azure-native.security.GovernanceRule
Explore with Pulumi AI
Governance rule over a given scope
Uses Azure REST API version 2022-01-01-preview. In version 2.x of the Azure Native provider, it used API version 2022-01-01-preview.
Example Usage
Create or update governance rule over management group scope
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() => 
{
    var governanceRule = new AzureNative.Security.GovernanceRule("governanceRule", new()
    {
        Description = "A rule for a management group",
        DisplayName = "Management group rule",
        ExcludedScopes = new[]
        {
            "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
        },
        GovernanceEmailNotification = new AzureNative.Security.Inputs.GovernanceRuleEmailNotificationArgs
        {
            DisableManagerEmailNotification = true,
            DisableOwnerEmailNotification = false,
        },
        IsDisabled = false,
        IsGracePeriod = true,
        OwnerSource = new AzureNative.Security.Inputs.GovernanceRuleOwnerSourceArgs
        {
            Type = AzureNative.Security.GovernanceRuleOwnerSourceType.Manually,
            Value = "user@contoso.com",
        },
        RemediationTimeframe = "7.00:00:00",
        RuleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
        RulePriority = 200,
        RuleType = AzureNative.Security.GovernanceRuleType.Integrated,
        Scope = "providers/Microsoft.Management/managementGroups/contoso",
        SourceResourceType = AzureNative.Security.GovernanceRuleSourceResourceType.Assessments,
    });
});
package main
import (
	security "github.com/pulumi/pulumi-azure-native-sdk/security/v3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := security.NewGovernanceRule(ctx, "governanceRule", &security.GovernanceRuleArgs{
			Description: pulumi.String("A rule for a management group"),
			DisplayName: pulumi.String("Management group rule"),
			ExcludedScopes: pulumi.StringArray{
				pulumi.String("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"),
			},
			GovernanceEmailNotification: &security.GovernanceRuleEmailNotificationArgs{
				DisableManagerEmailNotification: pulumi.Bool(true),
				DisableOwnerEmailNotification:   pulumi.Bool(false),
			},
			IsDisabled:    pulumi.Bool(false),
			IsGracePeriod: pulumi.Bool(true),
			OwnerSource: &security.GovernanceRuleOwnerSourceArgs{
				Type:  pulumi.String(security.GovernanceRuleOwnerSourceTypeManually),
				Value: pulumi.String("user@contoso.com"),
			},
			RemediationTimeframe: pulumi.String("7.00:00:00"),
			RuleId:               pulumi.String("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
			RulePriority:         pulumi.Int(200),
			RuleType:             pulumi.String(security.GovernanceRuleTypeIntegrated),
			Scope:                pulumi.String("providers/Microsoft.Management/managementGroups/contoso"),
			SourceResourceType:   pulumi.String(security.GovernanceRuleSourceResourceTypeAssessments),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.security.GovernanceRule;
import com.pulumi.azurenative.security.GovernanceRuleArgs;
import com.pulumi.azurenative.security.inputs.GovernanceRuleEmailNotificationArgs;
import com.pulumi.azurenative.security.inputs.GovernanceRuleOwnerSourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var governanceRule = new GovernanceRule("governanceRule", GovernanceRuleArgs.builder()
            .description("A rule for a management group")
            .displayName("Management group rule")
            .excludedScopes("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23")
            .governanceEmailNotification(GovernanceRuleEmailNotificationArgs.builder()
                .disableManagerEmailNotification(true)
                .disableOwnerEmailNotification(false)
                .build())
            .isDisabled(false)
            .isGracePeriod(true)
            .ownerSource(GovernanceRuleOwnerSourceArgs.builder()
                .type("Manually")
                .value("user@contoso.com")
                .build())
            .remediationTimeframe("7.00:00:00")
            .ruleId("ad9a8e26-29d9-4829-bb30-e597a58cdbb8")
            .rulePriority(200)
            .ruleType("Integrated")
            .scope("providers/Microsoft.Management/managementGroups/contoso")
            .sourceResourceType("Assessments")
            .build());
    }
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const governanceRule = new azure_native.security.GovernanceRule("governanceRule", {
    description: "A rule for a management group",
    displayName: "Management group rule",
    excludedScopes: ["/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"],
    governanceEmailNotification: {
        disableManagerEmailNotification: true,
        disableOwnerEmailNotification: false,
    },
    isDisabled: false,
    isGracePeriod: true,
    ownerSource: {
        type: azure_native.security.GovernanceRuleOwnerSourceType.Manually,
        value: "user@contoso.com",
    },
    remediationTimeframe: "7.00:00:00",
    ruleId: "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
    rulePriority: 200,
    ruleType: azure_native.security.GovernanceRuleType.Integrated,
    scope: "providers/Microsoft.Management/managementGroups/contoso",
    sourceResourceType: azure_native.security.GovernanceRuleSourceResourceType.Assessments,
});
import pulumi
import pulumi_azure_native as azure_native
governance_rule = azure_native.security.GovernanceRule("governanceRule",
    description="A rule for a management group",
    display_name="Management group rule",
    excluded_scopes=["/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"],
    governance_email_notification={
        "disable_manager_email_notification": True,
