I want to create an Azure PolicyDefinition and I am using the code below:
resource "azurerm_policy_definition" "name-caf-alz-policy-sandbox-denyvnetpeering" {
name = "Audit-AzureHybridBenefit"
display_name = "Unused resources driving cost should be avoided"
description = "Optimize cost by enabling Azure Hybrid Benefit. Leverage this Policy definition as a cost control to reveal Virtual Machines not using AHUB."
mode = "All"
policy_type = "Custom"
policy_rule = file("${path.module}/lib/policy_definitions/policy_definition_es_deny_vnet_peer_cross_sub.json")
management_group_id = data.azurerm_management_group.namemgmtgroup.id
}
When I run this command via Azure DevOps, Terraform Validate, Init, and Plan are working but when I do Terraform Apply I get this error:
creating/updating Policy Definition “Audit-AzureHybridBenefit”: policy.DefinitionsClient#CreateOrUpdateAtManagementGroup: Failure responding to request: StatusCode=400 – Original Error: autorest/azure: Service returned an error. Status=400 Code=“InvalidPolicyRule” Message=“Failed to parse policy rule: ‘Could not find member ‘apiVersion’ on object of type ‘PolicyRuleDefinition’. Path ‘apiVersion’.’.”
When I change the policyrule to
jsonencode(file("${path.module}/lib/policy_definitions/policy_definition_es_deny_vnet_peer_cross_sub.json"))
Error: expanding JSON for policy_rule: JSON: cannot unmarshal string into Go value of type map[string]interface {}
The JSON-file itself works succesfully when creating it via the GUI.
JSON-file itself can be find at