Policy types for @turbot/azure

• Azure > Client ID
• Azure > Client Secret
• Azure > Environment
• Azure > Management Group > CMDB
• Azure > Resource Group > CMDB
• Azure > Resource Group > Configured
• Azure > Resource Group > Configured > Claim Precedence
• Azure > Resource Group > Configured > Source
• Azure > Resource Group > Stack
• Azure > Resource Group > Stack > Secret Variables
• Azure > Resource Group > Stack > Source
• Azure > Resource Group > Stack > Terraform Version
• Azure > Resource Group > Stack > Variables
• Azure > Resource Group > Tags
• Azure > Resource Group > Tags > Template
• Azure > Subscription > Approved Regions [Default]
• Azure > Subscription > CMDB
• Azure > Subscription > Regions [Default]
• Azure > Subscription > Stack
• Azure > Subscription > Stack > Secret Variables
• Azure > Subscription > Stack > Source
• Azure > Subscription > Stack > Terraform Version
• Azure > Subscription > Stack > Variables
• Azure > Subscription > Tags Template [Default]
• Azure > Tags Template [Default]
• Azure > Tenant > CMDB
• Azure > Tenant ID
• Azure > Turbot
• Azure > Turbot > Event Handlers
• Azure > Turbot > Event Handlers > Monitor
• Azure > Turbot > Event Handlers > Monitor > Action Group
• Azure > Turbot > Event Handlers > Monitor > Action Group > Name Prefix
• Azure > Turbot > Event Handlers > Monitor > Action Group > Tags
• Azure > Turbot > Event Handlers > Monitor > Action Group > Tags > Ignore Changes
• Azure > Turbot > Event Handlers > Monitor > Activity Log Alert
• Azure > Turbot > Event Handlers > Monitor > Activity Log Alert > Name Prefix
• Azure > Turbot > Event Handlers > Monitor > Activity Log Alert > Tags
• Azure > Turbot > Event Handlers > Monitor > Activity Log Alert > Tags > Ignore Changes
• Azure > Turbot > Event Handlers > Monitor > Resource Group Name
• Azure > Turbot > Event Handlers > Source
• Azure > Turbot > Event Handlers > Terraform Version
• Azure > Turbot > Event Poller
• Azure > Turbot > Event Poller > Interval
• Azure > Turbot > Event Poller > Window
• Azure > Turbot > Management Group Event Poller
• Azure > Turbot > Management Group Event Poller > Interval
• Azure > Turbot > Resource Group
• Azure > Turbot > Resource Group > Name Prefix
• Azure > Turbot > Resource Group > Regions
• Azure > Turbot > Resource Group > Source
• Azure > Turbot > Resource Group > Tags
• Azure > Turbot > Resource Group > Tags > Ignore Changes
• Azure > Turbot > Resource Group > Terraform Version

Azure > Client ID

Azure client ID that has been delegated access to the tenant.

{
  "type": "string",
  "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$",
  "tests": [
    {
      "input": "b679c4b2-edf6-4c42-ba05-69c92dc09e38"
    },
    {
      "description": "invalid - azure client id",
      "input": "A61498f8-9caa-42de-9f6e-532bd0fe9f9b",
      "expected": false
    }
  ]
}

Azure > Client Secret

Azure client secret key for the client ID that has been delegated access to the tenant.

{
  "type": "string"
}

Azure > Environment

Defines the Azure Cloud Environment that subscription is going to use.

[
  "Global Cloud",
  "US Government",
  "China Cloud"
]

{
  "type": "string",
  "minLength": 1,
  "enum": [
    "Global Cloud",
    "US Government",
    "China Cloud"
  ],
  "tests": [
    {
      "input": "US Government"
    },
    {
      "input": "",
      "expected": false
    }
  ]
}

Azure > Management Group > CMDB

Configure whether to record and synchronize details for Azure
Azure management group(s) into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note that if CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

[
  "Skip",
  "Enforce: Enabled",
  "Enforce: Disabled"
]

{
  "type": "string",
  "enum": [
    "Skip",
    "Enforce: Enabled",
    "Enforce: Disabled"
  ],
  "example": [
    "Skip"
  ],
  "default": "Enforce: Enabled"
}

Azure > Resource Group > CMDB

Configure whether to record and synchronize details for the Azure resource group into the CMDB.