        "disable_owner_email_notification": False,
    },
    is_disabled=False,
    is_grace_period=True,
    owner_source={
        "type": azure_native.security.GovernanceRuleOwnerSourceType.MANUALLY,
        "value": "user@contoso.com",
    },
    remediation_timeframe="7.00:00:00",
    rule_id="ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
    rule_priority=200,
    rule_type=azure_native.security.GovernanceRuleType.INTEGRATED,
    scope="providers/Microsoft.Management/managementGroups/contoso",
    source_resource_type=azure_native.security.GovernanceRuleSourceResourceType.ASSESSMENTS)
resources:
  governanceRule:
    type: azure-native:security:GovernanceRule
    properties:
      description: A rule for a management group
      displayName: Management group rule
      excludedScopes:
        - /subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23
      governanceEmailNotification:
        disableManagerEmailNotification: true
        disableOwnerEmailNotification: false
      isDisabled: false
      isGracePeriod: true
      ownerSource:
        type: Manually
        value: user@contoso.com
      remediationTimeframe: 7.00:00:00
      ruleId: ad9a8e26-29d9-4829-bb30-e597a58cdbb8
      rulePriority: 200
      ruleType: Integrated
      scope: providers/Microsoft.Management/managementGroups/contoso
      sourceResourceType: Assessments
Create or update governance rule over security connector scope
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() => 
{
    var governanceRule = new AzureNative.Security.GovernanceRule("governanceRule", new()
    {
        Description = "A rule on critical GCP recommendations",
        DisplayName = "GCP Admin's rule",
        GovernanceEmailNotification = new AzureNative.Security.Inputs.GovernanceRuleEmailNotificationArgs
        {
            DisableManagerEmailNotification = true,
            DisableOwnerEmailNotification = false,
        },
        IsDisabled = false,
        IsGracePeriod = true,
        OwnerSource = new AzureNative.Security.Inputs.GovernanceRuleOwnerSourceArgs
        {
            Type = AzureNative.Security.GovernanceRuleOwnerSourceType.Manually,
            Value = "user@contoso.com",
        },
        RemediationTimeframe = "7.00:00:00",
        RuleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
        RulePriority = 200,
        RuleType = AzureNative.Security.GovernanceRuleType.Integrated,
        Scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector",
        SourceResourceType = AzureNative.Security.GovernanceRuleSourceResourceType.Assessments,
    });
});
package main
import (
	security "github.com/pulumi/pulumi-azure-native-sdk/security/v3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := security.NewGovernanceRule(ctx, "governanceRule", &security.GovernanceRuleArgs{
			Description: pulumi.String("A rule on critical GCP recommendations"),
			DisplayName: pulumi.String("GCP Admin's rule"),
			GovernanceEmailNotification: &security.GovernanceRuleEmailNotificationArgs{
				DisableManagerEmailNotification: pulumi.Bool(true),
				DisableOwnerEmailNotification:   pulumi.Bool(false),
			},
			IsDisabled:    pulumi.Bool(false),
			IsGracePeriod: pulumi.Bool(true),
			OwnerSource: &security.GovernanceRuleOwnerSourceArgs{
				Type:  pulumi.String(security.GovernanceRuleOwnerSourceTypeManually),
				Value: pulumi.String("user@contoso.com"),
			},
			RemediationTimeframe: pulumi.String("7.00:00:00"),
			RuleId:               pulumi.String("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
			RulePriority:         pulumi.Int(200),
			RuleType:             pulumi.String(security.GovernanceRuleTypeIntegrated),
			Scope:                pulumi.String("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector"),
			SourceResourceType:   pulumi.String(security.GovernanceRuleSourceResourceTypeAssessments),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.security.GovernanceRule;
import com.pulumi.azurenative.security.GovernanceRuleArgs;
import com.pulumi.azurenative.security.inputs.GovernanceRuleEmailNotificationArgs;
import com.pulumi.azurenative.security.inputs.GovernanceRuleOwnerSourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var governanceRule = new GovernanceRule("governanceRule", GovernanceRuleArgs.builder()
            .description("A rule on critical GCP recommendations")
            .displayName("GCP Admin's rule")
            .governanceEmailNotification(GovernanceRuleEmailNotificationArgs.builder()
                .disableManagerEmailNotification(true)
                .disableOwnerEmailNotification(false)
                .build())
            .isDisabled(false)
            .isGracePeriod(true)
            .ownerSource(GovernanceRuleOwnerSourceArgs.builder()
                .type("Manually")
                .value("user@contoso.com")
                .build())
            .remediationTimeframe("7.00:00:00")
            .ruleId("ad9a8e26-29d9-4829-bb30-e597a58cdbb8")
            .rulePriority(200)
            .ruleType("Integrated")
            .scope("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector")
            .sourceResourceType("Assessments")
            .build());
    }
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const governanceRule = new azure_native.security.GovernanceRule("governanceRule", {
    description: "A rule on critical GCP recommendations",
    displayName: "GCP Admin's rule",
    governanceEmailNotification: {
        disableManagerEmailNotification: true,
        disableOwnerEmailNotification: false,
    },
    isDisabled: false,
    isGracePeriod: true,
    ownerSource: {
        type: azure_native.security.GovernanceRuleOwnerSourceType.Manually,
        value: "user@contoso.com",
    },
