft.PolicyInsights/remediations
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) |
| parent_id | The ID of the resource to apply this extension resource to. | string (required) |
| properties | Properties for the remediation. | RemediationProperties |
| type | The resource type | "Microsoft.PolicyInsights/remediations@2018-07-01-preview" |
RemediationDeploymentSummary
| Name | Description | Value |
|---|---|---|
| failedDeployments | The number of deployments required by the remediation that have failed. | int |
| successfulDeployments | The number of deployments required by the remediation that have succeeded. | int |
| totalDeployments | The number of deployments required by the remediation. | int |
RemediationFilters
| Name | Description | Value |
|---|---|---|
| locations | The resource locations that will be remediated. | string[] |
RemediationProperties
| Name | Description | Value |
|---|---|---|
| deploymentStatus | The deployment status summary for all deployments created by the remediation. | RemediationDeploymentSummary |
| filters | The filters that will be applied to determine which resources to remediate. | RemediationFilters |
| policyAssignmentId | The resource ID of the policy assignment that should be remediated. | string |
| policyDefinitionReferenceId | The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition. | string |
Usage Examples
Terraform Samples
A basic example of deploying Azure Policy Remediation.
terraform {
required_providers {
azapi = {
source = "Azure/azapi"
}
azurerm = {
source = "hashicorp/azurerm"
}
}
}
provider "azurerm" {
features {
}
}
provider "azapi" {
skip_provider_registration = false
}
variable "resource_name" {
type = string
default = "acctest0001"
}
variable "location" {
type = string
default = "eastus"
}
data "azurerm_client_config" "current" {
}
data "azapi_resource" "subscription" {
type = "Microsoft.Resources/subscriptions@2021-01-01"
resource_id = "/subscriptions/${data.azurerm_client_config.current.subscription_id}"
response_export_values = ["*"]
}
resource "azapi_resource" "policyAssignment" {
type = "Microsoft.Authorization/policyAssignments@2022-06-01"
parent_id = data.azapi_resource.subscription.id
name = var.resource_name
body = {
properties = {
displayName = ""
enforcementMode = "Default"
parameters = {
listOfAllowedLocations = {
value = [
"West Europe",
"West US 2",
"East US 2",
]
}
}
policyDefinitionId = "/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c"
scope = data.azapi_resource.subscription.id
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
resource "azapi_resource" "remediation" {
type = "Microsoft.PolicyInsights/remediations@2021-10-01"
parent_id = data.azapi_resource.subscription.id
name = var.resource_name
body = {
properties = {
filters = {
locations = [
]
}
policyAssignmentId = azapi_resource.policyAssignment.id
policyDefinitionReferenceId = ""
resourceDiscoveryMode = "ExistingNonCompliant"
}
}
schema_validation_enabled = false
ignore_casing = true
response_export_values = ["*"]
}