Terraform:使用 for_each 创建多个 Azure 策略?
[英]Terraform : Create multiple Azure Policies using for_each?
问题描述
我想创建多个 Azure 策略,我不想一个接一个地创建策略。 我想使用 for_each 来定义多个 Azure 策略。 我该怎么做呢?
例如,我有以下 Azure 单独定义的策略,应该使用 for_each 或以任何其他更好的方式创建,如 powershell https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/azure-enterprise-政策即代码新方法/ba-p/3607843
// Deny creation of resource groups missing certain tags
resource "azurerm_policy_definition" "require-tag-owner-on-rg" {
name = "require-tag-owner-on-rg"
policy_type = "Custom"
mode = "All"
display_name = "Require tag 'owner' on resource group"
management_group_name = var.management-group-name
metadata = <<METADATA
{
"version": "1.0.0",
"category": "Custom"
}
METADATA
policy_rule = <<POLICY_RULE
{
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Resources/subscriptions/resourceGroups"
},
{
"field": "tags['owner']",
"exists": "false"
}
]
},
"then": {
"effect": "deny"
}
}
POLICY_RULE
}
// Deny creation of resource except in EastUS
resource "azurerm_policy_definition" "only-deploy-in-eastus" {
name = "only-deploy-in-eastus"
policy_type = "Custom"
mode = "All"
display_name = "only-deploy-in-eastus"
management_group_id = data.azurerm_management_group.parent-mg.id
policy_rule = <<POLICY_RULE
{
"if": {
"not": {
"field": "location",
"equals": "eastus"
}
},
"then": {
"effect": "Deny"
}
}
POLICY_RULE
}
1 个解决方案
解决方案1
0 2022-12-27 12:34:02
我尝试使用“for_each”为您的代码在 terraform 环境中创建定义策略,详情如下。
terraform{
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.37.0"
}
}
}
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "RG" {
name = "example"
location = "EastUS"
}
resource "azurerm_policy_definition" "policy" {
for_each = {
policy1 = "Create"
policy2 = "Use"
policy3 = "New"
}
name = each.key
policy_type = "Custom"
mode = "All"
display_name = each.value
metadata = <<METADATA
{
"version": "1.0.0",
"category": "Custom"
}
METADATA
policy_rule = <<POLICY_RULE
{
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Resources/subscriptions/resourceGroups"
},
{
"field": "tags['xxxxx']",
"exists": "false"
}
]
},
"then": {
"effect": "deny"
}
}
POLICY_RULE
}
terraform init :
terraform plan
terraform apply :
部署后在门户中创建:
Terraform:使用带参数的多个自定义 Azure 策略创建 Azure Policy 计划
[英]Terraform: Create an Azure Policy Initiative with multiple custom Azure Policies with Parameters
在 Terraform 中使用 for_each 创建多个子网时出现问题
[英]Issue while creating multiple subnets using for_each in Terraform
如何为 Azure 可用性集中的虚拟机数量创建 Terraform for_each 循环
[英]how to create a Terraform for_each loop for number of virtual machines in Azure availability set
无法将公共 IP 附加到 Azure windows VM(使用 for_each 创建)在 Z303E90ZBC7280F80AE757636
[英]Unable to attach Public IP to Azure windows VM (created using for_each) in Terraform
Terraform 来自多个模块输出的 NSG 规则,带有 for_each
[英]Terraform NSG rules from multiple module outputs with for_each
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
通过 Terraform 使用 For_Each 循环创建 Azure VM
Terraform:在模块中使用 for_each
Terraform:使用带参数的多个自定义 Azure 策略创建 Azure Policy 计划
在 Terraform 中使用 for_each 创建多个子网时出现问题
在 terraform 的 for_each 中添加多个变量类型?
如何在 terraform 中使用 for_each double?
如何为 Azure 可用性集中的虚拟机数量创建 Terraform for_each 循环
无法将公共 IP 附加到 Azure windows VM(使用 for_each 创建)在 Z303E90ZBC7280F80AE757636
使用 for_each 时从 Terraform 创建库存文件
Terraform 来自多个模块输出的 NSG 规则,带有 for_each
相关标签