    remediationTimeframe: "7.00:00:00",
    ruleId: "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
    rulePriority: 200,
    ruleType: azure_native.security.GovernanceRuleType.Integrated,
    scope: "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector",
    sourceResourceType: azure_native.security.GovernanceRuleSourceResourceType.Assessments,
});
import pulumi
import pulumi_azure_native as azure_native
governance_rule = azure_native.security.GovernanceRule("governanceRule",
    description="A rule on critical GCP recommendations",
    display_name="GCP Admin's rule",
    governance_email_notification={
        "disable_manager_email_notification": True,
        "disable_owner_email_notification": False,
    },
    is_disabled=False,
    is_grace_period=True,
    owner_source={
        "type": azure_native.security.GovernanceRuleOwnerSourceType.MANUALLY,
        "value": "user@contoso.com",
    },
    remediation_timeframe="7.00:00:00",
    rule_id="ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
    rule_priority=200,
    rule_type=azure_native.security.GovernanceRuleType.INTEGRATED,
    scope="subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector",
    source_resource_type=azure_native.security.GovernanceRuleSourceResourceType.ASSESSMENTS)
resources:
  governanceRule:
    type: azure-native:security:GovernanceRule
    properties:
      description: A rule on critical GCP recommendations
      displayName: GCP Admin's rule
      governanceEmailNotification:
        disableManagerEmailNotification: true
        disableOwnerEmailNotification: false
      isDisabled: false
      isGracePeriod: true
      ownerSource:
        type: Manually
        value: user@contoso.com
      remediationTimeframe: 7.00:00:00
      ruleId: ad9a8e26-29d9-4829-bb30-e597a58cdbb8
      rulePriority: 200
      ruleType: Integrated
      scope: subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector
      sourceResourceType: Assessments
Create or update governance rule over subscription scope
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() => 
{
    var governanceRule = new AzureNative.Security.GovernanceRule("governanceRule", new()
    {
        Description = "A rule for critical recommendations",
        DisplayName = "Admin's rule",
        GovernanceEmailNotification = new AzureNative.Security.Inputs.GovernanceRuleEmailNotificationArgs
        {
            DisableManagerEmailNotification = false,
            DisableOwnerEmailNotification = false,
        },
        IsDisabled = false,
        IsGracePeriod = true,
        OwnerSource = new AzureNative.Security.Inputs.GovernanceRuleOwnerSourceArgs
        {
            Type = AzureNative.Security.GovernanceRuleOwnerSourceType.Manually,
            Value = "user@contoso.com",
        },
        RemediationTimeframe = "7.00:00:00",
        RuleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
        RulePriority = 200,
        RuleType = AzureNative.Security.GovernanceRuleType.Integrated,
        Scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
        SourceResourceType = AzureNative.Security.GovernanceRuleSourceResourceType.Assessments,
    });
});
package main
import (
	security "github.com/pulumi/pulumi-azure-native-sdk/security/v3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := security.NewGovernanceRule(ctx, "governanceRule", &security.GovernanceRuleArgs{
			Description: pulumi.String("A rule for critical recommendations"),
			DisplayName: pulumi.String("Admin's rule"),
			GovernanceEmailNotification: &security.GovernanceRuleEmailNotificationArgs{
				DisableManagerEmailNotification: pulumi.Bool(false),
				DisableOwnerEmailNotification:   pulumi.Bool(false),
			},
			IsDisabled:    pulumi.Bool(false),
			IsGracePeriod: pulumi.Bool(true),
			OwnerSource: &security.GovernanceRuleOwnerSourceArgs{
				Type:  pulumi.String(security.GovernanceRuleOwnerSourceTypeManually),
				Value: pulumi.String("user@contoso.com"),
			},
			RemediationTimeframe: pulumi.String("7.00:00:00"),
			RuleId:               pulumi.String("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
			RulePriority:         pulumi.Int(200),
			RuleType:             pulumi.String(security.GovernanceRuleTypeIntegrated),
			Scope:                pulumi.String("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"),
			SourceResourceType:   pulumi.String(security.GovernanceRuleSourceResourceTypeAssessments),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.security.GovernanceRule;
import com.pulumi.azurenative.security.GovernanceRuleArgs;
import com.pulumi.azurenative.security.inputs.GovernanceRuleEmailNotificationArgs;
import com.pulumi.azurenative.security.inputs.GovernanceRuleOwnerSourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var governanceRule = new GovernanceRule("governanceRule", GovernanceRuleArgs.builder()
            .description("A rule for critical recommendations")
            .displayName("Admin's rule")
            .governanceEmailNotification(GovernanceRuleEmailNotificationArgs.builder()
                .disableManagerEmailNotification(false)
                .disableOwnerEmailNotification(false)
                .build())
            .isDisabled(false)
            .isGracePeriod(true)
            .ownerSource(GovernanceRuleOwnerSourceArgs.builder()
                .type("Manually")
                .value("user@contoso.com")
                .build())
            .remediationTimeframe("7.00:00:00")
            .ruleId("ad9a8e26-29d9-4829-bb30-e597a58cdbb8")
            .rulePriority(200)
            .ruleType("Integrated")
            .scope("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23")
            .sourceResourceType("Assessments")
            .build());
    }
