az policy set-definition

Manage resource policy set definitions.

Commands

az policy set-definition create

Create a policy set definition.

az policy set-definition delete

Delete a policy set definition.

az policy set-definition list

List policy set definitions.

az policy set-definition show

Show a policy set definition.

az policy set-definition update

Update a policy set definition.

az policy set-definition create

Create a policy set definition.

az policy set-definition create --definitions
                                --name
                                [--definition-groups]
                                [--description]
                                [--display-name]
                                [--management-group]
                                [--metadata]
                                [--params]
                                [--subscription]

Examples

Create a policy set definition.

az policy set-definition create -n readOnlyStorage \
    --definitions "[ { \"policyDefinitionId\": \"/subscriptions/mySubId/providers/ \
        Microsoft.Authorization/policyDefinitions/storagePolicy\", \"parameters\": \
            { \"storageSku\": { \"value\": \"[parameters(\\"requiredSku\\")]\" } } }]" \
    --params "{ \"requiredSku\": { \"type\": \"String\" } }"

Create a policy set definition with parameters.

az policy set-definition create -n readOnlyStorage \
    --definitions '[ { \"policyDefinitionId\": \"/subscriptions/mySubId/providers/ \
        Microsoft.Authorization/policyDefinitions/storagePolicy\" } ]'

Create a policy set definition in a subscription.

az policy set-definition create -n readOnlyStorage \
    --subscription '0b1f6471-1bf0-4dda-aec3-111122223333' \
    --definitions '[ { \"policyDefinitionId\": \"/subscriptions/ \
        0b1f6471-1bf0-4dda-aec3-111122223333/providers/Microsoft.Authorization/ \
            policyDefinitions/storagePolicy\" } ]'

Create a policy set definition with policy definition groups.

az policy set-definition create -n computeRequirements \
    --definitions "[ { \"policyDefinitionId \": \"/subscriptions/mySubId/providers/ \
        Microsoft.Authorization/policyDefinitions/storagePolicy\", \"groupNames\": \
            [ \"CostSaving\", \"Organizational\" ] }, { \"policyDefinitionId\": \
                \"/subscriptions/mySubId/providers/Microsoft.Authorization/ \
                    policyDefinitions/tagPolicy\", \"groupNames\": [ \
                        \"Organizational\" ] } ]" \
    --definition-groups "[{ \"name\": \"CostSaving\" }, { \"name\": \"Organizational\" } ]"

Required Parameters

--definitions

Policy definitions in JSON format, or a path to a file or URI containing JSON rules.

--name -n

Name of the new policy set definition.

Optional Parameters

--definition-groups

JSON formatted string or a path to a file or uri containing policy definition groups. Groups are used to organize policy definitions within a policy set.

--description

Description of policy set definition.

--display-name

Display name of policy set definition.

--management-group

Name of management group the new policy set definition can be assigned in.

--metadata

Metadata in space-separated key=value pairs.

--params

JSON formatted string or a path to a file or uri with parameter definitions.

--subscription

Name or id of the subscription the new policy set definition can be assigned in.

az policy set-definition delete

Delete a policy set definition.

az policy set-definition delete --name
                                [--management-group]
                                [--subscription]

Examples

Delete a policy set definition. (autogenerated)

az policy set-definition delete --management-group myMg --name MyPolicySetDefinition

Required Parameters

--name -n

The policy set definition name.

Optional Parameters

--management-group

The name of the management group of the policy [set] definition.

--subscription

The subscription id of the policy [set] definition.

az policy set-definition list

List policy set definitions.

az policy set-definition list [--management-group]
                              [--query-examples]
                              [--subscription]

Optional Parameters

--management-group

The name of the management group of the policy [set] definition.

--query-examples

Recommend JMESPath string for you. You can copy one of the query and paste it after --query parameter within double quotation marks to see the results. You can add one or more positional keywords so that we can give suggestions based on these key words.

--subscription

The subscription id of the policy [set] definition.

az policy set-definition show

Show a policy set definition.

az policy set-definition show --name
                              [--management-group]
                              [--query-examples]
                              [--subscription]

Examples

Show a policy set definition. (autogenerated)

az policy set-definition show --name MyPolicySetDefinition

Required Parameters

--name -n

The policy set definition name.

Optional Parameters

--management-group

The name of the management group of the policy [set] definition.

--query-examples

Recommend JMESPath string for you. You can copy one of the query and paste it after --query parameter within double quotation marks to see the results. You can add one or more positional keywords so that we can give suggestions based on these key words.

--subscription

The subscription id of the policy [set] definition.

az policy set-definition update

Update a policy set definition.

az policy set-definition update --name
                                [--definition-groups]
                                [--definitions]
                                [--description]
                                [--display-name]
                                [--management-group]
                                [--metadata]
                                [--params]
                                [--subscription]

Examples

Update a policy set definition.

az policy set-definition update \
    --definitions '[ { \"policyDefinitionId\": \"/subscriptions/mySubId/providers/ \
        Microsoft.Authorization/policyDefinitions/storagePolicy\" } ]' \
    --name MyPolicySetDefinition

Update the groups and definitions within a policy set definition.

az policy set-definition update -n computeRequirements \
    --definitions "[ { \"policyDefinitionId\": \"/subscriptions/mySubId/providers/ \
        Microsoft.Authorization/policyDefinitions/storagePolicy\", \"groupNames\": [ \
            \"CostSaving\", \"Organizational\" ] }, { \"policyDefinitionId\": \
                \"/subscriptions/mySubId/providers/Microsoft.Authorization/ \
                    policyDefinitions/tagPolicy\", \
                        \"groupNames\": [ \"Organizational\" ] } ]" \
    --definition-groups "[{ \"name\": \"CostSaving\" }, { \"name\": \"Organizational\" } ]"

Required Parameters

--name -n

The policy set definition name.

Optional Parameters

--definition-groups

JSON formatted string or a path to a file or uri containing policy definition groups. Groups are used to organize policy definitions within a policy set.

--definitions

JSON formatted string or a path to a file or uri containing definitions.

--description

Description of policy set definition.

--display-name

Display name of policy set definition.

--management-group

The name of the management group of the policy [set] definition.

--metadata

Metadata in space-separated key=value pairs.

--params

JSON formatted string or a path to a file or uri with parameter definitions.

--subscription

The subscription id of the policy [set] definition.