The CMDB control is responsible for populating and updating all the attributes for that resource type in the Guardrails CMDB.
All policies and controls in Guardrails are based around the resource, so usually the CMDB policy is set to "Enforce: Enabled".

If set to Skip then all changes to the CMDB are paused - no new resources will be discovered, no updates will be made and deleted resources will not be removed.

To cleanup resources and stop tracking changes, set this policy to "Enforce: Disabled".

[
  "Skip",
  "Enforce: Enabled",
  "Enforce: Disabled"
]

{
  "type": "string",
  "enum": [
    "Skip",
    "Enforce: Enabled",
    "Enforce: Disabled"
  ],
  "example": [
    "Skip"
  ],
  "default": "Enforce: Enabled"
}

Azure > Resource Group > Configured

Determine how to configure this resource.

Note: If the resource is managed by another stack, then the Skip/Check/Enforce values here are ignored
and inherit from the stack that owns it.

The policy values for Azure > Azure > Resource Group are deprecated and
replaced by new values. The deprecated values will be removed in the next major version.

| Deprecated Values | Current Values |
|--------------------------------------------------|----------------------------------------------------------------|
| Skip if using Configured > Source | Skip \\(unless claimed by a stack\\) |
| Check: Configured if using Configured > Source | Check: Per Configured > Source \\(unless claimed by a stack\\) |
| Enforce: Configured if using Configured > Source | Enforce: Per Configured > Source \\(unless claimed by a stack\\) |

[
  "Skip if using Configured > Source",
  "Check: Configured if using Configured > Source",
  "Enforce: Configured if using Configured > Source",
  "Skip (unless claimed by a stack)",
  "Check: Per Configured > Source (unless claimed by a stack)",
  "Enforce: Per Configured > Source (unless claimed by a stack)"
]

{
  "enum": [
    "Skip if using Configured > Source",
    "Check: Configured if using Configured > Source",
    "Enforce: Configured if using Configured > Source",
    "Skip (unless claimed by a stack)",
    "Check: Per Configured > Source (unless claimed by a stack)",
    "Enforce: Per Configured > Source (unless claimed by a stack)"
  ],
  "default": "Skip (unless claimed by a stack)"
}

Azure > Resource Group > Configured > Claim Precedence

An ordered list of who is allowed to claim a resource.
A stack cannot claim a resource if it is already claimed by another
stack at a higher level of precedence.

"{\n  defaultPrecedence: policy(uri:\"tmod:@turbot/turbot#/policy/types/claimPrecedenceDefault\")\n}\n"

"{%- if $.defaultPrecedence | length == 0 %}[]{%- else %}{% for item in $.defaultPrecedence %}- '{{ item }}'{% endfor %}{% endif %}"

{
  "type": "array",
  "items": {
    "type": "string"
  }
}

Azure > Resource Group > Configured > Source

A HCL or JSON format Terraform configuration source used to configure this resource.

{
  "type": "string",
  "default": "",
  "x-schema-form": {
    "type": "code",
    "language": "hcl"
  }
}

Azure > Resource Group > Stack

Configure a custom stack on Azure, per the custom Stack > Source.

A Guardrails Stack is a set of resources configured by Guardrails, as specified
via Terraform source. Stacks are responsible for the creation and deletion
of multiple resources. Once created, stack resources are responsible for
configuring themselves from the stack source via their Configured control.

[
  "Skip",
  "Check: Configured",
  "Enforce: Configured"
]

{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Configured",
    "Enforce: Configured"
  ],
  "default": "Skip"
}

Azure > Resource Group > Stack > Secret Variables

Terraform secret variables in Terraform HCL that will be used as
inputs to the stack as a .tfvars file.

A Guardrails Stack is a set of resources configured by Guardrails,
as specified via Terraform source. Stacks are responsible
for the creation and deletion of multiple resources. Once created,
stack resources are responsible for configuring themselves from
the stack source via their Configured control.