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const governanceRule = new azure_native.security.GovernanceRule("governanceRule", {
    description: "A rule for critical recommendations",
    displayName: "Admin's rule",
    governanceEmailNotification: {
        disableManagerEmailNotification: false,
        disableOwnerEmailNotification: false,
    },
    isDisabled: false,
    isGracePeriod: true,
    ownerSource: {
        type: azure_native.security.GovernanceRuleOwnerSourceType.Manually,
        value: "user@contoso.com",
    },
    remediationTimeframe: "7.00:00:00",
    ruleId: "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
    rulePriority: 200,
    ruleType: azure_native.security.GovernanceRuleType.Integrated,
    scope: "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
    sourceResourceType: azure_native.security.GovernanceRuleSourceResourceType.Assessments,
});
import pulumi
import pulumi_azure_native as azure_native
governance_rule = azure_native.security.GovernanceRule("governanceRule",
    description="A rule for critical recommendations",
    display_name="Admin's rule",
    governance_email_notification={
        "disable_manager_email_notification": False,
        "disable_owner_email_notification": False,
    },
    is_disabled=False,
    is_grace_period=True,
    owner_source={
        "type": azure_native.security.GovernanceRuleOwnerSourceType.MANUALLY,
        "value": "user@contoso.com",
    },
    remediation_timeframe="7.00:00:00",
    rule_id="ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
    rule_priority=200,
    rule_type=azure_native.security.GovernanceRuleType.INTEGRATED,
    scope="subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
    source_resource_type=azure_native.security.GovernanceRuleSourceResourceType.ASSESSMENTS)
resources:
  governanceRule:
    type: azure-native:security:GovernanceRule
    properties:
      description: A rule for critical recommendations
      displayName: Admin's rule
      governanceEmailNotification:
        disableManagerEmailNotification: false
        disableOwnerEmailNotification: false
      isDisabled: false
      isGracePeriod: true
      ownerSource:
        type: Manually
        value: user@contoso.com
      remediationTimeframe: 7.00:00:00
      ruleId: ad9a8e26-29d9-4829-bb30-e597a58cdbb8
      rulePriority: 200
      ruleType: Integrated
      scope: subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23
      sourceResourceType: Assessments
Create GovernanceRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new GovernanceRule(name: string, args: GovernanceRuleArgs, opts?: CustomResourceOptions);@overload
def GovernanceRule(resource_name: str,
                   args: GovernanceRuleArgs,
                   opts: Optional[ResourceOptions] = None)
@overload
def GovernanceRule(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   owner_source: Optional[GovernanceRuleOwnerSourceArgs] = None,
                   display_name: Optional[str] = None,
                   source_resource_type: Optional[Union[str, GovernanceRuleSourceResourceType]] = None,
                   scope: Optional[str] = None,
                   rule_type: Optional[Union[str, GovernanceRuleType]] = None,
                   rule_priority: Optional[int] = None,
                   is_grace_period: Optional[bool] = None,
                   description: Optional[str] = None,
                   remediation_timeframe: Optional[str] = None,
                   rule_id: Optional[str] = None,
                   is_disabled: Optional[bool] = None,
                   include_member_scopes: Optional[bool] = None,
                   governance_email_notification: Optional[GovernanceRuleEmailNotificationArgs] = None,
                   excluded_scopes: Optional[Sequence[str]] = None)func NewGovernanceRule(ctx *Context, name string, args GovernanceRuleArgs, opts ...ResourceOption) (*GovernanceRule, error)public GovernanceRule(string name, GovernanceRuleArgs args, CustomResourceOptions? opts = null)
public GovernanceRule(String name, GovernanceRuleArgs args)
public GovernanceRule(String name, GovernanceRuleArgs args, CustomResourceOptions options)
type: azure-native:security:GovernanceRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args GovernanceRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args GovernanceRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args GovernanceRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GovernanceRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args GovernanceRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var governanceRuleResource = new AzureNative.Security.GovernanceRule("governanceRuleResource", new()
{
    OwnerSource = new AzureNative.Security.Inputs.GovernanceRuleOwnerSourceArgs
    {
        Type = "string",
        Value = "string",
    },
    DisplayName = "string",
    SourceResourceType = "string",
    Scope = "string",
    RuleType = "string",
    RulePriority = 0,
    IsGracePeriod = false,
    Description = "string",
    RemediationTimeframe = "string",
    RuleId = "string",
    IsDisabled = false,
    IncludeMemberScopes = false,
    GovernanceEmailNotification = new AzureNative.Security.Inputs.GovernanceRuleEmailNotificationArgs
    {
        DisableManagerEmailNotification = false,
        DisableOwnerEmailNotification = false,
    },
    ExcludedScopes = new[]
    {
        "string",
    },
});
example, err := security.NewGovernanceRule(ctx, "governanceRuleResource", &security.GovernanceRuleArgs{
	OwnerSource: &security.GovernanceRuleOwnerSourceArgs{
		Type:  pulumi.String("string"),
		Value: pulumi.String("string"),
	},
	DisplayName:          pulumi.String("string"),
	SourceResourceType:   pulumi.String("string"),
