Azure Policy Support for Definitions and Assignments
Pbolkun opened this issue · 6 comments
It would be great if we could export Azure Policy Definition and Policy Assignments. When you use the az definition show and az assignment show commands with appropriate queries you can export the definitions, but to get those into HCL can be tedious. It especially becomes a problem when you attempt to export an entire initiative definition set.
Look forward to seeing if there's any support here!
There is an option: --include-role-assignment that allows you to export role assignments directly assigned to the resources being exported.
That's fantastic to hear that role assignments are supported! When I mention Azure Policy assignments, I'm referring to a global resource that helps to enforce organizational standards and to assess compliance at-scale. Through its compliance dashboard, it provides an aggregated view to evaluate the overall state of the environment. https://learn.microsoft.com/en-us/azure/governance/policy/overview
@Pbolkun I'm sorry to mix the role vs policy..
The policy assignment/definition can be exported by the aztfexport res command, by providing the resource id.
You can get the list of those ids via az, e.g. for assignments:
az policy assignment list | jq -r '.[].id'
In order to export a bunch of assignments and definitions, you can construct a rseource map file, then fed it to aztfexport map command.
Idealy, it helps if the aztfexport res subcommand can take a list of resource ids, so that you can just list all the resource ids of the assignments and definitions. Is that something you are seeking for?