Docs Home
This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.
Azure Native v2.90.0 published on Thursday, Mar 27, 2025 by Pulumi
azure-native.security.GovernanceRule
Explore with Pulumi AI
This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.
Azure Native v2.90.0 published on Thursday, Mar 27, 2025 by Pulumi
Governance rule over a given scope
Uses Azure REST API version 2022-01-01-preview.
Example Usage
Create or update governance rule over management group scope
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var governanceRule = new AzureNative.Security.GovernanceRule("governanceRule", new()
{
Description = "A rule for a management group",
DisplayName = "Management group rule",
ExcludedScopes = new[]
{
"/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
},
GovernanceEmailNotification = new AzureNative.Security.Inputs.GovernanceRuleEmailNotificationArgs
{
DisableManagerEmailNotification = true,
DisableOwnerEmailNotification = false,
},
IsDisabled = false,
IsGracePeriod = true,
OwnerSource = new AzureNative.Security.Inputs.GovernanceRuleOwnerSourceArgs
{
Type = AzureNative.Security.GovernanceRuleOwnerSourceType.Manually,
Value = "user@contoso.com",
},
RemediationTimeframe = "7.00:00:00",
RuleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
RulePriority = 200,
RuleType = AzureNative.Security.GovernanceRuleType.Integrated,
Scope = "providers/Microsoft.Management/managementGroups/contoso",
SourceResourceType = AzureNative.Security.GovernanceRuleSourceResourceType.Assessments,
});
});
package main
import (
security "github.com/pulumi/pulumi-azure-native-sdk/security/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := security.NewGovernanceRule(ctx, "governanceRule", &security.GovernanceRuleArgs{
Description: pulumi.String("A rule for a management group"),
DisplayName: pulumi.String("Management group rule"),
ExcludedScopes: pulumi.StringArray{
pulumi.String("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"),
},
GovernanceEmailNotification: &security.GovernanceRuleEmailNotificationArgs{
DisableManagerEmailNotification: pulumi.Bool(true),
DisableOwnerEmailNotification: pulumi.Bool(false),
},
IsDisabled: pulumi.Bool(false),
IsGracePeriod: pulumi.Bool(true),
OwnerSource: &security.GovernanceRuleOwnerSourceArgs{
Type: pulumi.String(security.GovernanceRuleOwnerSourceTypeManually),
Value: pulumi.String("user@contoso.com"),
},
RemediationTimeframe: pulumi.String("7.00:00:00"),
RuleId: pulumi.String("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
RulePriority: pulumi.Int(200),
RuleType: pulumi.String(security.GovernanceRuleTypeIntegrated),
Scope: pulumi.String("providers/Microsoft.Management/managementGroups/contoso"),
SourceResourceType: pulumi.String(security.GovernanceRuleSourceResourceTypeAssessments),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.security.GovernanceRule;
import com.pulumi.azurenative.security.GovernanceRuleArgs;
import com.pulumi.azurenative.security.inputs.GovernanceRuleEmailNotificationArgs;
import com.pulumi.azurenative.security.inputs.GovernanceRuleOwnerSourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var governanceRule = new GovernanceRule("governanceRule", GovernanceRuleArgs.builder()
.description("A rule for a management group")
.displayName("Management group rule")
.excludedScopes("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23")
.governanceEmailNotification(GovernanceRuleEmailNotificationArgs.builder()
.disableManagerEmailNotification(true)
.disableOwnerEmailNotification(false)
.build())
.isDisabled(false)
.isGracePeriod(true)
.ownerSource(GovernanceRuleOwnerSourceArgs.builder()
.type("Manually")
.value("user@contoso.com")
.build())
.remediationTimeframe("7.00:00:00")
.ruleId("ad9a8e26-29d9-4829-bb30-e597a58cdbb8")
.rulePriority(200)
.ruleType("Integrated")
.scope("providers/Microsoft.Management/managementGroups/contoso")
.sourceResourceType("Assessments")
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const governanceRule = new azure_native.security.GovernanceRule("governanceRule", {
description: "A rule for a management group",
displayName: "Management group rule",
excludedScopes: ["/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"],
governanceEmailNotification: {
disableManagerEmailNotification: true,
disableOwnerEmailNotification: false,
},
isDisabled: false,
isGracePeriod: true,
ownerSource: {
type: azure_native.security.GovernanceRuleOwnerSourceType.Manually,
value: "user@contoso.com",
},
remediationTimeframe: "7.00:00:00",
ruleId: "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
rulePriority: 200,
ruleType: azure_native.security.GovernanceRuleType.Integrated,
scope: "providers/Microsoft.Management/managementGroups/contoso",
sourceResourceType: azure_native.security.GovernanceRuleSourceResourceType.Assessments,
});
import pulumi
import pulumi_azure_native as azure_native
governance_rule = azure_native.security.GovernanceRule("governanceRule",
description="A rule for a management group",
display_name="Management group rule",
excluded_scopes=["/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"],
governance_email_notification={
"disable_manager_email_notification": True,
"disable_owner_email_notification": False,
},
is_disabled=False,
is_grace_period=True,
owner_source={