	Scope:                pulumi.String("string"),
	RuleType:             pulumi.String("string"),
	RulePriority:         pulumi.Int(0),
	IsGracePeriod:        pulumi.Bool(false),
	Description:          pulumi.String("string"),
	RemediationTimeframe: pulumi.String("string"),
	RuleId:               pulumi.String("string"),
	IsDisabled:           pulumi.Bool(false),
	IncludeMemberScopes:  pulumi.Bool(false),
	GovernanceEmailNotification: &security.GovernanceRuleEmailNotificationArgs{
		DisableManagerEmailNotification: pulumi.Bool(false),
		DisableOwnerEmailNotification:   pulumi.Bool(false),
	},
	ExcludedScopes: pulumi.StringArray{
		pulumi.String("string"),
	},
})
var governanceRuleResource = new GovernanceRule("governanceRuleResource", GovernanceRuleArgs.builder()
    .ownerSource(GovernanceRuleOwnerSourceArgs.builder()
        .type("string")
        .value("string")
        .build())
    .displayName("string")
    .sourceResourceType("string")
    .scope("string")
    .ruleType("string")
    .rulePriority(0)
    .isGracePeriod(false)
    .description("string")
    .remediationTimeframe("string")
    .ruleId("string")
    .isDisabled(false)
    .includeMemberScopes(false)
    .governanceEmailNotification(GovernanceRuleEmailNotificationArgs.builder()
        .disableManagerEmailNotification(false)
        .disableOwnerEmailNotification(false)
        .build())
    .excludedScopes("string")
    .build());
governance_rule_resource = azure_native.security.GovernanceRule("governanceRuleResource",
    owner_source={
        "type": "string",
        "value": "string",
    },
    display_name="string",
    source_resource_type="string",
    scope="string",
    rule_type="string",
    rule_priority=0,
    is_grace_period=False,
    description="string",
    remediation_timeframe="string",
    rule_id="string",
    is_disabled=False,
    include_member_scopes=False,
    governance_email_notification={
        "disable_manager_email_notification": False,
        "disable_owner_email_notification": False,
    },
    excluded_scopes=["string"])
const governanceRuleResource = new azure_native.security.GovernanceRule("governanceRuleResource", {
    ownerSource: {
        type: "string",
        value: "string",
    },
    displayName: "string",
    sourceResourceType: "string",
    scope: "string",
    ruleType: "string",
    rulePriority: 0,
    isGracePeriod: false,
    description: "string",
    remediationTimeframe: "string",
    ruleId: "string",
    isDisabled: false,
    includeMemberScopes: false,
    governanceEmailNotification: {
        disableManagerEmailNotification: false,
        disableOwnerEmailNotification: false,
    },
    excludedScopes: ["string"],
});
type: azure-native:security:GovernanceRule
properties:
    description: string
    displayName: string
    excludedScopes:
        - string
    governanceEmailNotification:
        disableManagerEmailNotification: false
        disableOwnerEmailNotification: false
    includeMemberScopes: false
    isDisabled: false
    isGracePeriod: false
    ownerSource:
        type: string
        value: string
    remediationTimeframe: string
    ruleId: string
    rulePriority: 0
    ruleType: string
    scope: string
    sourceResourceType: string
GovernanceRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The GovernanceRule resource accepts the following input properties:
- DisplayName string
- Display name of the governance rule
- OwnerSource Pulumi.Azure Native. Security. Inputs. Governance Rule Owner Source 
- The owner source for the governance rule - e.g. Manually by user@contoso.com - see example
- RulePriority int
- The governance rule priority, priority to the lower number. Rules with the same priority on the same scope will not be allowed
- RuleType string | Pulumi.Azure Native. Security. Governance Rule Type 
- The rule type of the governance rule, defines the source of the rule e.g. Integrated
- Scope string
- The scope of the Governance rules. Valid scopes are: management group (format: 'providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: 'subscriptions/{subscriptionId}'), or security connector (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName})'
- SourceResource string | Pulumi.Type Azure Native. Security. Governance Rule Source Resource Type 
- The governance rule source, what the rule affects, e.g. Assessments
- Description string
- Description of the governance rule
- ExcludedScopes List<string>
- Excluded scopes, filter out the descendants of the scope (on management scopes)
- GovernanceEmail Pulumi.Notification Azure Native. Security. Inputs. Governance Rule Email Notification 
- The email notifications settings for the governance rule, states whether to disable notifications for mangers and owners
- IncludeMember boolScopes 
- Defines whether the rule is management scope rule (master connector as a single scope or management scope)
- IsDisabled bool
- Defines whether the rule is active/inactive
- IsGrace boolPeriod 
- Defines whether there is a grace period on the governance rule
- RemediationTimeframe string
- Governance rule remediation timeframe - this is the time that will affect on the grace-period duration e.g. 7.00:00:00 - means 7 days
- RuleId string
- The governance rule key - unique key for the standard governance rule (GUID)
- DisplayName string
- Display name of the governance rule
- OwnerSource GovernanceRule Owner Source Args 
- The owner source for the governance rule - e.g. Manually by user@contoso.com - see example
- RulePriority int
- The governance rule priority, priority to the lower number. Rules with the same priority on the same scope will not be allowed
- RuleType string | GovernanceRule Type 
- The rule type of the governance rule, defines the source of the rule e.g. Integrated
