Docs Home
These are the docs for Azure Native v2. We recommenend using the latest version, Azure Native v3.
Azure Native v2 v2.90.0 published on Thursday, Mar 27, 2025 by Pulumi
azure-native-v2.security.GovernanceRule
Explore with Pulumi AI
These are the docs for Azure Native v2. We recommenend using the latest version, Azure Native v3.
Azure Native v2 v2.90.0 published on Thursday, Mar 27, 2025 by Pulumi
- Example Usage
- Create or update governance rule over management group scope
- Create or update governance rule over security connector scope
- Create or update governance rule over subscription scope
- Create GovernanceRule Resource
- Constructor syntax
- Constructor example
- GovernanceRule Resource Properties
- Inputs
- Outputs
- Supporting Types
- Import
- Package Details
Governance rule over a given scope Azure REST API version: 2022-01-01-preview.
Example Usage
Create or update governance rule over management group scope
Create or update governance rule over security connector scope
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var governanceRule = new AzureNative.Security.GovernanceRule("governanceRule", new()
{
Description = "A rule on critical GCP recommendations",
DisplayName = "GCP Admin's rule",
GovernanceEmailNotification = new AzureNative.Security.Inputs.GovernanceRuleEmailNotificationArgs
{
DisableManagerEmailNotification = true,
DisableOwnerEmailNotification = false,
},
IsDisabled = false,
IsGracePeriod = true,
OwnerSource = new AzureNative.Security.Inputs.GovernanceRuleOwnerSourceArgs
{
Type = AzureNative.Security.GovernanceRuleOwnerSourceType.Manually,
Value = "user@contoso.com",
},
RemediationTimeframe = "7.00:00:00",
RuleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
RulePriority = 200,
RuleType = AzureNative.Security.GovernanceRuleType.Integrated,
Scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector",
SourceResourceType = AzureNative.Security.GovernanceRuleSourceResourceType.Assessments,
});
});
package main
import (
security "github.com/pulumi/pulumi-azure-native-sdk/security/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := security.NewGovernanceRule(ctx, "governanceRule", &security.GovernanceRuleArgs{
Description: pulumi.String("A rule on critical GCP recommendations"),
DisplayName: pulumi.String("GCP Admin's rule"),
GovernanceEmailNotification: &security.GovernanceRuleEmailNotificationArgs{
DisableManagerEmailNotification: pulumi.Bool(true),
DisableOwnerEmailNotification: pulumi.Bool(false),
},
IsDisabled: pulumi.Bool(false),
IsGracePeriod: pulumi.Bool(true),
OwnerSource: &security.GovernanceRuleOwnerSourceArgs{
Type: pulumi.String(security.GovernanceRuleOwnerSourceTypeManually),
Value: pulumi.String("user@contoso.com"),
},
RemediationTimeframe: pulumi.String("7.00:00:00"),
RuleId: pulumi.String("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
RulePriority: pulumi.Int(200),
RuleType: pulumi.String(security.GovernanceRuleTypeIntegrated),
Scope: pulumi.String("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector"),
SourceResourceType: pulumi.String(security.GovernanceRuleSourceResourceTypeAssessments),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.security.GovernanceRule;
import com.pulumi.azurenative.security.GovernanceRuleArgs;
import com.pulumi.azurenative.security.inputs.GovernanceRuleEmailNotificationArgs;
import com.pulumi.azurenative.security.inputs.GovernanceRuleOwnerSourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var governanceRule = new GovernanceRule("governanceRule", GovernanceRuleArgs.builder()
.description("A rule on critical GCP recommendations")
.displayName("GCP Admin's rule")
.governanceEmailNotification(GovernanceRuleEmailNotificationArgs.builder()
.disableManagerEmailNotification(true)
.disableOwnerEmailNotification(false)
.build())
.isDisabled(false)
.isGracePeriod(true)
.ownerSource(GovernanceRuleOwnerSourceArgs.builder()
.type("Manually")
.value("user@contoso.com")
.build())
.remediationTimeframe("7.00:00:00")
.ruleId("ad9a8e26-29d9-4829-bb30-e597a58cdbb8")
.rulePriority(200)
.ruleType("Integrated")
.scope("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector")
.sourceResourceType("Assessments")
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const governanceRule = new azure_native.security.GovernanceRule("governanceRule", {
description: "A rule on critical GCP recommendations",
displayName: "GCP Admin's rule",
governanceEmailNotification: {