"type": azure_native.security.GovernanceRuleOwnerSourceType.MANUALLY,
"value": "user@contoso.com",
},
remediation_timeframe="7.00:00:00",
rule_id="ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
rule_priority=200,
rule_type=azure_native.security.GovernanceRuleType.INTEGRATED,
scope="providers/Microsoft.Management/managementGroups/contoso",
source_resource_type=azure_native.security.GovernanceRuleSourceResourceType.ASSESSMENTS)
resources:
governanceRule:
type: azure-native:security:GovernanceRule
properties:
description: A rule for a management group
displayName: Management group rule
excludedScopes:
- /subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23
governanceEmailNotification:
disableManagerEmailNotification: true
disableOwnerEmailNotification: false
isDisabled: false
isGracePeriod: true
ownerSource:
type: Manually
value: user@contoso.com
remediationTimeframe: 7.00:00:00
ruleId: ad9a8e26-29d9-4829-bb30-e597a58cdbb8
rulePriority: 200
ruleType: Integrated
scope: providers/Microsoft.Management/managementGroups/contoso
sourceResourceType: Assessments
Create or update governance rule over security connector scope
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var governanceRule = new AzureNative.Security.GovernanceRule("governanceRule", new()
{
Description = "A rule on critical GCP recommendations",
DisplayName = "GCP Admin's rule",
GovernanceEmailNotification = new AzureNative.Security.Inputs.GovernanceRuleEmailNotificationArgs
{
DisableManagerEmailNotification = true,
DisableOwnerEmailNotification = false,
},
IsDisabled = false,
IsGracePeriod = true,
OwnerSource = new AzureNative.Security.Inputs.GovernanceRuleOwnerSourceArgs
{
Type = AzureNative.Security.GovernanceRuleOwnerSourceType.Manually,
Value = "user@contoso.com",
},
RemediationTimeframe = "7.00:00:00",
RuleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
RulePriority = 200,
RuleType = AzureNative.Security.GovernanceRuleType.Integrated,
Scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector",
SourceResourceType = AzureNative.Security.GovernanceRuleSourceResourceType.Assessments,
});
});
package main
import (
security "github.com/pulumi/pulumi-azure-native-sdk/security/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := security.NewGovernanceRule(ctx, "governanceRule", &security.GovernanceRuleArgs{
Description: pulumi.String("A rule on critical GCP recommendations"),
DisplayName: pulumi.String("GCP Admin's rule"),
GovernanceEmailNotification: &security.GovernanceRuleEmailNotificationArgs{
DisableManagerEmailNotification: pulumi.Bool(true),
DisableOwnerEmailNotification: pulumi.Bool(false),
},
IsDisabled: pulumi.Bool(false),
IsGracePeriod: pulumi.Bool(true),
OwnerSource: &security.GovernanceRuleOwnerSourceArgs{
Type: pulumi.String(security.GovernanceRuleOwnerSourceTypeManually),
Value: pulumi.String("user@contoso.com"),
},
RemediationTimeframe: pulumi.String("7.00:00:00"),
RuleId: pulumi.String("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
RulePriority: pulumi.Int(200),
RuleType: pulumi.String(security.GovernanceRuleTypeIntegrated),
Scope: pulumi.String("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector"),
SourceResourceType: pulumi.String(security.GovernanceRuleSourceResourceTypeAssessments),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.security.GovernanceRule;
import com.pulumi.azurenative.security.GovernanceRuleArgs;
import com.pulumi.azurenative.security.inputs.GovernanceRuleEmailNotificationArgs;
import com.pulumi.azurenative.security.inputs.GovernanceRuleOwnerSourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var governanceRule = new GovernanceRule("governanceRule", GovernanceRuleArgs.builder()
.description("A rule on critical GCP recommendations")
.displayName("GCP Admin's rule")
.governanceEmailNotification(GovernanceRuleEmailNotificationArgs.builder()
.disableManagerEmailNotification(true)
.disableOwnerEmailNotification(false)
.build())
.isDisabled(false)
.isGracePeriod(true)
.ownerSource(GovernanceRuleOwnerSourceArgs.builder()
.type("Manually")
.value("user@contoso.com")
.build())
.remediationTimeframe("7.00:00:00")
.ruleId("ad9a8e26-29d9-4829-bb30-e597a58cdbb8")
.rulePriority(200)
.ruleType("Integrated")
.scope("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector")
.sourceResourceType("Assessments")
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const governanceRule = new azure_native.security.GovernanceRule("governanceRule", {
description: "A rule on critical GCP recommendations",
displayName: "GCP Admin's rule",
governanceEmailNotification: {
disableManagerEmailNotification: true,
disableOwnerEmailNotification: false,
},
isDisabled: false,
isGracePeriod: true,
ownerSource: {
type: azure_native.security.GovernanceRuleOwnerSourceType.Manually,
value: "user@contoso.com",
},
remediationTimeframe: "7.00:00:00",
ruleId: "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
rulePriority: 200,
ruleType: azure_native.security.GovernanceRuleType.Integrated,
scope: "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector",
sourceResourceType: azure_native.security.GovernanceRuleSourceResourceType.Assessments,
});
import pulumi
import pulumi_azure_native as azure_native
governance_rule = azure_native.security.GovernanceRule("governanceRule",
