az policy set-definition
Manage resource policy set definitions.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az policy set-definition create |
Create a policy set definition. |
Core | GA |
| az policy set-definition delete |
Delete a policy set definition. |
Core | GA |
| az policy set-definition list |
List policy set definitions. |
Core | GA |
| az policy set-definition show |
Show a policy set definition. |
Core | GA |
| az policy set-definition update |
Update a policy set definition. |
Core | GA |
az policy set-definition create
Create a policy set definition.
az policy set-definition create --definitions
--name
[--definition-groups]
[--description]
[--display-name]
[--management-group]
[--metadata]
[--params]
[--subscription]Examples
Create a policy set definition.
az policy set-definition create -n readOnlyStorage \
--definitions '[ { \"policyDefinitionId\": \"/subscriptions/mySubId/providers/ \
Microsoft.Authorization/policyDefinitions/storagePolicy\" } ]'Create a policy set definition with parameters.
az policy set-definition create -n readOnlyStorage \
--definitions "[ { \"policyDefinitionId\": \"/subscriptions/mySubId/providers/ \
Microsoft.Authorization/policyDefinitions/storagePolicy\", \"parameters\": \
{ \"storageSku\": { \"value\": \"[parameters(\\"requiredSku\\")]\" } } }]" \
--params "{ \"requiredSku\": { \"type\": \"String\" } }"Create a policy set definition in a subscription.
az policy set-definition create -n readOnlyStorage \
--subscription '0b1f6471-1bf0-4dda-aec3-111122223333' \
--definitions '[ { \"policyDefinitionId\": \"/subscriptions/ \
0b1f6471-1bf0-4dda-aec3-111122223333/providers/Microsoft.Authorization/ \
policyDefinitions/storagePolicy\" } ]'Create a policy set definition with policy definition groups.
az policy set-definition create -n computeRequirements \
--definitions "[ { \"policyDefinitionId \": \"/subscriptions/mySubId/providers/ \
Microsoft.Authorization/policyDefinitions/storagePolicy\", \"groupNames\": \
[ \"CostSaving\", \"Organizational\" ] }, { \"policyDefinitionId\": \
\"/subscriptions/mySubId/providers/Microsoft.Authorization/ \
policyDefinitions/tagPolicy\", \"groupNames\": [ \
\"Organizational\" ] } ]" \
--definition-groups "[{ \"name\": \"CostSaving\" }, { \"name\": \"Organizational\" } ]"Required Parameters
Policy definitions in JSON format, or a path to a file or URI containing JSON rules.
Name of the new policy set definition.
Optional Parameters
JSON formatted string or a path to a file or uri containing policy definition groups. Groups are used to organize policy definitions within a policy set.
Description of policy set definition.
Display name of policy set definition.
Name of management group the new policy set definition can be assigned in.
Metadata in space-separated key=value pairs.
JSON formatted string or a path to a file or uri with parameter definitions.
Name or id of the subscription the new policy set definition can be assigned in.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az policy set-definition delete
Delete a policy set definition.
az policy set-definition delete --name
[--management-group]
[--subscription]Examples
Delete a policy set definition. (autogenerated)
az policy set-definition delete --management-group myMg --name MyPolicySetDefinitionRequired Parameters
The policy set definition name.
Optional Parameters
The name of the management group of the policy [set] definition. This parameter is required if your policy set is scoped to a management group.
The subscription id of the policy [set] definition.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az policy set-definition list
List policy set definitions.
az policy set-definition list [--management-group]
[--subscription]Optional Parameters
The name of the management group of the policy [set] definition. This parameter is required if your policy set is scoped to a management group.
The subscription id of the policy [set] definition.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az policy set-definition show
Show a policy set definition.
az policy set-definition show --name
[--management-group]
[--subscription]Examples
Show a policy set definition. If the policy set is scoped to a management group, then you must include the `--management-group` parameter and value.
az policy set-definition show --name MyPolicySetDefinition --management-group MyManagementGroupRequired Parameters
The policy set definition name.
Optional Parameters
The name of the management group of the policy [set] definition. This parameter is required if your policy set is scoped to a management group.
The subscription id of the policy [set] definition.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az policy set-definition update
Update a policy set definition.
az policy set-definition update --name
[--definition-groups]
[--definitions]
[--description]
[--display-name]
[--management-group]
[--metadata]
[--params]
[--subscription]Examples
Update a policy set definition.
az policy set-definition update \
--definitions '[ { \"policyDefinitionId\": \"/subscriptions/mySubId/providers/ \
Microsoft.Authorization/policyDefinitions/storagePolicy\" } ]' \
--name MyPolicySetDefinitionUpdate the groups and definitions within a policy set definition.
az policy set-definition update -n computeRequirements \
--definitions "[ { \"policyDefinitionId\": \"/subscriptions/mySubId/providers/ \
Microsoft.Authorization/policyDefinitions/storagePolicy\", \"groupNames\": [ \
\"CostSaving\", \"Organizational\" ] }, { \"policyDefinitionId\": \
\"/subscriptions/mySubId/providers/Microsoft.Authorization/ \
policyDefinitions/tagPolicy\", \
\"groupNames\": [ \"Organizational\" ] } ]" \
--definition-groups "[{ \"name\": \"CostSaving\" }, { \"name\": \"Organizational\" } ]"Required Parameters
The policy set definition name.
Optional Parameters
JSON formatted string or a path to a file or uri containing policy definition groups. Groups are used to organize policy definitions within a policy set.
JSON formatted string or a path to a file or uri containing definitions.
Description of policy set definition.
Display name of policy set definition.
The name of the management group of the policy [set] definition. This parameter is required if your policy set is scoped to a management group.
Metadata in space-separated key=value pairs.
JSON formatted string or a path to a file or uri with parameter definitions.
The subscription id of the policy [set] definition.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