{
  "type": "string",
  "x-schema-form": {
    "type": "code",
    "language": "hcl"
  }
}

Azure > Resource Group > Stack > Source

The Terraform HCL source used to configure this stack.

A Guardrails Stack is a set of resources configured by Guardrails, as specified
via Terraform source. Stacks are responsible for the creation and deletion
of multiple resources. Once created, stack resources are responsible for
configuring themselves from the stack source via their Configured control.

{
  "type": "string",
  "default": "",
  "x-schema-form": {
    "type": "code",
    "language": "hcl"
  }
}

Azure > Resource Group > Stack > Terraform Version

The Version of Terraform to use for this stack.
Specify an npm-style semver string to
determine which version of the Terraform container
Guardrails will use to run this stack.

A Guardrails Stack is a set of resources configured by Guardrails,
as specified via Terraform source. Stacks are responsible
for the creation and deletion of multiple resources. Once created,
stack resources are responsible for configuring themselves from
the stack source via their Configured control.

"{\n  terraformVersion: policy(uri:\"tmod:@turbot/turbot#/policy/types/stackTerraformVersion\")\n}\n"

"{% if $.terraformVersion %}"{{$.terraformVersion}}"{% else %}""{% endif %}"

{
  "type": "string"
}

Azure > Resource Group > Stack > Variables

Terraform variables in Terraform HCL that will be used as
inputs to the stack as a .tfvars file.

A Guardrails Stack is a set of resources configured by Guardrails,
as specified via Terraform source. Stacks are responsible
for the creation and deletion of multiple resources. Once created,
stack resources are responsible for configuring themselves from
the stack source via their Configured control.

{
  "type": "string",
  "x-schema-form": {
    "type": "code",
    "language": "hcl"
  }
}

Azure > Resource Group > Tags

Determine the action to take when an Azure Azure resource group tags are not updated based on the Azure > Azure > Resource Group > Tags > * policies.

The control ensure Azure Azure resource group tags include tags defined in Azure > Azure > Resource Group > Tags > Template.

Tags not defined in Resource Group Tags Template will not be modified or deleted. Setting a tag value to undefined will result in the tag being deleted.

See Tags for more information.

[
  "Skip",
  "Check: Tags are correct",
  "Enforce: Set tags"
]

{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Tags are correct",
    "Enforce: Set tags"
  ],
  "example": [
    "Check: Tags are correct"
  ],
  "default": "Skip"
}

Azure > Resource Group > Tags > Template

The template is used to generate the keys and values for Azure Azure resource group.

Tags not defined in Resource Group Tags Template will not be modified or deleted. Setting a tag value to undefined will result in the tag being deleted.

See Tags for more information.

[
  "{\n  subscription {\n    turbot {\n      id\n    }\n  }\n}\n",
  "{\n  defaultTags: policyValue(uri:\"tmod:@turbot/azure#/policy/types/azureTagsTemplate\" resourceId: \"{{ $.subscription.turbot.id }}\") {\n    value\n  }\n}\n"
]

"{%- if $.defaultTags.value | length == 0 %} [] {%- elif $.defaultTags.value != undefined %}{{ $.defaultTags.value | dump | safe }}{%- else %}{% for item in $.defaultTags.value %}- {{ item }}{% endfor %}{% endif %}"

Azure > Subscription > Approved Regions [Default]

A list of Azure regions in which resources are approved for use.

The expected format is an array of regions names. You may use the '*' and
'?' wildcard characters.

This policy is the default value for all service Approved Regions
policies.

{
  "allOf": [
    {
      "$ref": "#/definitions/regionNameMatcherList"
    },
    {
      "default": [
        "*"
      ]
    }
  ]
}

Azure > Subscription > CMDB

Configure whether to record and synchronize details for Azure
Azure subscription(s) into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note that if CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

[
  "Skip",
  "Enforce: Enabled",
  "Enforce: Disabled"
]

{
  "type": "string",
  "enum": [
    "Skip",
    "Enforce: Enabled",
    "Enforce: Disabled"
  ],
  "example": [
    "Skip"
  ],
  "default": "Enforce: Enabled"
}

Azure > Subscription > Regions [Default]

A list of regions supported by Azure.

