New-AzPolicyDefinition
Creates or updates a policy definition.
Syntax
New-AzPolicyDefinition
-Name <String>
-Policy <String>
[-DisplayName <String>]
[-Description <String>]
[-Metadata <String>]
[-Parameter <String>]
[-Mode <String>]
[-BackwardCompatible]
[-DefaultProfile <PSObject>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
New-AzPolicyDefinition
-Name <String>
-ManagementGroupName <String>
-Policy <String>
[-DisplayName <String>]
[-Description <String>]
[-Metadata <String>]
[-Parameter <String>]
[-Mode <String>]
[-BackwardCompatible]
[-DefaultProfile <PSObject>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
New-AzPolicyDefinition
-Name <String>
-SubscriptionId <String>
-Policy <String>
[-DisplayName <String>]
[-Description <String>]
[-Metadata <String>]
[-Parameter <String>]
[-Mode <String>]
[-BackwardCompatible]
[-DefaultProfile <PSObject>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The New-AzPolicyDefinition cmdlet creates or updates a policy definition that includes a policy rule JSON format.
Examples
Example 1: Create a policy definition by using a policy file
{
"if": {
"field": "location",
"notIn": ["eastus", "westus", "centralus"]
},
"then": {
"effect": "audit"
}
}
New-AzPolicyDefinition -Name 'LocationDefinition' -Policy C:\LocationPolicy.json
This command creates a policy definition named LocationDefinition that contains the policy rule specified in C:\LocationPolicy.json. Example content for the LocationPolicy.json file is provided above. Three file content formats are supported: 1. Policy rule only (example above). 2. Policy properties object. This format is displayed in the portal when editing a policy definition and may include parameters. 3. Full policy object. This format is generated by the Azure Policy export function and may include parameters.
Note: Values provided on the command line (e.g. parameters, metadata) override corresponding values present in the file.
Example 2: Create a parameterized policy definition using inline parameters
{
"if": {
"field": "location",
"notIn": "[parameters('listOfAllowedLocations')]"
},
"then": {
"effect": "audit"
}
}
New-AzPolicyDefinition -Name 'LocationDefinition' -Policy C:\LocationPolicy.json -Parameter '{ "listOfAllowedLocations": { "type": "array" } }'
This command creates a policy definition named LocationDefinition that contains the policy rule specified in C:\LocationPolicy.json. The parameter definition for the policy rule is provided inline.
Example 3: Create a policy definition inline in a management group
New-AzPolicyDefinition -Name 'VMPolicyDefinition' -ManagementGroupName Dept42 -DisplayName 'Virtual Machine policy definition' -Policy '{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"deny"}}'
This command creates a policy definition named VMPolicyDefinition in management group Dept42. The command specifies the policy as a string in valid JSON format.
Example 4: Create a policy definition inline with metadata
New-AzPolicyDefinition -Name 'VMPolicyDefinition' -Metadata '{"category":"Virtual Machine"}' -Policy '{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"deny"}}' | Format-List
This command creates a policy definition named VMPolicyDefinition with metadata indicating its category is "Virtual Machine". The command specifies the policy as a string in valid JSON format.
Example 5: Create a policy definition inline with mode
New-AzPolicyDefinition -Name 'TagsPolicyDefinition' -Policy '{"if":{"value":"[less(length(field(''tags'')), 3)]","equals":true},"then":{"effect":"deny"}}' -Mode Indexed
This command creates a policy definition named TagsPolicyDefinition with mode "Indexed" indicating the policy should be evaluated only for resource types that support tags and location.
Parameters
-BackwardCompatible
Causes cmdlet to return artifacts using legacy format placing policy-specific properties in a property bag object.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DefaultProfile
The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription.
Type: | PSObject |
Aliases: | AzureRMContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Description
The policy definition description.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-DisplayName
The display name of the policy definition.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-ManagementGroupName
The ID of the management group.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Metadata
The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Mode
The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Name
The name of the policy definition to create.
Type: | String |
Aliases: | PolicyDefinitionName |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Parameter
The parameter definitions for parameters used in the policy rule. The keys are the parameter names.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Policy
The policy rule.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-SubscriptionId
The ID of the target subscription.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
Outputs
Commentaires
https://aka.ms/ContentUserFeedback.
Bientôt disponible : Tout au long de 2024, nous allons supprimer progressivement GitHub Issues comme mécanisme de commentaires pour le contenu et le remplacer par un nouveau système de commentaires. Pour plus d’informations, consultezEnvoyer et afficher des commentaires pour