az policy assignment
Manage resource policy assignments.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az policy assignment create |
Create a resource policy assignment. |
Core | GA |
| az policy assignment delete |
Delete a resource policy assignment. |
Core | GA |
| az policy assignment list |
List resource policy assignments. |
Core | GA |
| az policy assignment show |
Show a resource policy assignment. |
Core | GA |
| az policy assignment update |
Update a resource policy assignment. |
Core | GA |
az policy assignment create
Create a resource policy assignment.
az policy assignment create [--display-name]
[--name]
[--not-scopes]
[--policy]
[--resource-group]
[--scope]Examples
Create a resource policy assignment at scope
Valid scopes are management group, subscription, resource group, and resource, for example
management group: /providers/Microsoft.Management/managementGroups/MyManagementGroup
subscription: /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333
resource group: /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup
resource: /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM
az policy assignment create --scope \
"/providers/Microsoft.Management/managementGroups/MyManagementGroup" \
--policy {PolicyName} -p "{ \"allowedLocations\": \
{ \"value\": [ \"australiaeast\", \"eastus\", \"japaneast\" ] } }"Create a resource policy assignment and provide rule parameter values.
az policy assignment create --policy {PolicyName} -p "{ \"allowedLocations\": \
{ \"value\": [ \"australiaeast\", \"eastus\", \"japaneast\" ] } }"Create a resource policy assignment with a system assigned identity.
az policy assignment create --name myPolicy --policy {PolicyName} --mi-system-assigned --location eastusCreate a resource policy assignment with a system assigned identity. The identity will have 'Contributor' role access to the subscription.
az policy assignment create --name myPolicy --policy {PolicyName} --mi-system-assigned --identity-scope /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx --role Contributor --location eastusCreate a resource policy assignment with a user assigned identity.
az policy assignment create --name myPolicy --policy {PolicyName} -g MyResourceGroup --mi-user-assigned myAssignedId --location westusCreate a resource policy assignment with an enforcement mode. It indicates whether a policy effect will be enforced or not during assignment creation and update. Please visit https://aka.ms/azure-policyAssignment-enforcement-mode for more information.
az policy assignment create --name myPolicy --policy {PolicyName} --enforcement-mode 'DoNotEnforce'Optional Parameters
Display name of the policy assignment.
Name of the new policy assignment.
Space-separated scopes where the policy assignment does not apply.
Name or id of the policy definition. If not provided, a policy set definition parameter must be provided.
The resource group where the policy will be applied.
Scope to which this policy assignment applies.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az policy assignment delete
Delete a resource policy assignment.
az policy assignment delete --name
[--resource-group]
[--scope]Examples
Delete a resource policy assignment. (autogenerated)
az policy assignment delete --name MyPolicyAssignmentRequired Parameters
Name of the policy assignment.
Optional Parameters
The resource group where the policy will be applied.
Scope at which this policy assignment subcommand applies. Defaults to current context subscription.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az policy assignment list
List resource policy assignments.
az policy assignment list [--disable-scope-strict-match]
[--resource-group]
[--scope]Optional Parameters
Include policy assignments either inherited from parent scope or at child scope.
The resource group where the policy will be applied.
Scope at which this policy assignment subcommand applies. Defaults to current context subscription.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az policy assignment show
Show a resource policy assignment.
az policy assignment show --name
[--resource-group]
[--scope]Examples
Show a resource policy assignment. (autogenerated)
az policy assignment show --name MyPolicyAssignmentRequired Parameters
Name of the policy assignment.
Optional Parameters
The resource group where the policy will be applied.
Scope at which this policy assignment subcommand applies. Defaults to current context subscription.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az policy assignment update
Update a resource policy assignment.
az policy assignment update [--display-name]
[--name]
[--not-scopes]
[--resource-group]
[--scope]Examples
Update a resource policy assignment's description.
az policy assignment update --name myPolicy --description 'My policy description'Optional Parameters
Display name of the policy assignment.
Name of the policy assignment.
Space-separated scopes where the policy assignment does not apply.
The resource group where the policy will be applied.
Scope at which this policy assignment subcommand applies. Defaults to current context subscription.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for