{
  "allOf": [
    {
      "$ref": "azure#/definitions/regionNameMatcherList"
    },
    {
      "default": [
        "*"
      ]
    }
  ]
}

Azure > Subscription > Stack

Configure a custom stack on Azure, per the custom Stack > Source.

A Guardrails Stack is a set of resources configured by Guardrails, as specified
via Terraform source. Stacks are responsible for the creation and deletion
of multiple resources. Once created, stack resources are responsible for
configuring themselves from the stack source via their Configured control.

[
  "Skip",
  "Check: Configured",
  "Enforce: Configured"
]

{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Configured",
    "Enforce: Configured"
  ],
  "default": "Skip"
}

Azure > Subscription > Stack > Secret Variables

Terraform secret variables in Terraform HCL that will be used as
inputs to the stack as a .tfvars file.

A Guardrails Stack is a set of resources configured by Guardrails,
as specified via Terraform source. Stacks are responsible
for the creation and deletion of multiple resources. Once created,
stack resources are responsible for configuring themselves from
the stack source via their Configured control.

{
  "type": "string",
  "x-schema-form": {
    "type": "code",
    "language": "hcl"
  }
}

Azure > Subscription > Stack > Source

The Terraform HCL source used to configure this stack.

A Guardrails Stack is a set of resources configured by Guardrails, as specified
via Terraform source. Stacks are responsible for the creation and deletion
of multiple resources. Once created, stack resources are responsible for
configuring themselves from the stack source via their Configured control.

{
  "type": "string",
  "default": "",
  "x-schema-form": {
    "type": "code",
    "language": "hcl"
  }
}

Azure > Subscription > Stack > Terraform Version

The Version of Terraform to use for this stack.
Specify an npm-style semver string to
determine which version of the Terraform container
Guardrails will use to run this stack.

A Guardrails Stack is a set of resources configured by Guardrails,
as specified via Terraform source. Stacks are responsible
for the creation and deletion of multiple resources. Once created,
stack resources are responsible for configuring themselves from
the stack source via their Configured control.

"{\n  terraformVersion: policy(uri:\"tmod:@turbot/turbot#/policy/types/stackTerraformVersion\")\n}\n"

"{% if $.terraformVersion %}"{{$.terraformVersion}}"{% else %}""{% endif %}"

{
  "type": "string"
}

Azure > Subscription > Stack > Variables

Terraform variables in Terraform HCL that will be used as
inputs to the stack as a .tfvars file.

A Guardrails Stack is a set of resources configured by Guardrails,
as specified via Terraform source. Stacks are responsible
for the creation and deletion of multiple resources. Once created,
stack resources are responsible for configuring themselves from
the stack source via their Configured control.

{
  "type": "string",
  "x-schema-form": {
    "type": "code",
    "language": "hcl"
  }
}

Azure > Subscription > Tags Template [Default]

A template used to generate the keys and values for Azure
resources. By default, all Azure service Tags Template [Default]
policies will use this value.

"{\n  defaultTags: resource {\n      tags(resolution: RECOMMENDED)\n    }\n}\n"

"{%- if $.defaultTags.tags | length == 0 %} [] {%- elif $.defaultTags.tags != undefined %}{{ $.defaultTags.tags | dump | safe }}{% endif %}"

Azure > Tags Template [Default]

A template used to generate the keys and values for Azure Azure resources.

By default, all Azure resource Tags > Template policies will use this value.