description="A rule on critical GCP recommendations",
display_name="GCP Admin's rule",
governance_email_notification={
"disable_manager_email_notification": True,
"disable_owner_email_notification": False,
},
is_disabled=False,
is_grace_period=True,
owner_source={
"type": azure_native.security.GovernanceRuleOwnerSourceType.MANUALLY,
"value": "user@contoso.com",
},
remediation_timeframe="7.00:00:00",
rule_id="ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
rule_priority=200,
rule_type=azure_native.security.GovernanceRuleType.INTEGRATED,
scope="subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector",
source_resource_type=azure_native.security.GovernanceRuleSourceResourceType.ASSESSMENTS)
resources:
governanceRule:
type: azure-native:security:GovernanceRule
properties:
description: A rule on critical GCP recommendations
displayName: GCP Admin's rule
governanceEmailNotification:
disableManagerEmailNotification: true
disableOwnerEmailNotification: false
isDisabled: false
isGracePeriod: true
ownerSource:
type: Manually
value: user@contoso.com
remediationTimeframe: 7.00:00:00
ruleId: ad9a8e26-29d9-4829-bb30-e597a58cdbb8
rulePriority: 200
ruleType: Integrated
scope: subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector
sourceResourceType: Assessments
Create or update governance rule over subscription scope
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var governanceRule = new AzureNative.Security.GovernanceRule("governanceRule", new()
{
Description = "A rule for critical recommendations",
DisplayName = "Admin's rule",
GovernanceEmailNotification = new AzureNative.Security.Inputs.GovernanceRuleEmailNotificationArgs
{
DisableManagerEmailNotification = false,
DisableOwnerEmailNotification = false,
},
IsDisabled = false,
IsGracePeriod = true,
OwnerSource = new AzureNative.Security.Inputs.GovernanceRuleOwnerSourceArgs
{
Type = AzureNative.Security.GovernanceRuleOwnerSourceType.Manually,
Value = "user@contoso.com",
},
RemediationTimeframe = "7.00:00:00",
RuleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
RulePriority = 200,
RuleType = AzureNative.Security.GovernanceRuleType.Integrated,
Scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
SourceResourceType = AzureNative.Security.GovernanceRuleSourceResourceType.Assessments,
});
});
package main
import (
security "github.com/pulumi/pulumi-azure-native-sdk/security/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := security.NewGovernanceRule(ctx, "governanceRule", &security.GovernanceRuleArgs{
Description: pulumi.String("A rule for critical recommendations"),
DisplayName: pulumi.String("Admin's rule"),
GovernanceEmailNotification: &security.GovernanceRuleEmailNotificationArgs{
DisableManagerEmailNotification: pulumi.Bool(false),
DisableOwnerEmailNotification: pulumi.Bool(false),
},
IsDisabled: pulumi.Bool(false),
IsGracePeriod: pulumi.Bool(true),
OwnerSource: &security.GovernanceRuleOwnerSourceArgs{
Type: pulumi.String(security.GovernanceRuleOwnerSourceTypeManually),
Value: pulumi.String("user@contoso.com"),
},
RemediationTimeframe: pulumi.String("7.00:00:00"),
RuleId: pulumi.String("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
RulePriority: pulumi.Int(200),
RuleType: pulumi.String(security.GovernanceRuleTypeIntegrated),
Scope: pulumi.String("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"),
SourceResourceType: pulumi.String(security.GovernanceRuleSourceResourceTypeAssessments),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.security.GovernanceRule;
import com.pulumi.azurenative.security.GovernanceRuleArgs;
import com.pulumi.azurenative.security.inputs.GovernanceRuleEmailNotificationArgs;
import com.pulumi.azurenative.security.inputs.GovernanceRuleOwnerSourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var governanceRule = new GovernanceRule("governanceRule", GovernanceRuleArgs.builder()
.description("A rule for critical recommendations")
.displayName("Admin's rule")
.governanceEmailNotification(GovernanceRuleEmailNotificationArgs.builder()
.disableManagerEmailNotification(false)
.disableOwnerEmailNotification(false)
.build())
.isDisabled(false)
.isGracePeriod(true)
.ownerSource(GovernanceRuleOwnerSourceArgs.builder()
.type("Manually")
.value("user@contoso.com")
.build())
.remediationTimeframe("7.00:00:00")
.ruleId("ad9a8e26-29d9-4829-bb30-e597a58cdbb8")
.rulePriority(200)
.ruleType("Integrated")
.scope("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23")
.sourceResourceType("Assessments")
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const governanceRule = new azure_native.security.GovernanceRule("governanceRule", {
description: "A rule for critical recommendations",
displayName: "Admin's rule",
governanceEmailNotification: {
disableManagerEmailNotification: false,
disableOwnerEmailNotification: false,
},
isDisabled: false,
isGracePeriod: true,
ownerSource: {
type: azure_native.security.GovernanceRuleOwnerSourceType.Manually,
value: "user@contoso.com",
},
remediationTimeframe: "7.00:00:00",
ruleId: "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
rulePriority: 200,
ruleType: azure_native.security.GovernanceRuleType.Integrated,
scope: "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
sourceResourceType: azure_native.security.GovernanceRuleSourceResourceType.Assessments,
});
import pulumi