disableManagerEmailNotification: true,
disableOwnerEmailNotification: false,
},
isDisabled: false,
isGracePeriod: true,
ownerSource: {
type: azure_native.security.GovernanceRuleOwnerSourceType.Manually,
value: "user@contoso.com",
},
remediationTimeframe: "7.00:00:00",
ruleId: "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
rulePriority: 200,
ruleType: azure_native.security.GovernanceRuleType.Integrated,
scope: "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector",
sourceResourceType: azure_native.security.GovernanceRuleSourceResourceType.Assessments,
});
import pulumi
import pulumi_azure_native as azure_native
governance_rule = azure_native.security.GovernanceRule("governanceRule",
description="A rule on critical GCP recommendations",
display_name="GCP Admin's rule",
governance_email_notification={
"disable_manager_email_notification": True,
"disable_owner_email_notification": False,
},
is_disabled=False,
is_grace_period=True,
owner_source={
"type": azure_native.security.GovernanceRuleOwnerSourceType.MANUALLY,
"value": "user@contoso.com",
},
remediation_timeframe="7.00:00:00",
rule_id="ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
rule_priority=200,
rule_type=azure_native.security.GovernanceRuleType.INTEGRATED,
scope="subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector",
source_resource_type=azure_native.security.GovernanceRuleSourceResourceType.ASSESSMENTS)
resources:
governanceRule:
type: azure-native:security:GovernanceRule
properties:
description: A rule on critical GCP recommendations
displayName: GCP Admin's rule
governanceEmailNotification:
disableManagerEmailNotification: true
disableOwnerEmailNotification: false
isDisabled: false
isGracePeriod: true
ownerSource:
type: Manually
value: user@contoso.com
remediationTimeframe: 7.00:00:00
ruleId: ad9a8e26-29d9-4829-bb30-e597a58cdbb8
rulePriority: 200
ruleType: Integrated
scope: subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector
sourceResourceType: Assessments
Create or update governance rule over subscription scope
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var governanceRule = new AzureNative.Security.GovernanceRule("governanceRule", new()
{
Description = "A rule for critical recommendations",
DisplayName = "Admin's rule",
GovernanceEmailNotification = new AzureNative.Security.Inputs.GovernanceRuleEmailNotificationArgs
{
DisableManagerEmailNotification = false,
DisableOwnerEmailNotification = false,
},
IsDisabled = false,
IsGracePeriod = true,
OwnerSource = new AzureNative.Security.Inputs.GovernanceRuleOwnerSourceArgs
{
Type = AzureNative.Security.GovernanceRuleOwnerSourceType.Manually,
Value = "user@contoso.com",
},
RemediationTimeframe = "7.00:00:00",
RuleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
RulePriority = 200,
RuleType = AzureNative.Security.GovernanceRuleType.Integrated,
Scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
SourceResourceType = AzureNative.Security.GovernanceRuleSourceResourceType.Assessments,
});
});
package main
import (
security "github.com/pulumi/pulumi-azure-native-sdk/security/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := security.NewGovernanceRule(ctx, "governanceRule", &security.GovernanceRuleArgs{
Description: pulumi.String("A rule for critical recommendations"),
DisplayName: pulumi.String("Admin's rule"),
GovernanceEmailNotification: &security.GovernanceRuleEmailNotificationArgs{
DisableManagerEmailNotification: pulumi.Bool(false),
DisableOwnerEmailNotification: pulumi.Bool(false),
},
IsDisabled: pulumi.Bool(false),
IsGracePeriod: pulumi.Bool(true),
OwnerSource: &security.GovernanceRuleOwnerSourceArgs{
Type: pulumi.String(security.GovernanceRuleOwnerSourceTypeManually),
Value: pulumi.String("user@contoso.com"),
},
RemediationTimeframe: pulumi.String("7.00:00:00"),
RuleId: pulumi.String("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
RulePriority: pulumi.Int(200),
RuleType: pulumi.String(security.GovernanceRuleTypeIntegrated),
Scope: pulumi.String("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"),
SourceResourceType: pulumi.String(security.GovernanceRuleSourceResourceTypeAssessments),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.security.GovernanceRule;
import com.pulumi.azurenative.security.GovernanceRuleArgs;
import com.pulumi.azurenative.security.inputs.GovernanceRuleEmailNotificationArgs;
