-
Notifications
You must be signed in to change notification settings - Fork 0
/
policy_exemption.tf
23 lines (19 loc) · 1.08 KB
/
policy_exemption.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
resource "time_sleep" "wait_60_seconds" {
create_duration = "60s"
}
resource "azurerm_resource_group_policy_exemption" "ip_forwarding" {
count = var.enable_ip_forwarding ? 1 : 0
name = "AllowIPForwarding"
display_name = "Allow IP Forwarding for VM"
resource_group_id = azurerm_resource_group.vm_rg.id
policy_assignment_id = "/providers/microsoft.management/managementgroups/${var.config.generic.org.root_id}-landing-zones/providers/microsoft.authorization/policyassignments/deny-ip-forwarding"
exemption_category = "Waiver"
}
resource "azurerm_resource_group_policy_exemption" "backup" {
count = var.disable_backup ? 0 : 1
name = "DisableBackups"
display_name = "Disable backups on VMs in the '${azurerm_resource_group.vm_rg.name}' Resource Group"
resource_group_id = azurerm_resource_group.vm_rg.id
policy_assignment_id = "/providers/microsoft.management/managementgroups/${var.config.generic.org.root_id}-landing-zones/providers/microsoft.authorization/policyassignments/deploy-vm-backup"
exemption_category = "Waiver"
}