az policy assignment

Manage resource policy assignments.

Commands

az policy assignment create Create a resource policy assignment.
az policy assignment delete Delete a resource policy assignment.
az policy assignment list List resource policy assignments.
az policy assignment show Show a resource policy assignment.

az policy assignment create

Create a resource policy assignment.

az policy assignment create [--display-name]
[--name]
[--not-scopes]
[--params]
[--policy]
[--policy-set-definition]
[--resource-group]
[--scope]
[--sku {free, standard}]

Examples

Provide rule parameter values with the following example

{
                            "allowedLocations": {
                                "value": [
                                    "australiaeast",
                                    "eastus",
                                    "japaneast"
                                ]
                            }
                        }

Optional Parameters

--display-name
Display name of the assignment.
--name -n
Name of the new assignment.
--not-scopes
Space separated scopes where the policy assignment does not apply.
--params -p
JSON formatted string or path to file with parameter values of policy rule.
--policy
Name or id of the policy definition.
--policy-set-definition -d
Name or id of the policy set definition.
--resource-group -g
The resource group where the policy will be applied.
--scope
Scope at which this policy assignment applies to, e.g., /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.
--sku -s
Policy sku.
accepted values: free, standard

az policy assignment delete

Delete a resource policy assignment.

az policy assignment delete --name
[--resource-group]
[--scope]

Required Parameters

--name -n
Name of the assignment.

Optional Parameters

--resource-group -g
The resource group where the policy will be applied.
--scope
Scope at which this policy assignment applies to, e.g., /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.

az policy assignment list

List resource policy assignments.

az policy assignment list [--disable-scope-strict-match]
[--resource-group]
[--scope]

Optional Parameters

--disable-scope-strict-match
Include assignment either inhertied from parent scope or at child scope.
--resource-group -g
The resource group where the policy will be applied.
--scope
Scope at which this policy assignment applies to, e.g., /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.

az policy assignment show

Show a resource policy assignment.

az policy assignment show --name
[--resource-group]
[--scope]

Required Parameters

--name -n
Name of the assignment.

Optional Parameters

--resource-group -g
The resource group where the policy will be applied.
--scope
Scope at which this policy assignment applies to, e.g., /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.