- Scope string
- The scope of the Governance rules. Valid scopes are: management group (format: 'providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: 'subscriptions/{subscriptionId}'), or security connector (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName})'
- SourceResource string | GovernanceType Rule Source Resource Type 
- The governance rule source, what the rule affects, e.g. Assessments
- Description string
- Description of the governance rule
- ExcludedScopes []string
- Excluded scopes, filter out the descendants of the scope (on management scopes)
- GovernanceEmail GovernanceNotification Rule Email Notification Args 
- The email notifications settings for the governance rule, states whether to disable notifications for mangers and owners
- IncludeMember boolScopes 
- Defines whether the rule is management scope rule (master connector as a single scope or management scope)
- IsDisabled bool
- Defines whether the rule is active/inactive
- IsGrace boolPeriod 
- Defines whether there is a grace period on the governance rule
- RemediationTimeframe string
- Governance rule remediation timeframe - this is the time that will affect on the grace-period duration e.g. 7.00:00:00 - means 7 days
- RuleId string
- The governance rule key - unique key for the standard governance rule (GUID)
- displayName String
- Display name of the governance rule
- ownerSource GovernanceRule Owner Source 
- The owner source for the governance rule - e.g. Manually by user@contoso.com - see example
- rulePriority Integer
- The governance rule priority, priority to the lower number. Rules with the same priority on the same scope will not be allowed
- ruleType String | GovernanceRule Type 
- The rule type of the governance rule, defines the source of the rule e.g. Integrated
- scope String
- The scope of the Governance rules. Valid scopes are: management group (format: 'providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: 'subscriptions/{subscriptionId}'), or security connector (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName})'
- sourceResource String | GovernanceType Rule Source Resource Type 
- The governance rule source, what the rule affects, e.g. Assessments
- description String
- Description of the governance rule
- excludedScopes List<String>
- Excluded scopes, filter out the descendants of the scope (on management scopes)
- governanceEmail GovernanceNotification Rule Email Notification 
- The email notifications settings for the governance rule, states whether to disable notifications for mangers and owners
- includeMember BooleanScopes 
- Defines whether the rule is management scope rule (master connector as a single scope or management scope)
- isDisabled Boolean
- Defines whether the rule is active/inactive
- isGrace BooleanPeriod 
- Defines whether there is a grace period on the governance rule
- remediationTimeframe String
- Governance rule remediation timeframe - this is the time that will affect on the grace-period duration e.g. 7.00:00:00 - means 7 days
- ruleId String
- The governance rule key - unique key for the standard governance rule (GUID)
- displayName string
- Display name of the governance rule
- ownerSource GovernanceRule Owner Source 
- The owner source for the governance rule - e.g. Manually by user@contoso.com - see example
- rulePriority number
- The governance rule priority, priority to the lower number. Rules with the same priority on the same scope will not be allowed
- ruleType string | GovernanceRule Type 
- The rule type of the governance rule, defines the source of the rule e.g. Integrated
- scope string
- The scope of the Governance rules. Valid scopes are: management group (format: 'providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: 'subscriptions/{subscriptionId}'), or security connector (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName})'
- sourceResource string | GovernanceType Rule Source Resource Type 
- The governance rule source, what the rule affects, e.g. Assessments
- description string
- Description of the governance rule
- excludedScopes string[]
- Excluded scopes, filter out the descendants of the scope (on management scopes)
- governanceEmail GovernanceNotification Rule Email Notification 
- The email notifications settings for the governance rule, states whether to disable notifications for mangers and owners
- includeMember booleanScopes 
- Defines whether the rule is management scope rule (master connector as a single scope or management scope)
- isDisabled boolean
- Defines whether the rule is active/inactive
- isGrace booleanPeriod 
- Defines whether there is a grace period on the governance rule
- remediationTimeframe string
- Governance rule remediation timeframe - this is the time that will affect on the grace-period duration e.g. 7.00:00:00 - means 7 days
- ruleId string
- The governance rule key - unique key for the standard governance rule (GUID)
- display_name str
- Display name of the governance rule
- owner_source GovernanceRule Owner Source Args 
- The owner source for the governance rule - e.g. Manually by user@contoso.com - see example
- rule_priority int
- The governance rule priority, priority to the lower number. Rules with the same priority on the same scope will not be allowed
- rule_type str | GovernanceRule Type 
- The rule type of the governance rule, defines the source of the rule e.g. Integrated
- scope str
- The scope of the Governance rules. Valid scopes are: management group (format: 'providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: 'subscriptions/{subscriptionId}'), or security connector (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName})'
- source_resource_ str | Governancetype Rule Source Resource Type 
