Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
ARM Template - Policy Definition with input parameters
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"roleDefinitionIds": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Authorization/policyDefinitions",
"name": "allowed-role-definitions-def",
"apiVersion": "2018-03-01",
"properties": {
"policyType": "Custom",
"displayName": "Allowed Role Definitions",
"description": "This policy defines a white list of role deifnitions that can be used in IAM",
"mode": "all",
"parameters": {
"roleDefinitionIds": {
"type": "array",
"metadata": {
"description": "The list of role definition Ids",
"displayName": "Approved Role Definitions"
}
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Authorization/roleAssignments"
},
{
"not": {
"field": "Microsoft.Authorization/roleAssignments/roleDefinitionId",
"in": "[parameters('roleDefinitionIds')]"
}
}
]
},
"then": {
"effect": "deny"
}
}
}
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.