import com.pulumi.azurenative.security.inputs.GovernanceRuleOwnerSourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var governanceRule = new GovernanceRule("governanceRule", GovernanceRuleArgs.builder()
.description("A rule for critical recommendations")
.displayName("Admin's rule")
.governanceEmailNotification(GovernanceRuleEmailNotificationArgs.builder()
.disableManagerEmailNotification(false)
.disableOwnerEmailNotification(false)
.build())
.isDisabled(false)
.isGracePeriod(true)
.ownerSource(GovernanceRuleOwnerSourceArgs.builder()
.type("Manually")
.value("user@contoso.com")
.build())
.remediationTimeframe("7.00:00:00")
.ruleId("ad9a8e26-29d9-4829-bb30-e597a58cdbb8")
.rulePriority(200)
.ruleType("Integrated")
.scope("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23")
.sourceResourceType("Assessments")
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const governanceRule = new azure_native.security.GovernanceRule("governanceRule", {
description: "A rule for critical recommendations",
displayName: "Admin's rule",
governanceEmailNotification: {
disableManagerEmailNotification: false,
disableOwnerEmailNotification: false,
},
isDisabled: false,
isGracePeriod: true,
ownerSource: {
type: azure_native.security.GovernanceRuleOwnerSourceType.Manually,
value: "user@contoso.com",
},
remediationTimeframe: "7.00:00:00",
ruleId: "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
rulePriority: 200,
ruleType: azure_native.security.GovernanceRuleType.Integrated,
scope: "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
sourceResourceType: azure_native.security.GovernanceRuleSourceResourceType.Assessments,
});
import pulumi
import pulumi_azure_native as azure_native
governance_rule = azure_native.security.GovernanceRule("governanceRule",
description="A rule for critical recommendations",
display_name="Admin's rule",
governance_email_notification={
"disable_manager_email_notification": False,
"disable_owner_email_notification": False,
},
is_disabled=False,
is_grace_period=True,
owner_source={
"type": azure_native.security.GovernanceRuleOwnerSourceType.MANUALLY,
"value": "user@contoso.com",
},
remediation_timeframe="7.00:00:00",
rule_id="ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
rule_priority=200,
rule_type=azure_native.security.GovernanceRuleType.INTEGRATED,
scope="subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
source_resource_type=azure_native.security.GovernanceRuleSourceResourceType.ASSESSMENTS)
resources:
governanceRule:
type: azure-native:security:GovernanceRule
properties:
description: A rule for critical recommendations
displayName: Admin's rule
governanceEmailNotification:
disableManagerEmailNotification: false
disableOwnerEmailNotification: false
isDisabled: false
isGracePeriod: true
ownerSource:
type: Manually
value: user@contoso.com
remediationTimeframe: 7.00:00:00
ruleId: ad9a8e26-29d9-4829-bb30-e597a58cdbb8
rulePriority: 200
ruleType: Integrated
scope: subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23
sourceResourceType: Assessments
Create GovernanceRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new GovernanceRule(name: string, args: GovernanceRuleArgs, opts?: CustomResourceOptions);@overload
def GovernanceRule(resource_name: str,
args: GovernanceRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def GovernanceRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
owner_source: Optional[GovernanceRuleOwnerSourceArgs] = None,
display_name: Optional[str] = None,
source_resource_type: Optional[Union[str, GovernanceRuleSourceResourceType]] = None,
scope: Optional[str] = None,
rule_type: Optional[Union[str, GovernanceRuleType]] = None,
rule_priority: Optional[int] = None,
is_grace_period: Optional[bool] = None,
description: Optional[str] = None,
remediation_timeframe: Optional[str] = None,
rule_id: Optional[str] = None,
is_disabled: Optional[bool] = None,
include_member_scopes: Optional[bool] = None,
governance_email_notification: Optional[GovernanceRuleEmailNotificationArgs] = None,
excluded_scopes: Optional[Sequence[str]] = None)func NewGovernanceRule(ctx *Context, name string, args GovernanceRuleArgs, opts ...ResourceOption) (*GovernanceRule, error)public GovernanceRule(string name, GovernanceRuleArgs args, CustomResourceOptions? opts = null)public GovernanceRule(String name, GovernanceRuleArgs args)
public GovernanceRule(String name, GovernanceRuleArgs args, CustomResourceOptions options)