"{\n  defaultTags: policyValue(uri:\"tmod:@turbot/azure#/policy/types/defaultTagsTemplate\") {\n    value\n  }\n}\n"

"{%- if $.defaultTags.value | length == 0 %} [] {%- elif $.defaultTags.value != undefined %}{{ $.defaultTags.value | dump | safe }}{%- else %}{% for item in $.defaultTags.value %}- {{ item }}{% endfor %}{% endif %}"

Azure > Tenant > CMDB

Configure whether to record and synchronize details for Azure
Azure tenant into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note that if CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

[
  "Skip",
  "Enforce: Enabled"
]

{
  "type": "string",
  "enum": [
    "Skip",
    "Enforce: Enabled"
  ],
  "example": [
    "Skip"
  ],
  "default": "Enforce: Enabled"
}

Azure > Tenant ID

Azure tenant ID used by Guardrails for access to the Azure APIs.

{
  "type": "string",
  "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$",
  "tests": [
    {
      "input": "661498f8-9caa-42de-9f6e-532bd0fe9f9b"
    },
    {
      "description": "invalid - azure tenant",
      "input": "A61498f8-9caa-42de-9f6e-532bd0fe9f9b",
      "expected": false
    }
  ]
}

Azure > Turbot

Azure > Turbot > Event Handlers

Configure the Guardrails Event Handler stack. This stack configures
the Event Handlers for Guardrails real-time event routing.

[
  "Skip",
  "Check: Configured",
  "Check: Not configured",
  "Enforce: Configured",
  "Enforce: Not configured"
]

{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Configured",
    "Check: Not configured",
    "Enforce: Configured",
    "Enforce: Not configured"
  ],
  "default": "Skip"
}

Azure > Turbot > Event Handlers > Monitor

Azure > Turbot > Event Handlers > Monitor > Action Group

Azure > Turbot > Event Handlers > Monitor > Action Group > Name Prefix

A string to be Used as a prefix to the turbot generated name on the
Guardrails Event Handler Monitor Action Group. The name will be
pre-pended with this value.

{
  "type": "string",
  "default": "turbot_",
  "example": "turbot_"
}

Azure > Turbot > Event Handlers > Monitor > Action Group > Tags

A list of key:value pairs to add as Azure Tags on the Guardrails
Event Handler Monitor Alerts.

null

"{}"

Azure > Turbot > Event Handlers > Monitor > Action Group > Tags > Ignore Changes

Configure whether to ignore changes to tags on the Action Group. If set to Enabled, the stack will ignore all changes made to the Action Group tags including the changes on Azure > Turbot > Event Handlers > Monitor > Action Group > Tags policy.

[
  "Enabled",
  "Disabled"
]

{
  "type": "string",
  "enum": [
    "Enabled",
    "Disabled"
  ],
  "default": "Disabled"
}

Azure > Turbot > Event Handlers > Monitor > Activity Log Alert

Configure the Guardrails Event Handler stack. This stack configures
the activity log alert for Guardrails real-time event routing.

Azure > Turbot > Event Handlers > Monitor > Activity Log Alert > Name Prefix

A string to be Used as a prefix to the turbot generated name on the
Guardrails Event Handler Monitor Alert. The name will be pre-pended
with this value.

{
  "type": "string",
  "default": "turbot_",
  "example": "turbot_"
}

Azure > Turbot > Event Handlers > Monitor > Activity Log Alert > Tags

A list of key:value pairs to add as Azure Tags on the Guardrails
Event Handler Monitor Alerts.

null

"{}"

Azure > Turbot > Event Handlers > Monitor > Activity Log Alert > Tags > Ignore Changes

Configure whether to ignore changes to tags on the Activity Log Alert. If set to Enabled, the stack will ignore all changes made to the Activity Log Alert tags including the changes on Azure > Turbot > Event Handlers > Monitor > Activity Log Alert > Tags policy.

[
  "Enabled",
  "Disabled"
]

{
  "type": "string",
  "enum": [
    "Enabled",
    "Disabled"
  ],
  "default": "Disabled"
}

Azure > Turbot > Event Handlers > Monitor > Resource Group Name

"{\n  turbotResourceGroupNamePrefix: policy(uri: \"#/policy/types/turbotResourceGroupNamePrefix\")\n}\n"

"'{{$.turbotResourceGroupNamePrefix}}rg'"

{
  "type": "string"
}

Azure > Turbot > Event Handlers > Source

The Terraform source used to configure the Event Handler Monitor stack.
This policy is read-only, as the Event Handler source is generated by Guardrails

{
  "type": "string",
  "x-schema-form": {
    "type": "code",
    "language": "hcl"
  }
}

Azure > Turbot > Event Handlers > Terraform Version

The Version of Terraform to use for this stack.
Specify an npm-style semver string to
determine which version of the Terraform container
Guardrails will use to run this stack.
A Guardrails Stack is a set of resources configured by Guardrails,
as specified via Terraform source. Stacks are responsible
for the creation and deletion of multiple resources. Once created,
stack resources are responsible for configuring themselves from
the stack source via their Configured control.

