Azure BuiltIn Policys

I have found a lot of examples to deploy Custom Policies in Azure using Terraform but I am struggling to figure out how to utilize the Built In Policies. Azurerm_policy_definition has the argument policy_type which can be set to BuiltIn but how do you then reference that actual built in Policies so that you can pass the ID to azurerm_policy_assignment then assign it? If anyone has a quick example they could post or link to an explanation that would be great.

I don’t think you need to define the azurerm_policy_definition for the built-in policies, you just need to reference them with the appropriate ID when creating the azurerm_policy_assignment object.

All of the built-in policies are listed here: https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies

Clicking on a policy will take you to the Azure policy page, where you can copy the ID directly from the header on the overview page:

Edit: there is a bug in v2.6 of the Azure provider: https://github.com/terraform-providers/terraform-provider-azurerm/issues/6523

The workaround is to prefix the definition id with “/subscriptions/[your-azure-subscription-id]” as described in kellmv1’s workaround.