type: azure-native:security:GovernanceRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. GovernanceRuleArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. GovernanceRuleArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. GovernanceRuleArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. GovernanceRuleArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. GovernanceRuleArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var governanceRuleResource = new AzureNative.Security.GovernanceRule("governanceRuleResource", new()
{
OwnerSource =
{
{ "type", "string" },
{ "value", "string" },
},
DisplayName = "string",
SourceResourceType = "string",
Scope = "string",
RuleType = "string",
RulePriority = 0,
IsGracePeriod = false,
Description = "string",
RemediationTimeframe = "string",
RuleId = "string",
IsDisabled = false,
IncludeMemberScopes = false,
GovernanceEmailNotification =
{
{ "disableManagerEmailNotification", false },
{ "disableOwnerEmailNotification", false },
},
ExcludedScopes = new[]
{
"string",
},
});
example, err := security.NewGovernanceRule(ctx, "governanceRuleResource", &security.GovernanceRuleArgs{
OwnerSource: map[string]interface{}{
"type": "string",
"value": "string",
},
DisplayName: "string",
SourceResourceType: "string",
Scope: "string",
RuleType: "string",
RulePriority: 0,
IsGracePeriod: false,
Description: "string",
RemediationTimeframe: "string",
RuleId: "string",
IsDisabled: false,
IncludeMemberScopes: false,
GovernanceEmailNotification: map[string]interface{}{
"disableManagerEmailNotification": false,
"disableOwnerEmailNotification": false,
},
ExcludedScopes: []string{
"string",
},
})
var governanceRuleResource = new GovernanceRule("governanceRuleResource", GovernanceRuleArgs.builder()
.ownerSource(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.displayName("string")
.sourceResourceType("string")
.scope("string")
.ruleType("string")
.rulePriority(0)
.isGracePeriod(false)
.description("string")
.remediationTimeframe("string")
.ruleId("string")
.isDisabled(false)
.includeMemberScopes(false)
.governanceEmailNotification(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.excludedScopes("string")
.build());
governance_rule_resource = azure_native.security.GovernanceRule("governanceRuleResource",
owner_source={
type: string,
value: string,
},
display_name=string,
source_resource_type=string,
scope=string,
rule_type=string,
rule_priority=0,
is_grace_period=False,
description=string,
remediation_timeframe=string,
rule_id=string,
is_disabled=False,
include_member_scopes=False,
governance_email_notification={
disableManagerEmailNotification: False,
disableOwnerEmailNotification: False,
},
excluded_scopes=[string])
const governanceRuleResource = new azure_native.security.GovernanceRule("governanceRuleResource", {
ownerSource: {
type: "string",
value: "string",
},
displayName: "string",
sourceResourceType: "string",
scope: "string",
ruleType: "string",
rulePriority: 0,
isGracePeriod: false,
description: "string",
remediationTimeframe: "string",
ruleId: "string",
isDisabled: false,
includeMemberScopes: false,
governanceEmailNotification: {
disableManagerEmailNotification: false,
disableOwnerEmailNotification: false,
},
excludedScopes: ["string"],
});
type: azure-native:security:GovernanceRule
properties:
description: string
displayName: string
excludedScopes:
- string
governanceEmailNotification:
disableManagerEmailNotification: false
disableOwnerEmailNotification: false
includeMemberScopes: false
isDisabled: false
isGracePeriod: false
ownerSource:
type: string
value: string
remediationTimeframe: string
ruleId: string
rulePriority: 0
ruleType: string
scope: string
sourceResourceType: string
GovernanceRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The GovernanceRule resource accepts the following input properties:
- Display
Name This property is required. string - Display name of the governance rule
- Owner
Source This property is required. Pulumi.Azure Native. Security. Inputs. Governance Rule Owner Source - The owner source for the governance rule - e.g. Manually by user@contoso.com - see example
- Rule
Priority This property is required. int - The governance rule priority, priority to the lower number. Rules with the same priority on the same scope will not be allowed
- Rule
Type This property is required. string | Pulumi.Azure Native. Security. Governance Rule Type - The rule type of the governance rule, defines the source of the rule e.g. Integrated
- Scope
string
This property is required. 
