az policy set-definition
Manage resource policy set definitions.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az policy set-definition create |
Create a policy set definition. |
Core | GA |
| az policy set-definition delete |
Delete a policy set definition. |
Core | GA |
| az policy set-definition list |
List policy set definitions. |
Core | GA |
| az policy set-definition show |
Show a policy set definition. |
Core | GA |
| az policy set-definition update |
Update a policy set definition. |
Core | GA |
az policy set-definition create
Create a policy set definition.
az policy set-definition create --definitions
--name
[--definition-groups]
[--description]
[--display-name]
[--management-group]
[--metadata]
[--params]
[--subscription]Examples
Create a policy set definition.
az policy set-definition create -n readOnlyStorage \
--definitions '[ { \"policyDefinitionId\": \"/subscriptions/mySubId/providers/ \
Microsoft.Authorization/policyDefinitions/storagePolicy\" } ]'Create a policy set definition with parameters.
az policy set-definition create -n readOnlyStorage \
--definitions "[ { \"policyDefinitionId\": \"/subscriptions/mySubId/providers/ \
Microsoft.Authorization/policyDefinitions/storagePolicy\", \"parameters\": \
{ \"storageSku\": { \"value\": \"[parameters(\\"requiredSku\\")]\" } } }]" \
--params "{ \"requiredSku\": { \"type\": \"String\" } }"Create a policy set definition in a subscription.
az policy set-definition create -n readOnlyStorage \
--subscription '0b1f6471-1bf0-4dda-aec3-111122223333' \
--definitions '[ { \"policyDefinitionId\": \"/subscriptions/ \
0b1f6471-1bf0-4dda-aec3-111122223333/providers/Microsoft.Authorization/ \
policyDefinitions/storagePolicy\" } ]'Create a policy set definition with policy definition groups.
az policy set-definition create -n computeRequirements \
--definitions "[ { \"policyDefinitionId \": \"/subscriptions/mySubId/providers/ \
Microsoft.Authorization/policyDefinitions/storagePolicy\", \"groupNames\": \
[ \"CostSaving\", \"Organizational\" ] }, { \"policyDefinitionId\": \
\"/subscriptions/mySubId/providers/Microsoft.Authorization/ \
policyDefinitions/tagPolicy\", \"groupNames\": [ \
\"Organizational\" ] } ]" \
--definition-groups "[{ \"name\": \"CostSaving\" }, { \"name\": \"Organizational\" } ]"Required Parameters
Policy definitions in JSON format, or a path to a file or URI containing JSON rules.
Name of the new policy set definition.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
JSON formatted string or a path to a file or uri containing policy definition groups. Groups are used to organize policy definitions within a policy set.
Description of policy set definition.
Display name of policy set definition.
Name of management group the new policy set definition can be assigned in.
Metadata in space-separated key=value pairs.
JSON formatted string or a path to a file or uri with parameter definitions.
Name or id of the subscription the new policy set definition can be assigned in.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az policy set-definition delete
Behavior will change in a future release of the resource commands. Bypassing the confirmation prompt will require providing the -y switch.
Delete a policy set definition.
az policy set-definition delete --name
[--management-group]
[--subscription]Examples
Delete a policy set definition. (autogenerated)
az policy set-definition delete --management-group myMg --name MyPolicySetDefinitionRequired Parameters
The policy set definition name.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
The name of the management group of the policy [set] definition. This parameter is required if your policy set is scoped to a management group.
The subscription id of the policy [set] definition.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az policy set-definition list
List policy set definitions.
az policy set-definition list [--management-group]
[--subscription]Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
The name of the management group of the policy [set] definition. This parameter is required if your policy set is scoped to a management group.
The subscription id of the policy [set] definition.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az policy set-definition show
Show a policy set definition.
az policy set-definition show --name
[--management-group]
[--subscription]Examples
Show a policy set definition. If the policy set is scoped to a management group, then you must include the `--management-group` parameter and value.
az policy set-definition show --name MyPolicySetDefinition --management-group MyManagementGroupRequired Parameters
The policy set definition name.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
The name of the management group of the policy [set] definition. This parameter is required if your policy set is scoped to a management group.
The subscription id of the policy [set] definition.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az policy set-definition update
Update a policy set definition.
az policy set-definition update --name
[--definition-groups]
[--definitions]
[--description]
[--display-name]
[--management-group]
[--metadata]
[--params]
[--subscription]Examples
Update a policy set definition.
az policy set-definition update \
--definitions '[ { \"policyDefinitionId\": \"/subscriptions/mySubId/providers/ \
Microsoft.Authorization/policyDefinitions/storagePolicy\" } ]' \
--name MyPolicySetDefinitionUpdate the groups and definitions within a policy set definition.
az policy set-definition update -n computeRequirements \
--definitions "[ { \"policyDefinitionId\": \"/subscriptions/mySubId/providers/ \
Microsoft.Authorization/policyDefinitions/storagePolicy\", \"groupNames\": [ \
\"CostSaving\", \"Organizational\" ] }, { \"policyDefinitionId\": \
\"/subscriptions/mySubId/providers/Microsoft.Authorization/ \
policyDefinitions/tagPolicy\", \
\"groupNames\": [ \"Organizational\" ] } ]" \
--definition-groups "[{ \"name\": \"CostSaving\" }, { \"name\": \"Organizational\" } ]"Required Parameters
The policy set definition name.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
JSON formatted string or a path to a file or uri containing policy definition groups. Groups are used to organize policy definitions within a policy set.
JSON formatted string or a path to a file or uri containing definitions.
Description of policy set definition.
Display name of policy set definition.
The name of the management group of the policy [set] definition. This parameter is required if your policy set is scoped to a management group.
Metadata in space-separated key=value pairs.
JSON formatted string or a path to a file or uri with parameter definitions.
The subscription id of the policy [set] definition.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