- The governance rule source, what the rule affects, e.g. Assessments
- description str
- Description of the governance rule
- excluded_scopes Sequence[str]
- Excluded scopes, filter out the descendants of the scope (on management scopes)
- governance_email_ Governancenotification Rule Email Notification Args 
- The email notifications settings for the governance rule, states whether to disable notifications for mangers and owners
- include_member_ boolscopes 
- Defines whether the rule is management scope rule (master connector as a single scope or management scope)
- is_disabled bool
- Defines whether the rule is active/inactive
- is_grace_ boolperiod 
- Defines whether there is a grace period on the governance rule
- remediation_timeframe str
- Governance rule remediation timeframe - this is the time that will affect on the grace-period duration e.g. 7.00:00:00 - means 7 days
- rule_id str
- The governance rule key - unique key for the standard governance rule (GUID)
- displayName String
- Display name of the governance rule
- ownerSource Property Map
- The owner source for the governance rule - e.g. Manually by user@contoso.com - see example
- rulePriority Number
- The governance rule priority, priority to the lower number. Rules with the same priority on the same scope will not be allowed
- ruleType String | "Integrated" | "ServiceNow" 
- The rule type of the governance rule, defines the source of the rule e.g. Integrated
- scope String
- The scope of the Governance rules. Valid scopes are: management group (format: 'providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: 'subscriptions/{subscriptionId}'), or security connector (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName})'
- sourceResource String | "Assessments"Type 
- The governance rule source, what the rule affects, e.g. Assessments
- description String
- Description of the governance rule
- excludedScopes List<String>
- Excluded scopes, filter out the descendants of the scope (on management scopes)
- governanceEmail Property MapNotification 
- The email notifications settings for the governance rule, states whether to disable notifications for mangers and owners
- includeMember BooleanScopes 
- Defines whether the rule is management scope rule (master connector as a single scope or management scope)
- isDisabled Boolean
- Defines whether the rule is active/inactive
- isGrace BooleanPeriod 
- Defines whether there is a grace period on the governance rule
- remediationTimeframe String
- Governance rule remediation timeframe - this is the time that will affect on the grace-period duration e.g. 7.00:00:00 - means 7 days
- ruleId String
- The governance rule key - unique key for the standard governance rule (GUID)
Outputs
All input properties are implicitly available as output properties. Additionally, the GovernanceRule resource produces the following output properties:
- AzureApi stringVersion 
- The Azure API version of the resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Resource name
- TenantId string
- The tenantId (GUID)
- Type string
- Resource type
- Metadata
Pulumi.Azure Native. Security. Outputs. Governance Rule Metadata Response 
- The governance rule metadata
- AzureApi stringVersion 
- The Azure API version of the resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Resource name
- TenantId string
- The tenantId (GUID)
- Type string
- Resource type
- Metadata
GovernanceRule Metadata Response 
- The governance rule metadata
- azureApi StringVersion 
- The Azure API version of the resource.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- Resource name
- tenantId String
- The tenantId (GUID)
- type String
- Resource type
- metadata
GovernanceRule Metadata Response 
- The governance rule metadata
- azureApi stringVersion 
- The Azure API version of the resource.
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- Resource name
- tenantId string
- The tenantId (GUID)
- type string
- Resource type
- metadata
GovernanceRule Metadata Response 
- The governance rule metadata
- azure_api_ strversion 
- The Azure API version of the resource.
- id str
- The provider-assigned unique ID for this managed resource.
- name str
- Resource name
- tenant_id str
- The tenantId (GUID)
- type str
- Resource type
- metadata
GovernanceRule Metadata Response 
- The governance rule metadata
- azureApi StringVersion 
- The Azure API version of the resource.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- Resource name
- tenantId String
- The tenantId (GUID)
- type String
- Resource type
- metadata Property Map
- The governance rule metadata
Supporting Types
GovernanceRuleEmailNotification, GovernanceRuleEmailNotificationArgs        
- DisableManager boolEmail Notification 
- Defines whether manager email notifications are disabled
- DisableOwner boolEmail Notification 
- Defines whether owner email notifications are disabled
- DisableManager boolEmail Notification 
- Defines whether manager email notifications are disabled
- DisableOwner boolEmail Notification 
- Defines whether owner email notifications are disabled
- disableManager BooleanEmail Notification 
- Defines whether manager email notifications are disabled
- disableOwner BooleanEmail Notification 
- Defines whether owner email notifications are disabled
- disableManager booleanEmail Notification 
- Defines whether manager email notifications are disabled
- disableOwner booleanEmail Notification 
- Defines whether owner email notifications are disabled
- disable_manager_ boolemail_ notification 
- Defines whether manager email notifications are disabled
- disable_owner_ boolemail_ notification 
- Defines whether owner email notifications are disabled
- disableManager BooleanEmail Notification 