Changes to this property will trigger replacement. - The scope of the Governance rules. Valid scopes are: management group (format: 'providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: 'subscriptions/{subscriptionId}'), or security connector (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName})'
- Source
Resource Type This property is required. string | Pulumi.Azure Native. Security. Governance Rule Source Resource Type - The governance rule source, what the rule affects, e.g. Assessments
- Description string
- Description of the governance rule
- Excluded
Scopes List<string> - Excluded scopes, filter out the descendants of the scope (on management scopes)
- Governance
Email Pulumi.Notification Azure Native. Security. Inputs. Governance Rule Email Notification - The email notifications settings for the governance rule, states whether to disable notifications for mangers and owners
- Include
Member boolScopes - Defines whether the rule is management scope rule (master connector as a single scope or management scope)
- Is
Disabled bool - Defines whether the rule is active/inactive
- Is
Grace boolPeriod - Defines whether there is a grace period on the governance rule
- Remediation
Timeframe string - Governance rule remediation timeframe - this is the time that will affect on the grace-period duration e.g. 7.00:00:00 - means 7 days
- Rule
Id - The governance rule key - unique key for the standard governance rule (GUID)
- Display
Name This property is required. string - Display name of the governance rule
- Owner
Source This property is required. GovernanceRule Owner Source Args - The owner source for the governance rule - e.g. Manually by user@contoso.com - see example
- Rule
Priority This property is required. int - The governance rule priority, priority to the lower number. Rules with the same priority on the same scope will not be allowed
- Rule
Type This property is required. string | GovernanceRule Type - The rule type of the governance rule, defines the source of the rule e.g. Integrated
- Scope
string
This property is required. Changes to this property will trigger replacement. - The scope of the Governance rules. Valid scopes are: management group (format: 'providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: 'subscriptions/{subscriptionId}'), or security connector (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName})'
- Source
Resource Type This property is required. string | GovernanceRule Source Resource Type - The governance rule source, what the rule affects, e.g. Assessments
- Description string
- Description of the governance rule
- Excluded
Scopes []string - Excluded scopes, filter out the descendants of the scope (on management scopes)
- Governance
Email GovernanceNotification Rule Email Notification Args - The email notifications settings for the governance rule, states whether to disable notifications for mangers and owners
- Include
Member boolScopes - Defines whether the rule is management scope rule (master connector as a single scope or management scope)
- Is
Disabled bool - Defines whether the rule is active/inactive
- Is
Grace boolPeriod - Defines whether there is a grace period on the governance rule
- Remediation
Timeframe string - Governance rule remediation timeframe - this is the time that will affect on the grace-period duration e.g. 7.00:00:00 - means 7 days
- Rule
Id - The governance rule key - unique key for the standard governance rule (GUID)
- display
Name This property is required. String - Display name of the governance rule
- owner
Source This property is required. GovernanceRule Owner Source - The owner source for the governance rule - e.g. Manually by user@contoso.com - see example
- rule
Priority This property is required. Integer - The governance rule priority, priority to the lower number. Rules with the same priority on the same scope will not be allowed
- rule
Type This property is required. String | GovernanceRule Type - The rule type of the governance rule, defines the source of the rule e.g. Integrated
- scope
String
This property is required. Changes to this property will trigger replacement. - The scope of the Governance rules. Valid scopes are: management group (format: 'providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: 'subscriptions/{subscriptionId}'), or security connector (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName})'
- source
Resource Type This property is required. String | GovernanceRule Source Resource Type - The governance rule source, what the rule affects, e.g. Assessments
- description String
- Description of the governance rule
- excluded
Scopes List<String> - Excluded scopes, filter out the descendants of the scope (on management scopes)
- governance
Email GovernanceNotification Rule Email Notification - The email notifications settings for the governance rule, states whether to disable notifications for mangers and owners
- include
Member BooleanScopes - Defines whether the rule is management scope rule (master connector as a single scope or management scope)
- is
Disabled Boolean - Defines whether the rule is active/inactive
- is
Grace BooleanPeriod - Defines whether there is a grace period on the governance rule
- remediation
Timeframe String - Governance rule remediation timeframe - this is the time that will affect on the grace-period duration e.g. 7.00:00:00 - means 7 days
- rule
Id - The governance rule key - unique key for the standard governance rule (GUID)
- display
Name This property is required. string - Display name of the governance rule