{
  "type": "string",
  "default": "0.11.*"
}

Azure > Turbot > Event Poller

Configure the Azure Event Poller. When set to Enabled, the poller will
run at the interval specified to retrieve the latest events and forward
them to the Guardrails Router.

Note: The Event Poller and Guardrails Event Handler are different mechanisms for
sending information to Guardrails. You should enable one or the other, but not both.

"{\n  value: policy(uri: \"tmod:@turbot/azure#/policy/types/eventHandlers\")\n}\n"

"{% if $.value == 'Enforce: Configured' %}Disabled{% else %}Enabled{% endif%}\n"

{
  "type": "string",
  "enum": [
    "Enabled",
    "Disabled"
  ]
}

Azure > Turbot > Event Poller > Interval

The polling interval. This policy determines how often
the event poller will run.

[
  "Every 1 minute",
  "Every 2 minutes",
  "Every 3 minutes",
  "Every 4 minutes",
  "Every 5 minutes",
  "Every 6 minutes",
  "Every 7 minutes",
  "Every 8 minutes",
  "Every 9 minutes",
  "Every 10 minutes"
]

{
  "type": "string",
  "enum": [
    "Every 1 minute",
    "Every 2 minutes",
    "Every 3 minutes",
    "Every 4 minutes",
    "Every 5 minutes",
    "Every 6 minutes",
    "Every 7 minutes",
    "Every 8 minutes",
    "Every 9 minutes",
    "Every 10 minutes"
  ],
  "default": "Every 1 minute"
}

Azure > Turbot > Event Poller > Window

The polling window, in minutes. This policies determines the oldest
events the event poller will retrieve. For example, setting the window
to '5 minutes' will cause the poller to retrieve all events from
the previous 5 minutes every time it runs.

The Window must be greater than the Interval, and it is recommended
to be at least twice the Interval. For example, if the Interval
is 'Every 5 Minutes', the Window should be at least '10 Minutes'.

[
  "5 minutes",
  "6 minutes",
  "7 minutes",
  "8 minutes",
  "9 minutes",
  "10 minutes",
  "11 minutes",
  "12 minutes",
  "13 minutes",
  "14 minutes",
  "15 minutes",
  "16 minutes",
  "17 minutes",
  "18 minutes",
  "19 minutes",
  "20 minutes"
]

{
  "type": "string",
  "enum": [
    "5 minutes",
    "6 minutes",
    "7 minutes",
    "8 minutes",
    "9 minutes",
    "10 minutes",
    "11 minutes",
    "12 minutes",
    "13 minutes",
    "14 minutes",
    "15 minutes",
    "16 minutes",
    "17 minutes",
    "18 minutes",
    "19 minutes",
    "20 minutes"
  ],
  "default": "10 minutes"
}

Azure > Turbot > Management Group Event Poller

Configure the Azure Management Group Event Poller. When set to Enabled,
the poller will run at the interval specified to run the mangement group
discovery control to look for changes in the management group hierarcy.

[
  "Enabled",
  "Disabled"
]

{
  "type": "string",
  "enum": [
    "Enabled",
    "Disabled"
  ],
  "default": "Enabled"
}

Azure > Turbot > Management Group Event Poller > Interval

The discovery interval. This policy determines how often the management group discovery will run.