- Defines whether manager email notifications are disabled
- disableOwner BooleanEmail Notification 
- Defines whether owner email notifications are disabled
GovernanceRuleEmailNotificationResponse, GovernanceRuleEmailNotificationResponseArgs          
- DisableManager boolEmail Notification 
- Defines whether manager email notifications are disabled
- DisableOwner boolEmail Notification 
- Defines whether owner email notifications are disabled
- DisableManager boolEmail Notification 
- Defines whether manager email notifications are disabled
- DisableOwner boolEmail Notification 
- Defines whether owner email notifications are disabled
- disableManager BooleanEmail Notification 
- Defines whether manager email notifications are disabled
- disableOwner BooleanEmail Notification 
- Defines whether owner email notifications are disabled
- disableManager booleanEmail Notification 
- Defines whether manager email notifications are disabled
- disableOwner booleanEmail Notification 
- Defines whether owner email notifications are disabled
- disable_manager_ boolemail_ notification 
- Defines whether manager email notifications are disabled
- disable_owner_ boolemail_ notification 
- Defines whether owner email notifications are disabled
- disableManager BooleanEmail Notification 
- Defines whether manager email notifications are disabled
- disableOwner BooleanEmail Notification 
- Defines whether owner email notifications are disabled
GovernanceRuleMetadataResponse, GovernanceRuleMetadataResponseArgs        
- created_by str
- Governance rule Created by object id (GUID)
- created_on str
- Governance rule creation date
- updated_by str
- Governance rule last updated by object id (GUID)
- updated_on str
- Governance rule last update date
GovernanceRuleOwnerSource, GovernanceRuleOwnerSourceArgs        
- Type
string | Pulumi.Azure Native. Security. Governance Rule Owner Source Type 
- The owner type for the governance rule owner source
- Value string
- The source value e.g. tag key like owner name or email address
- Type
string | GovernanceRule Owner Source Type 
- The owner type for the governance rule owner source
- Value string
- The source value e.g. tag key like owner name or email address
- type
String | GovernanceRule Owner Source Type 
- The owner type for the governance rule owner source
- value String
- The source value e.g. tag key like owner name or email address
- type
string | GovernanceRule Owner Source Type 
- The owner type for the governance rule owner source
- value string
- The source value e.g. tag key like owner name or email address
- type
str | GovernanceRule Owner Source Type 
- The owner type for the governance rule owner source
- value str
- The source value e.g. tag key like owner name or email address
- type
String | "ByTag" | "Manually" 
- The owner type for the governance rule owner source
- value String
- The source value e.g. tag key like owner name or email address
GovernanceRuleOwnerSourceResponse, GovernanceRuleOwnerSourceResponseArgs          
GovernanceRuleOwnerSourceType, GovernanceRuleOwnerSourceTypeArgs          
- ByTag 
- ByTagThe rule source type defined using resource tag
- Manually
- ManuallyThe rule source type defined manually
- GovernanceRule Owner Source Type By Tag 
- ByTagThe rule source type defined using resource tag
- GovernanceRule Owner Source Type Manually 
- ManuallyThe rule source type defined manually
- ByTag 
- ByTagThe rule source type defined using resource tag
- Manually
- ManuallyThe rule source type defined manually
- ByTag 
- ByTagThe rule source type defined using resource tag
- Manually
- ManuallyThe rule source type defined manually
- BY_TAG
- ByTagThe rule source type defined using resource tag
- MANUALLY
- ManuallyThe rule source type defined manually
- "ByTag" 
- ByTagThe rule source type defined using resource tag
- "Manually"
- ManuallyThe rule source type defined manually
GovernanceRuleSourceResourceType, GovernanceRuleSourceResourceTypeArgs          
- Assessments
- AssessmentsThe source of the governance rule is assessments
- GovernanceRule Source Resource Type Assessments 
- AssessmentsThe source of the governance rule is assessments
- Assessments
- AssessmentsThe source of the governance rule is assessments
- Assessments
- AssessmentsThe source of the governance rule is assessments
- ASSESSMENTS
- AssessmentsThe source of the governance rule is assessments
- "Assessments"
- AssessmentsThe source of the governance rule is assessments
GovernanceRuleType, GovernanceRuleTypeArgs      
- Integrated
- IntegratedThe source of the rule type definition is integrated
- ServiceNow 
- ServiceNowThe source of the rule type definition is ServiceNow
- GovernanceRule Type Integrated 
- IntegratedThe source of the rule type definition is integrated
- GovernanceRule Type Service Now 
- ServiceNowThe source of the rule type definition is ServiceNow
- Integrated
- IntegratedThe source of the rule type definition is integrated
- ServiceNow 
- ServiceNowThe source of the rule type definition is ServiceNow
- Integrated
- IntegratedThe source of the rule type definition is integrated
- ServiceNow 
- ServiceNowThe source of the rule type definition is ServiceNow
- INTEGRATED
- IntegratedThe source of the rule type definition is integrated
- SERVICE_NOW
- ServiceNowThe source of the rule type definition is ServiceNow
- "Integrated"
- IntegratedThe source of the rule type definition is integrated
- "ServiceNow" 
- ServiceNowThe source of the rule type definition is ServiceNow
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:security:GovernanceRule ad9a8e26-29d9-4829-bb30-e597a58cdbb8 /{scope}/providers/Microsoft.Security/governanceRules/{ruleId} 
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0