- owner
Source This property is required. GovernanceRule Owner Source - The owner source for the governance rule - e.g. Manually by user@contoso.com - see example
- rule
Priority This property is required. number - The governance rule priority, priority to the lower number. Rules with the same priority on the same scope will not be allowed
- rule
Type This property is required. string | GovernanceRule Type - The rule type of the governance rule, defines the source of the rule e.g. Integrated
- scope
string
This property is required. Changes to this property will trigger replacement. - The scope of the Governance rules. Valid scopes are: management group (format: 'providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: 'subscriptions/{subscriptionId}'), or security connector (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName})'
- source
Resource Type This property is required. string | GovernanceRule Source Resource Type - The governance rule source, what the rule affects, e.g. Assessments
- description string
- Description of the governance rule
- excluded
Scopes string[] - Excluded scopes, filter out the descendants of the scope (on management scopes)
- governance
Email GovernanceNotification Rule Email Notification - The email notifications settings for the governance rule, states whether to disable notifications for mangers and owners
- include
Member booleanScopes - Defines whether the rule is management scope rule (master connector as a single scope or management scope)
- is
Disabled boolean - Defines whether the rule is active/inactive
- is
Grace booleanPeriod - Defines whether there is a grace period on the governance rule
- remediation
Timeframe string - Governance rule remediation timeframe - this is the time that will affect on the grace-period duration e.g. 7.00:00:00 - means 7 days
- rule
Id - The governance rule key - unique key for the standard governance rule (GUID)
- display_
name This property is required. str - Display name of the governance rule
- owner_
source This property is required. GovernanceRule Owner Source Args - The owner source for the governance rule - e.g. Manually by user@contoso.com - see example
- rule_
priority This property is required. int - The governance rule priority, priority to the lower number. Rules with the same priority on the same scope will not be allowed
- rule_
type This property is required. str | GovernanceRule Type - The rule type of the governance rule, defines the source of the rule e.g. Integrated
- scope
str
This property is required. Changes to this property will trigger replacement. - The scope of the Governance rules. Valid scopes are: management group (format: 'providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: 'subscriptions/{subscriptionId}'), or security connector (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName})'
- source_
resource_ type This property is required. str | GovernanceRule Source Resource Type - The governance rule source, what the rule affects, e.g. Assessments
- description str
- Description of the governance rule
- excluded_
scopes Sequence[str] - Excluded scopes, filter out the descendants of the scope (on management scopes)
- governance_
email_ Governancenotification Rule Email Notification Args - The email notifications settings for the governance rule, states whether to disable notifications for mangers and owners
- include_
member_ boolscopes - Defines whether the rule is management scope rule (master connector as a single scope or management scope)
- is_
disabled bool - Defines whether the rule is active/inactive
- is_
grace_ boolperiod - Defines whether there is a grace period on the governance rule
- remediation_
timeframe str - Governance rule remediation timeframe - this is the time that will affect on the grace-period duration e.g. 7.00:00:00 - means 7 days
- rule_
id - The governance rule key - unique key for the standard governance rule (GUID)
- display
Name This property is required. String - Display name of the governance rule
- owner
Source This property is required. Property Map - The owner source for the governance rule - e.g. Manually by user@contoso.com - see example
- rule
Priority This property is required. Number - The governance rule priority, priority to the lower number. Rules with the same priority on the same scope will not be allowed
- rule
Type This property is required. String | "Integrated" | "ServiceNow" - The rule type of the governance rule, defines the source of the rule e.g. Integrated
- scope
String
This property is required. Changes to this property will trigger replacement. - The scope of the Governance rules. Valid scopes are: management group (format: 'providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: 'subscriptions/{subscriptionId}'), or security connector (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName})'
- source
Resource Type This property is required. String | "Assessments" - The governance rule source, what the rule affects, e.g. Assessments
- description String
- Description of the governance rule
- excluded
Scopes List<String> - Excluded scopes, filter out the descendants of the scope (on management scopes)
- governance
Email Property MapNotification - The email notifications settings for the governance rule, states whether to disable notifications for mangers and owners
- include
Member BooleanScopes - Defines whether the rule is management scope rule (master connector as a single scope or management scope)
- is
