使用TF在Azure策略中更改ASC默认PARAMETERS的正确和简便方法是什么?
例如,将Monitor SQL Encryption设置为AuditIfNotExists或Disabled以外的任何其他可用值。
答案 0 :(得分:0)
'ASC Default'是主动的,或者在TF术语中称为azurerm_policy_set_definition。您只需使用“ azurerm_policy_assignment”进行分配。
这些链接可能有帮助:
不同主动性的示例:
resource "azurerm_policy_assignment" "audit_k8s_security_restricted_standarts" {
name = "42b8ef37-b724-4e24-bbc8-7a7708edfe00"
scope = local.azure_policy_scope
policy_definition_id = "/providers/Microsoft.Authorization/policySetDefinitions/42b8ef37-b724-4e24-bbc8-7a7708edfe00"
description = "This initiative includes the policies for the Kubernetes cluster pod security restricted standards."
display_name = "Kubernetes cluster pod security restricted standards for Linux-based workloads"
identity { type = "SystemAssigned" }
location = var.primary_location
parameters = <<PARAMETERS
{
"effect": {
"value": "audit"
}
}
PARAMETERS
}
您需要放置适当的policy_definition_id并传递有效参数。从一个简单的参数开始,从TF开始存在错误。