Skip to content

Instantly share code, notes, and snippets.

🕶️
ansible all -m ping

Jesse Loudon jesseloudon

🕶️
ansible all -m ping
View GitHub Profile
@jesseloudon
jesseloudon / AzurePolicyRootModuleExample.tf
Created Jun 29, 2020
The parent module calls all child modules and it's where we define input variables if required by a child module.
View AzurePolicyRootModuleExample.tf
module "policy_assignments" {
source = "./modules/policy-assignments"
tag_governance_policyset_id = "${module.policyset_definitions.tag_governance_policyset_id}"
iam_governance_policyset_id = "${module.policyset_definitions.iam_governance_policyset_id}"
security_governance_policyset_id = "${module.policyset_definitions.security_governance_policyset_id}"
data_protection_governance_policyset_id = "${module.policyset_definitions.data_protection_governance_policyset_id}"
}
@jesseloudon
jesseloudon / AzurePolicySetResource_withDataSource.tf
Created Jun 26, 2020
Reference each policydefinitionId from the data source using ${data.dataSource.dataSourceName.*.id[X]}
View AzurePolicySetResource_withDataSource.tf
resource "azurerm_policy_set_definition" "security_governance" {
name = "security_governance"
policy_type = "Custom"
display_name = "Security Governance"
description = "Contains common Security Governance policies"
metadata = <<METADATA
{
"category": "${var.policyset_definition_category}"
@jesseloudon
jesseloudon / AzurePolicyDataSource.tf
Created Jun 26, 2020
Define a data source to azurerm_policy_definition
View AzurePolicyDataSource.tf
data "azurerm_policy_definition" "security_policyset_definitions" {
count = length(var.security_policyset_definitions)
display_name = var.security_policyset_definitions[count.index]
}
@jesseloudon
jesseloudon / AzurePolicySetVariables.tf
Created Jun 26, 2020
Define a variable list containing the display names of existing built-in policy definitions that you want to include in a policyset.
View AzurePolicySetVariables.tf
variable "security_policyset_definitions" {
type = list
description = "List of policy definitions (display names) for the security_governance policyset"
default = [
"Internet-facing virtual machines should be protected with network security groups",
"Subnets should be associated with a Network Security Group",
"Gateway subnets should not be configured with a network security group",
"Storage accounts should restrict network access",
"Secure transfer to storage accounts should be enabled",
"Access through Internet facing endpoint should be restricted",
@jesseloudon
jesseloudon / AzurePolicyVariableMapping.tf
Created Jun 26, 2020
Map each input variable to the output variable using inputVariableName = "${module.moduleName.outputVariableName[X]}"
View AzurePolicyVariableMapping.tf
module "policyset_definitions" {
source = "./modules/policyset-definitions"
addTagToRG_policy_id_0 = "${module.policy_definitions.addTagToRG_policy_ids[0]}"
addTagToRG_policy_id_1 = "${module.policy_definitions.addTagToRG_policy_ids[1]}"
addTagToRG_policy_id_2 = "${module.policy_definitions.addTagToRG_policy_ids[2]}"
addTagToRG_policy_id_3 = "${module.policy_definitions.addTagToRG_policy_ids[3]}"
addTagToRG_policy_id_4 = "${module.policy_definitions.addTagToRG_policy_ids[4]}"
addTagToRG_policy_id_5 = "${module.policy_definitions.addTagToRG_policy_ids[5]}"
}
@jesseloudon
jesseloudon / AzurePolicySetResource.tf
Created Jun 26, 2020
For each policy definition id reference each input variable created above using ${var.variableName}
View AzurePolicySetResource.tf
resource "azurerm_policy_set_definition" "tag_governance" {
name = "tag_governance"
policy_type = "Custom"
display_name = "Tag Governance"
description = "Contains common Tag Governance policies"
metadata = <<METADATA
{
"category": "${var.policyset_definition_category}"
}
METADATA
@jesseloudon
jesseloudon / AzurePolicyInputVariable.tf
Last active Jun 26, 2020
Define an input variable e.g. addTagToRG_policy_id_0 for each policy definition resource created by the policy definition resource block that uses count.
View AzurePolicyInputVariable.tf
variable "addTagToRG_policy_id_0" {
type = string
description = "The policy definition id '0' from the 'addTagToRG_policy_ids' output"
}
variable "addTagToRG_policy_id_1" {
type = string
description = "The policy definition id '1' from the 'addTagToRG_policy_ids' output"
}
@jesseloudon
jesseloudon / AzurePolicyOutputVariable.tf
Created Jun 26, 2020
All resources created by a resource block that uses count = length(var.variableName) can be referenced using ${resourceProvider.resourceType.resourceName.*.output}.
View AzurePolicyOutputVariable.tf
output "addTagToRG_policy_ids" {
value = "${azurerm_policy_definition.addTagToRG.*.id}"
description = "The policy definition ids for addTagToRG policies"
}
@jesseloudon
jesseloudon / AzurePolicyResource2.tf
Created Jun 26, 2020
Reference your variable list values using ${var.variableName[count.index]}.
View AzurePolicyResource2.tf
name = "addTagToRG_${var.mandatory_tag_keys[count.index]}"
policy_type = "Custom"
mode = "All"
display_name = "Add tag ${var.mandatory_tag_keys[count.index]} to resource group"
description = "Adds the mandatory tag key ${var.mandatory_tag_keys[count.index]} when any resource group missing this tag is created or updated. \nExisting resource groups can be remediated by triggering a remediation task.\nIf the tag exists with a different value it will not be changed."
metadata = <<METADATA
{
"category": "${var.policy_definition_category}",
"version" : "1.0.0"
}
@jesseloudon
jesseloudon / AzurePolicyResource1.tf
Created Jun 26, 2020
Reference your variable list using count = length(var.variableName)
View AzurePolicyResource1.tf
resource "azurerm_policy_definition" "addTagToRG" {
count = length(var.mandatory_tag_keys)
You can’t perform that action at this time.