Disabled Boolean - Defines whether the rule is active/inactive
- is
Grace BooleanPeriod - Defines whether there is a grace period on the governance rule
- remediation
Timeframe String - Governance rule remediation timeframe - this is the time that will affect on the grace-period duration e.g. 7.00:00:00 - means 7 days
- rule
Id - The governance rule key - unique key for the standard governance rule (GUID)
Outputs
All input properties are implicitly available as output properties. Additionally, the GovernanceRule resource produces the following output properties:
Supporting Types
GovernanceRuleEmailNotification, GovernanceRuleEmailNotificationArgs
, GovernanceRuleEmailNotificationArgs
- Disable
Manager boolEmail Notification - Defines whether manager email notifications are disabled
- Disable
Owner boolEmail Notification - Defines whether owner email notifications are disabled
- Disable
Manager boolEmail Notification - Defines whether manager email notifications are disabled
- Disable
Owner boolEmail Notification - Defines whether owner email notifications are disabled
- disable
Manager BooleanEmail Notification - Defines whether manager email notifications are disabled
- disable
Owner BooleanEmail Notification - Defines whether owner email notifications are disabled
- disable
Manager booleanEmail Notification - Defines whether manager email notifications are disabled
- disable
Owner booleanEmail Notification - Defines whether owner email notifications are disabled
- disable_
manager_ boolemail_ notification - Defines whether manager email notifications are disabled
- disable_
owner_ boolemail_ notification - Defines whether owner email notifications are disabled
- disable
Manager BooleanEmail Notification - Defines whether manager email notifications are disabled
- disable
Owner BooleanEmail Notification - Defines whether owner email notifications are disabled
GovernanceRuleEmailNotificationResponse, GovernanceRuleEmailNotificationResponseArgs
, GovernanceRuleEmailNotificationResponseArgs
- Disable
Manager boolEmail Notification - Defines whether manager email notifications are disabled
- Disable
Owner boolEmail Notification - Defines whether owner email notifications are disabled
- Disable
Manager boolEmail Notification - Defines whether manager email notifications are disabled
- Disable
Owner boolEmail Notification - Defines whether owner email notifications are disabled
- disable
Manager BooleanEmail Notification - Defines whether manager email notifications are disabled
- disable
Owner BooleanEmail Notification - Defines whether owner email notifications are disabled
- disable
Manager booleanEmail Notification - Defines whether manager email notifications are disabled
- disable
Owner booleanEmail Notification - Defines whether owner email notifications are disabled
- disable_
manager_ boolemail_ notification - Defines whether manager email notifications are disabled
- disable_
owner_ boolemail_ notification - Defines whether owner email notifications are disabled
- disable
Manager BooleanEmail Notification - Defines whether manager email notifications are disabled
- disable
Owner BooleanEmail Notification - Defines whether owner email notifications are disabled
GovernanceRuleMetadataResponse, GovernanceRuleMetadataResponseArgs
, GovernanceRuleMetadataResponseArgs
- Created
By This property is required. string - Governance rule Created by object id (GUID)
- Created
On This property is required. string - Governance rule creation date
- Updated
By This property is required. string - Governance rule last updated by object id (GUID)
- Updated
On This property is required. string - Governance rule last update date
- Created
By This property is required. string - Governance rule Created by object id (GUID)
- Created
On This property is required. string - Governance rule creation date
- Updated
By This property is required. string - Governance rule last updated by object id (GUID)
- Updated
On This property is required. string - Governance rule last update date
- created
By This property is required. String - Governance rule Created by object id (GUID)
- created
On This property is required. String - Governance rule creation date
- updated
By This property is required. String - Governance rule last updated by object id (GUID)
- updated
On This property is required. String - Governance rule last update date
- created
By This property is required. string - Governance rule Created by object id (GUID)
- created
On This property is required. string - Governance rule creation date
- updated
By This property is required. string - Governance rule last updated by object id (GUID)
- updated
On This property is required. string - Governance rule last update date
- created_
by This property is required. str - Governance rule Created by object id (GUID)
- created_
on This property is required. str - Governance rule creation date
- updated_
by This property is required. str - Governance rule last updated by object id (GUID)
- updated_
on This property is required. str - Governance rule last update date
- created
By This property is required. String - Governance rule Created by object id (GUID)
- created
On This property is required. String - Governance rule creation date
- updated
By This property is required. String - Governance rule last updated by object id (GUID)
- updated
On This property is required. String - Governance rule last update date
GovernanceRuleOwnerSource, GovernanceRuleOwnerSourceArgs
, GovernanceRuleOwnerSourceArgs
- Type
string | Pulumi.