[
  "Every hour",
  "Every 2 hours",
  "Every 3 hours",
  "Every 6 hours",
  "Every 12 hours",
  "Every day",
  "Every 2 days",
  "Every 3 days",
  "Every week"
]

{
  "type": "string",
  "enum": [
    "Every hour",
    "Every 2 hours",
    "Every 3 hours",
    "Every 6 hours",
    "Every 12 hours",
    "Every day",
    "Every 2 days",
    "Every 3 days",
    "Every week"
  ],
  "default": "Every 12 hours"
}

Azure > Turbot > Resource Group

[
  "Skip",
  "Check: Configured",
  "Check: Not configured",
  "Enforce: Configured",
  "Enforce: Not configured"
]

{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Configured",
    "Check: Not configured",
    "Enforce: Configured",
    "Enforce: Not configured"
  ],
  "default": "Skip"
}

Azure > Turbot > Resource Group > Name Prefix

A string to be Used as a prefix to the turbot generated name on the
Guardrails Resource Group. The name will be
pre-pended with this value.

{
  "type": "string",
  "default": "turbot_",
  "example": "turbot_"
}

Azure > Turbot > Resource Group > Regions

Regions where Azure supports Resource Group. Guardrails updates this option as Azure expands their regional support. Unless there is an explicit requirement (e.g. accelerated regional support), it should not be set by Guardrails Administrators.

"{\n  environmentValue: policy(uri: \"azure#/policy/types/environment\")\n}\n"

"{% if $.environmentValue == 'US Government' %}USGov Arizona {%- elif $.environmentValue == 'China Cloud' %}China East 2{% else %}WEST US{% endif %}"

{
  "type": "string",
  "enum": [
    "AUSTRALIA CENTRAL",
    "AUSTRALIA CENTRAL 2",
    "AUSTRALIA EAST",
    "AUSTRALIA SOUTHEAST",
    "BRAZIL SOUTH",
    "CANADA CENTRAL",
    "CANADA EAST",
    "CENTRAL INDIA",
    "CENTRAL US",
    "EAST ASIA",
    "EAST US",
    "EAST US 2",
    "FRANCE CENTRAL",
    "FRANCE SOUTH",
    "JAPAN EAST",
    "JAPAN WEST",
    "KOREA CENTRAL",
    "KOREA SOUTH",
    "NORTHCENTRAL US",
    "NORTH EUROPE",
    "SOUTHCENTRAL US",
    "SOUTH INDIA",
    "SOUTHEAST ASIA",
    "UK SOUTH",
    "UK WEST",
    "WESTCENTRAL US",
    "WEST EUROPE",
    "WEST INDIA",
    "WEST US",
    "WEST US 2",
    "USGov Iowa",
    "USGov Virginia",
    "USGov Texas",
    "USGov Arizona",
    "China East",
    "China East 2",
    "China East 3",
    "China North",
    "China North 2",
    "China North 3"
  ]
}

Azure > Turbot > Resource Group > Source

The Terraform source used to configure this resource. This policy is
read-only, as the Event Handler source is generated by Guardrails

{
  "type": "string",
  "x-schema-form": {
    "type": "code",
    "language": "hcl"
  }
}

Azure > Turbot > Resource Group > Tags

A list of key:value pairs to add as Azure Tags on the Guardrails
Resource Group.

null

"{}"

Azure > Turbot > Resource Group > Tags > Ignore Changes

Configure whether to ignore changes to tags on the Guardrails resource group. If set to Enabled, the stack will ignore all changes made to the Guardrails resource group tags including the changes on Azure > Turbot > Resource Group > Tags policy.

[
  "Enabled",
  "Disabled"
]

{
  "type": "string",
  "enum": [
    "Enabled",
    "Disabled"
  ],
  "default": "Disabled"
}

Azure > Turbot > Resource Group > Terraform Version

The Version of Terraform to use for this stack.
Specify an npm-style semver string to
determine which version of the Terraform container
Guardrails will use to run this stack.
A Guardrails Stack is a set of resources configured by Guardrails,
as specified via Terraform source. Stacks are responsible
for the creation and deletion of multiple resources. Once created,
stack resources are responsible for configuring themselves from
the stack source via their Configured control.

{
  "type": "string",
  "default": "0.11.*"
}