import pulumi_azure_native as azure_native
governance_rule = azure_native.security.GovernanceRule("governanceRule",
description="A rule for critical recommendations",
display_name="Admin's rule",
governance_email_notification={
"disable_manager_email_notification": False,
"disable_owner_email_notification": False,
},
is_disabled=False,
is_grace_period=True,
owner_source={
"type": azure_native.security.GovernanceRuleOwnerSourceType.MANUALLY,
"value": "user@contoso.com",
},
remediation_timeframe="7.00:00:00",
rule_id="ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
rule_priority=200,
rule_type=azure_native.security.GovernanceRuleType.INTEGRATED,
scope="subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
source_resource_type=azure_native.security.GovernanceRuleSourceResourceType.ASSESSMENTS)
resources:
governanceRule:
type: azure-native:security:GovernanceRule
properties:
description: A rule for critical recommendations
displayName: Admin's rule
governanceEmailNotification:
disableManagerEmailNotification: false
disableOwnerEmailNotification: false
isDisabled: false
isGracePeriod: true
ownerSource:
type: Manually
value: user@contoso.com
remediationTimeframe: 7.00:00:00
ruleId: ad9a8e26-29d9-4829-bb30-e597a58cdbb8
rulePriority: 200
ruleType: Integrated
scope: subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23
sourceResourceType: Assessments
Create GovernanceRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new GovernanceRule(name: string, args: GovernanceRuleArgs, opts?: CustomResourceOptions);@overload
def GovernanceRule(resource_name: str,
args: GovernanceRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def GovernanceRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
owner_source: Optional[GovernanceRuleOwnerSourceArgs] = None,
display_name: Optional[str] = None,
source_resource_type: Optional[Union[str, GovernanceRuleSourceResourceType]] = None,
scope: Optional[str] = None,
rule_type: Optional[Union[str, GovernanceRuleType]] = None,
rule_priority: Optional[int] = None,
is_grace_period: Optional[bool] = None,
description: Optional[str] = None,
remediation_timeframe: Optional[str] = None,
rule_id: Optional[str] = None,
is_disabled: Optional[bool] = None,
include_member_scopes: Optional[bool] = None,
governance_email_notification: Optional[GovernanceRuleEmailNotificationArgs] = None,
excluded_scopes: Optional[Sequence[str]] = None)func NewGovernanceRule(ctx *Context, name string, args GovernanceRuleArgs, opts ...ResourceOption) (*GovernanceRule, error)public GovernanceRule(string name, GovernanceRuleArgs args, CustomResourceOptions? opts = null)
public GovernanceRule(String name, GovernanceRuleArgs args)
public GovernanceRule(String name, GovernanceRuleArgs args, CustomResourceOptions options)
type: azure-native:security:GovernanceRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args GovernanceRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args GovernanceRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args GovernanceRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GovernanceRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args GovernanceRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var governanceRuleResource = new AzureNative.Security.GovernanceRule("governanceRuleResource", new()
{
OwnerSource = new AzureNative.Security.Inputs.GovernanceRuleOwnerSourceArgs
{
Type = "string",
Value = "string",
},
DisplayName = "string",
SourceResourceType = "string",
Scope = "string",
RuleType = "string",
RulePriority = 0,
IsGracePeriod = false,
Description = "string",
RemediationTimeframe = "string",
RuleId = "string",
IsDisabled = false,
IncludeMemberScopes = false,
GovernanceEmailNotification = new AzureNative.Security.Inputs.GovernanceRuleEmailNotificationArgs
{
DisableManagerEmailNotification = false,
DisableOwnerEmailNotification = false,
},
ExcludedScopes = new[]
{
"string",
},
});
example, err := security.NewGovernanceRule(ctx, "governanceRuleResource", &security.GovernanceRuleArgs{
OwnerSource: &security.GovernanceRuleOwnerSourceArgs{
Type: pulumi.String("string"),
Value: pulumi.String("string"),
},
DisplayName: pulumi.String("string"),
SourceResourceType: pulumi.String("string"),
Scope: pulumi.String("string"),
RuleType: pulumi.String("string"),
RulePriority: pulumi.Int(0),
IsGracePeriod: pulumi.Bool(false),
Description: pulumi.String("string"),
RemediationTimeframe: pulumi.String("string"),
RuleId: pulumi.String("string"),
IsDisabled: pulumi.Bool(false),
IncludeMemberScopes: pulumi.Bool(false),
GovernanceEmailNotification: &security.GovernanceRuleEmailNotificationArgs{
DisableManagerEmailNotification: pulumi.Bool(false),
DisableOwnerEmailNotification: pulumi.Bool(false),
},
ExcludedScopes: pulumi.StringArray{
pulumi.String("string"),
},
})
var governanceRuleResource = new GovernanceRule("governanceRuleResource", GovernanceRuleArgs.builder()
.ownerSource(GovernanceRuleOwnerSourceArgs.builder()
.type("string")
.value("string")
.build())
.displayName("string")
.sourceResourceType("string")
.scope("string")
.ruleType("string")
.rulePriority(0)
.isGracePeriod(false)
.description("string")
.remediationTimeframe("string")
.ruleId("string")
.isDisabled(false)
.includeMemberScopes(false)
.governanceEmailNotification(GovernanceRuleEmailNotificationArgs.builder()
.disableManagerEmailNotification(false)
.disableOwnerEmailNotification(false)
.build())
.excludedScopes("string")
.build());
governance_rule_resource = azure_native.security.GovernanceRule("governanceRuleResource",
owner_source={
"type": "string",
"value": "string",
},
display_name="string",
source_resource_type="string",
scope="string",
rule_type="string",
rule_priority=0,
is_grace_period=False,
description="string",
remediation_timeframe="string",
rule_id="string",
is_disabled=False,
include_member_scopes=False,
governance_email_notification={
"disable_manager_email_notification": False,
"disable_owner_email_notification": False,
},
excluded_scopes=["string"])
const governanceRuleResource = new azure_native.security.GovernanceRule("governanceRuleResource", {
ownerSource: {
type: "string",
value: "string",
},
displayName: "string",
sourceResourceType: "string",
scope: "string",
ruleType: "string",
rulePriority: 0,
isGracePeriod: false,
description: "string",
remediationTimeframe: "string",
ruleId: "string",
isDisabled: false,
includeMemberScopes: false,
governanceEmailNotification: {
disableManagerEmailNotification: false,
disableOwnerEmailNotification: false,
},
excludedScopes: ["string"],
});
type: azure-native:security:GovernanceRule
properties:
description: string
displayName: string
excludedScopes:
- string
governanceEmailNotification:
disableManagerEmailNotification: false
disableOwnerEmailNotification: false
includeMemberScopes: false
isDisabled: false
isGracePeriod: false
ownerSource:
type: string
value: string
remediationTimeframe: string
ruleId: string
rulePriority: 0
ruleType: string
scope: string
sourceResourceType: string
GovernanceRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The GovernanceRule resource accepts the following input properties:
- Display
Name string - Display name of the governance rule
- Owner
Source Pulumi.Azure Native. Security. Inputs. Governance Rule Owner Source - The owner source for the governance rule - e.g. Manually by user@contoso.com - see example
- Rule
Priority int - The governance rule priority, priority to the lower number. Rules with the same priority on the same scope will not be allowed
- Rule
Type string | Pulumi.Azure Native. Security. Governance Rule Type - The rule type of the governance rule, defines the source of the rule e.g. Integrated
- Scope string
- The scope of the Governance rules. Valid scopes are: management group (format: 'providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: 'subscriptions/{subscriptionId}'), or security connector (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName})'
- Source
Resource string | Pulumi.Type Azure Native. Security. Governance Rule Source Resource Type - The governance rule source, what the rule affects, e.g. Assessments
- Description string
- Description of the governance rule
- Excluded
Scopes List<string> - Excluded scopes, filter out the descendants of the scope (on management scopes)
- Governance
Email Pulumi.Notification Azure Native. Security. Inputs. Governance Rule Email Notification - The email notifications settings for the governance rule, states whether to disable notifications for mangers and owners
- Include
Member boolScopes - Defines whether the rule is management scope rule (master connector as a single scope or management scope)
- Is
Disabled bool - Defines whether the rule is active/inactive
- Is
Grace boolPeriod - Defines whether there is a grace period on the governance rule
- Remediation
Timeframe string - Governance rule remediation timeframe - this is the time that will affect on the grace-period duration e.g. 7.00:00:00 - means 7 days
- Rule
Id string - The governance rule key - unique key for the standard governance rule (GUID)
- Display
Name string - Display name of the governance rule
- Owner
Source GovernanceRule Owner Source Args - The owner source for the governance rule - e.g. Manually by user@contoso.com - see example
- Rule
Priority int - The governance rule priority, priority to the lower number. Rules with the same priority on the same scope will not be allowed
- Rule
Type string | GovernanceRule Type - The rule type of the governance rule, defines the source of the rule e.g. Integrated
- Scope string
- The scope of the Governance rules. Valid scopes are: management group (format: 'providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: 'subscriptions/{subscriptionId}'), or security connector (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName})'
- Source
Resource string | GovernanceType Rule Source Resource Type - The governance rule source, what the rule affects, e.g. Assessments
- Description string
- Description of the governance rule
- Excluded
Scopes []string - Excluded scopes, filter out the descendants of the scope (on management scopes)
- Governance
Email GovernanceNotification Rule Email Notification Args - The email notifications settings for the governance rule, states whether to disable notifications for mangers and owners
- Include
Member boolScopes - Defines whether the rule is management scope rule (master connector as a single scope or management scope)
- Is
Disabled bool - Defines whether the rule is active/inactive
- Is
Grace boolPeriod - Defines whether there is a grace period on the governance rule
- Remediation
Timeframe string - Governance rule remediation timeframe - this is the time that will affect on the grace-period duration e.g. 7.00:00:00 - means 7 days
- Rule
Id string - The governance rule key - unique key for the standard governance rule (GUID)
- display
Name String - Display name of the governance rule
- owner
Source GovernanceRule Owner Source - The owner source for the governance rule - e.g. Manually by user@contoso.com - see example
- rule
Priority Integer - The governance rule priority, priority to the lower number. Rules with the same priority on the same scope will not be allowed
- rule
Type String | GovernanceRule Type - The rule type of the governance rule, defines the source of the rule e.g. Integrated
- scope String
- The scope of the Governance rules. Valid scopes are: management group (format: 'providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: 'subscriptions/{subscriptionId}'), or security connector (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName})'
- source
Resource String | GovernanceType Rule Source Resource Type - The governance rule source, what the rule affects, e.g. Assessments
- description String
- Description of the governance rule
- excluded
Scopes List<String> - Excluded scopes, filter out the descendants of the scope (on management scopes)
- governance
Email GovernanceNotification Rule Email Notification - The email notifications settings for the governance rule, states whether to disable notifications for mangers and owners
- include
Member BooleanScopes - Defines whether the rule is management scope rule (master connector as a single scope or management scope)
- is
Disabled Boolean - Defines whether the rule is active/inactive
- is
Grace BooleanPeriod - Defines whether there is a grace period on the governance rule
- remediation
Timeframe String - Governance rule remediation timeframe - this is the time that will affect on the grace-period duration e.g. 7.00:00:00 - means 7 days
- rule
Id String - The governance rule key - unique key for the standard governance rule (GUID)
- display
Name string - Display name of the governance rule
- owner
Source GovernanceRule Owner Source - The owner source for the governance rule - e.g. Manually by user@contoso.com - see example
- rule
Priority number - The governance rule priority, priority to the lower number. Rules with the same priority on the same scope will not be allowed
- rule
Type string | GovernanceRule Type - The rule type of the governance rule, defines the source of the rule e.g. Integrated
- scope string
- The scope of the Governance rules. Valid scopes are: management group (format: 'providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: 'subscriptions/{subscriptionId}'), or security connector (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName})'
- source
Resource string | GovernanceType Rule Source Resource Type - The governance rule source, what the rule affects, e.g. Assessments
- description string
- Description of the governance rule
- excluded
Scopes string[] - Excluded scopes, filter out the descendants of the scope (on management scopes)
- governance
Email GovernanceNotification Rule Email Notification - The email notifications settings for the governance rule, states whether to disable notifications for mangers and owners
- include
Member booleanScopes - Defines whether the rule is management scope rule (master connector as a single scope or management scope)
- is
Disabled boolean - Defines whether the rule is active/inactive
- is
Grace booleanPeriod - Defines whether there is a grace period on the governance rule
- remediation
Timeframe string - Governance rule remediation timeframe - this is the time that will affect on the grace-period duration e.g. 7.00:00:00 - means 7 days
- rule
Id string - The governance rule key - unique key for the standard governance rule (GUID)
- display_
name str - Display name of the governance rule
- owner_
source GovernanceRule Owner Source Args - The owner source for the governance rule - e.g. Manually by user@contoso.com - see example
- rule_
priority int - The governance rule priority, priority to the lower number. Rules with the same priority on the same scope will not be allowed
- rule_
type str | GovernanceRule Type - The rule type of the governance rule, defines the source of the rule e.g. Integrated
- scope str
- The scope of the Governance rules. Valid scopes are: management group (format: 'providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: 'subscriptions/{subscriptionId}'), or security connector (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName})'
- source_
resource_ str | Governancetype Rule Source Resource Type - The governance rule source, what the rule affects, e.g. Assessments
- description str
- Description of the governance rule
- excluded_
scopes Sequence[str] - Excluded scopes, filter out the descendants of the scope (on management scopes)
- governance_
email_ Governancenotification Rule Email Notification Args - The email notifications settings for the governance rule, states whether to disable notifications for mangers and owners
- include_
member_ boolscopes - Defines whether the rule is management scope rule (master connector as a single scope or management scope)
- is_
disabled bool - Defines whether the rule is active/inactive
- is_
grace_ boolperiod - Defines whether there is a grace period on the governance rule
- remediation_
timeframe str - Governance rule remediation timeframe - this is the time that will affect on the grace-period duration e.g. 7.00:00:00 - means 7 days
- rule_
id str - The governance rule key - unique key for the standard governance rule (GUID)
- display
Name String - Display name of the governance rule
- owner
Source Property Map - The owner source for the governance rule - e.g. Manually by user@contoso.com - see example
- rule
Priority Number - The governance rule priority, priority to the lower number. Rules with the same priority on the same scope will not be allowed
- rule
Type String | "Integrated" | "ServiceNow" - The rule type of the governance rule, defines the source of the rule e.g. Integrated
- scope String
- The scope of the Governance rules. Valid scopes are: management group (format: 'providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: 'subscriptions/{subscriptionId}'), or security connector (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName})'
- source
Resource String | "Assessments"Type - The governance rule source, what the rule affects, e.g. Assessments
- description String
- Description of the governance rule
- excluded
Scopes List<String> - Excluded scopes, filter out the descendants of the scope (on management scopes)
- governance
Email Property MapNotification - The email notifications settings for the governance rule, states whether to disable notifications for mangers and owners
- include
Member BooleanScopes - Defines whether the rule is management scope rule (master connector as a single scope or management scope)
- is
Disabled Boolean - Defines whether the rule is active/inactive
- is
Grace BooleanPeriod - Defines whether there is a grace period on the governance rule
- remediation
Timeframe String - Governance rule remediation timeframe - this is the time that will affect on the grace-period duration e.g. 7.00:00:00 - means 7 days
- rule
Id String - The governance rule key - unique key for the standard governance rule (GUID)
Outputs
All input properties are implicitly available as output properties. Additionally, the GovernanceRule resource produces the following output properties:
Supporting Types
GovernanceRuleEmailNotification, GovernanceRuleEmailNotificationArgs
- Disable
Manager boolEmail Notification - Defines whether manager email notifications are disabled
- Disable
Owner boolEmail Notification - Defines whether owner email notifications are disabled
- Disable
Manager boolEmail Notification - Defines whether manager email notifications are disabled
- Disable
Owner boolEmail Notification - Defines whether owner email notifications are disabled
- disable
Manager BooleanEmail Notification - Defines whether manager email notifications are disabled
- disable
Owner BooleanEmail Notification - Defines whether owner email notifications are disabled
- disable
Manager booleanEmail Notification - Defines whether manager email notifications are disabled
- disable
Owner booleanEmail Notification - Defines whether owner email notifications are disabled
- disable_
manager_ boolemail_ notification - Defines whether manager email notifications are disabled
- disable_
owner_ boolemail_ notification - Defines whether owner email notifications are disabled
- disable
Manager BooleanEmail Notification - Defines whether manager email notifications are disabled
- disable
Owner BooleanEmail Notification - Defines whether owner email notifications are disabled
GovernanceRuleEmailNotificationResponse, GovernanceRuleEmailNotificationResponseArgs
- Disable
Manager boolEmail Notification - Defines whether manager email notifications are disabled
- Disable
Owner boolEmail Notification - Defines whether owner email notifications are disabled
- Disable
Manager boolEmail Notification - Defines whether manager email notifications are disabled
- Disable
Owner boolEmail Notification - Defines whether owner email notifications are disabled
- disable
Manager BooleanEmail Notification - Defines whether manager email notifications are disabled
- disable
Owner BooleanEmail Notification - Defines whether owner email notifications are disabled
- disable
Manager booleanEmail Notification - Defines whether manager email notifications are disabled
- disable
Owner booleanEmail Notification - Defines whether owner email notifications are disabled
- disable_
manager_ boolemail_ notification - Defines whether manager email notifications are disabled
- disable_
owner_ boolemail_ notification - Defines whether owner email notifications are disabled
- disable
Manager BooleanEmail Notification - Defines whether manager email notifications are disabled
- disable
Owner BooleanEmail Notification - Defines whether owner email notifications are disabled
GovernanceRuleMetadataResponse, GovernanceRuleMetadataResponseArgs
- created_
by str - Governance rule Created by object id (GUID)
- created_
on str - Governance rule creation date
- updated_
by str - Governance rule last updated by object id (GUID)
- updated_
on str - Governance rule last update date
GovernanceRuleOwnerSource, GovernanceRuleOwnerSourceArgs
- Type
string | Pulumi.
Azure Native. Security. Governance Rule Owner Source Type - The owner type for the governance rule owner source
- Value string
- The source value e.g. tag key like owner name or email address
- Type
string | Governance
Rule Owner Source Type - The owner type for the governance rule owner source
- Value string
- The source value e.g. tag key like owner name or email address
- type
String | Governance
Rule Owner Source Type - The owner type for the governance rule owner source
- value String
- The source value e.g. tag key like owner name or email address
- type
string | Governance
Rule Owner Source Type - The owner type for the governance rule owner source
- value string
- The source value e.g. tag key like owner name or email address
- type
str | Governance
Rule Owner Source Type - The owner type for the governance rule owner source
- value str
- The source value e.g. tag key like owner name or email address
- type
String | "By
Tag" | "Manually" - The owner type for the governance rule owner source
- value String
- The source value e.g. tag key like owner name or email address
GovernanceRuleOwnerSourceResponse, GovernanceRuleOwnerSourceResponseArgs
GovernanceRuleOwnerSourceType, GovernanceRuleOwnerSourceTypeArgs
- By
Tag - ByTagThe rule source type defined using resource tag
- Manually
- ManuallyThe rule source type defined manually
- Governance
Rule Owner Source Type By Tag - ByTagThe rule source type defined using resource tag
- Governance
Rule Owner Source Type Manually - ManuallyThe rule source type defined manually
- By
Tag - ByTagThe rule source type defined using resource tag
- Manually
- ManuallyThe rule source type defined manually
- By
Tag - ByTagThe rule source type defined using resource tag
- Manually
- ManuallyThe rule source type defined manually
- BY_TAG
- ByTagThe rule source type defined using resource tag
- MANUALLY
- ManuallyThe rule source type defined manually
- "By
Tag" - ByTagThe rule source type defined using resource tag
- "Manually"
- ManuallyThe rule source type defined manually
GovernanceRuleSourceResourceType, GovernanceRuleSourceResourceTypeArgs
- Assessments
- AssessmentsThe source of the governance rule is assessments
- Governance
Rule Source Resource Type Assessments - AssessmentsThe source of the governance rule is assessments
- Assessments
- AssessmentsThe source of the governance rule is assessments
- Assessments
- AssessmentsThe source of the governance rule is assessments
- ASSESSMENTS
- AssessmentsThe source of the governance rule is assessments
- "Assessments"
- AssessmentsThe source of the governance rule is assessments
GovernanceRuleType, GovernanceRuleTypeArgs
- Integrated
- IntegratedThe source of the rule type definition is integrated
- Service
Now - ServiceNowThe source of the rule type definition is ServiceNow
- Governance
Rule Type Integrated - IntegratedThe source of the rule type definition is integrated
- Governance
Rule Type Service Now - ServiceNowThe source of the rule type definition is ServiceNow
- Integrated
- IntegratedThe source of the rule type definition is integrated
- Service
Now - ServiceNowThe source of the rule type definition is ServiceNow
- Integrated
- IntegratedThe source of the rule type definition is integrated
- Service
Now - ServiceNowThe source of the rule type definition is ServiceNow
- INTEGRATED
- IntegratedThe source of the rule type definition is integrated
- SERVICE_NOW
- ServiceNowThe source of the rule type definition is ServiceNow
- "Integrated"
- IntegratedThe source of the rule type definition is integrated
- "Service
Now" - ServiceNowThe source of the rule type definition is ServiceNow
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:security:GovernanceRule ad9a8e26-29d9-4829-bb30-e597a58cdbb8 /{scope}/providers/Microsoft.Security/governanceRules/{ruleId}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0
This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.
Azure Native v2.90.0 published on Thursday, Mar 27, 2025 by Pulumi