Azure Native. Security. Governance Rule Owner Source Type - The owner type for the governance rule owner source
- Value string
- The source value e.g. tag key like owner name or email address
- Type
string | Governance
Rule Owner Source Type - The owner type for the governance rule owner source
- Value string
- The source value e.g. tag key like owner name or email address
- type
String | Governance
Rule Owner Source Type - The owner type for the governance rule owner source
- value String
- The source value e.g. tag key like owner name or email address
- type
string | Governance
Rule Owner Source Type - The owner type for the governance rule owner source
- value string
- The source value e.g. tag key like owner name or email address
- type
str | Governance
Rule Owner Source Type - The owner type for the governance rule owner source
- value str
- The source value e.g. tag key like owner name or email address
- type
String | "By
Tag" | "Manually" - The owner type for the governance rule owner source
- value String
- The source value e.g. tag key like owner name or email address
GovernanceRuleOwnerSourceResponse, GovernanceRuleOwnerSourceResponseArgs
, GovernanceRuleOwnerSourceResponseArgs
GovernanceRuleOwnerSourceType, GovernanceRuleOwnerSourceTypeArgs
, GovernanceRuleOwnerSourceTypeArgs
- By
Tag - ByTagThe rule source type defined using resource tag
- Manually
- ManuallyThe rule source type defined manually
- Governance
Rule Owner Source Type By Tag - ByTagThe rule source type defined using resource tag
- Governance
Rule Owner Source Type Manually - ManuallyThe rule source type defined manually
- By
Tag - ByTagThe rule source type defined using resource tag
- Manually
- ManuallyThe rule source type defined manually
- By
Tag - ByTagThe rule source type defined using resource tag
- Manually
- ManuallyThe rule source type defined manually
- BY_TAG
- ByTagThe rule source type defined using resource tag
- MANUALLY
- ManuallyThe rule source type defined manually
- "By
Tag" - ByTagThe rule source type defined using resource tag
- "Manually"
- ManuallyThe rule source type defined manually
GovernanceRuleSourceResourceType, GovernanceRuleSourceResourceTypeArgs
, GovernanceRuleSourceResourceTypeArgs
- Assessments
- AssessmentsThe source of the governance rule is assessments
- Governance
Rule Source Resource Type Assessments - AssessmentsThe source of the governance rule is assessments
- Assessments
- AssessmentsThe source of the governance rule is assessments
- Assessments
- AssessmentsThe source of the governance rule is assessments
- ASSESSMENTS
- AssessmentsThe source of the governance rule is assessments
- "Assessments"
- AssessmentsThe source of the governance rule is assessments
GovernanceRuleType, GovernanceRuleTypeArgs
, GovernanceRuleTypeArgs
- Integrated
- IntegratedThe source of the rule type definition is integrated
- Service
Now - ServiceNowThe source of the rule type definition is ServiceNow
- Governance
Rule Type Integrated - IntegratedThe source of the rule type definition is integrated
- Governance
Rule Type Service Now - ServiceNowThe source of the rule type definition is ServiceNow
- Integrated
- IntegratedThe source of the rule type definition is integrated
- Service
Now - ServiceNowThe source of the rule type definition is ServiceNow
- Integrated
- IntegratedThe source of the rule type definition is integrated
- Service
Now - ServiceNowThe source of the rule type definition is ServiceNow
- INTEGRATED
- IntegratedThe source of the rule type definition is integrated
- SERVICE_NOW
- ServiceNowThe source of the rule type definition is ServiceNow
- "Integrated"
- IntegratedThe source of the rule type definition is integrated
- "Service
Now" - ServiceNowThe source of the rule type definition is ServiceNow
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:security:GovernanceRule ad9a8e26-29d9-4829-bb30-e597a58cdbb8 /{scope}/providers/Microsoft.Security/governanceRules/{ruleId}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- azure-native-v2 pulumi/pulumi-azure-native
- License
- Apache-2.0
These are the docs for Azure Native v2. We recommenend using the latest version, Azure Native v3.
Azure Native v2 v2.90.0 published on Thursday, Mar 27, 2025 by Pulumi
- Example Usage
- Create or update governance rule over management group scope
- Create or update governance rule over security connector scope
- Create or update governance rule over subscription scope
- Create GovernanceRule Resource
- Constructor syntax
- Constructor example
- GovernanceRule Resource Properties
- Inputs
- Outputs
- Supporting Types
- Import
- Package Details