Terraform provider Azure - how to change ASC Default `PARAMETERS` in Azure policy?

Question

What is the correct and easy way of changing ASC Default PARAMETERS in Azure policy using TF?

As an example Set Monitor SQL Encryption to AuditIfNotExists or any other available value than Disabled.

Answer 1

'ASC Default' is initiative, or so called azurerm_policy_set_definition in TF terms. You just need to assign it using 'azurerm_policy_assignment'.

These links might help:

1. https://github.com/Azure/azure-policy/blob/master/built-in-policies/policySetDefinitions/Security%20Center/AzureSecurityCenter.json
2. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/policy_assignment

Example for different initiative:

  resource "azurerm_policy_assignment" "audit_k8s_security_restricted_standarts" {
  name = "42b8ef37-b724-4e24-bbc8-7a7708edfe00"
  scope = local.azure_policy_scope
  policy_definition_id = "/providers/Microsoft.Authorization/policySetDefinitions/42b8ef37-b724-4e24-bbc8-7a7708edfe00"
  description = "This initiative includes the policies for the Kubernetes cluster pod security restricted standards."
  display_name = "Kubernetes cluster pod security restricted standards for Linux-based workloads"
  identity { type = "SystemAssigned" }
  location = var.primary_location
  parameters = <<PARAMETERS
    {
      "effect": {
        "value": "audit"
      }
    }
    PARAMETERS
}

What you need is to place proper policy_definition_id and pass valid parameters. And start small, with one simple param, there are bugs in TF.