How to enable remediation for only certain policies in a custom initiative while still enabling the compliance report for all policies. #103
-
|
Thanks for the amazing module. I would like to report on non-complaince for all the policies in an initiative but would like the ability to create/recreate remediation tasks only for a select few policies. I tried with the exemption module and exempted all but a few policies. This does exempt all others except the ones i want to remediate but then it also exempts them from compliance reporting. This is what i am trying with the exemption module with skip_remedation set to false but did not work out. module "exemption_configure_initiative" { oo--- Only executing the module if there are any policies whose remediation is set to false which implies those policies need to be exempted via this exemption module. oo-- Adding the policies for exemption where remediation is set to false hoping then that the rest should have a remedation run against them |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Hi @raghuvanshir, on the assignment module you can locals {
definition_reference_ids = [
"foo",
"bar"
]
}
resource "azurerm_subscription_policy_remediation" "rem" {
for_each = toset(local.definition_reference_ids)
name = lower("${each.key}-${formatdate("DD-MM-YYYY-hh:mm:ss", timestamp())}")
subscription_id = data.azurerm_client_config.current.subscription_id
policy_assignment_id = module.set_rg_configure_diag_initiative.id
policy_definition_reference_id = each.key
resource_discovery_mode = "ReEvaluateCompliance"
}Note: the |
Beta Was this translation helpful? Give feedback.
-
|
wonderful why did I not think of that. thank you let me try it out. |
Beta Was this translation helpful? Give feedback.
Hi @raghuvanshir, on the assignment module you can
skip_remediation=true, then create a remediation task alognside the module resource, specifying the subset of references you wish to remediate: