Implementing NIST SP 800-171 Rev. 2 Guidelines

Terraform
1

Hello,

I’m facing an issue while implementing Azure Policy NIST SP 800-171 Rev. 2. It gives the errors below:

"Error: Value for unconfigurable attribute

│ with data.azurerm_policy_assignment.nist_800_171_r2,
│ on main.tf line 13, in data “azurerm_policy_assignment” “nist_800_171_r2”:
│ 13: data “azurerm_policy_assignment” “nist_800_171_r2” {

│ Can’t configure a value for “identity”: its value will be decided automatically based on the result of applying
│ this configuration.


│ Error: Value for unconfigurable attribute

│ with data.azurerm_policy_assignment.nist_800_171_r2,
│ on main.tf line 16, in data “azurerm_policy_assignment” “nist_800_171_r2”:
│ 16: policy_definition_id = “/providers/Microsoft.Authorization/policySetDefinitions/030563c1-56f5-405a-a783-866454d9a8fb”

│ Can’t configure a value for “policy_definition_id”: its value will be decided automatically based on the result
│ of applying this configuration.


│ Error: Value for unconfigurable attribute

│ with data.azurerm_policy_assignment.nist_800_171_r2,
│ on main.tf line 17, in data “azurerm_policy_assignment” “nist_800_171_r2”:
│ 17: description = “Affectation de l’initiative NIST SP 800-171 Rev. 2 à la souscription”

│ Can’t configure a value for “description”: its value will be decided automatically based on the result of
│ applying this configuration.


│ Error: Value for unconfigurable attribute

│ with data.azurerm_policy_assignment.nist_800_171_r2,
│ on main.tf line 18, in data “azurerm_policy_assignment” “nist_800_171_r2”:
│ 18: display_name = “NIST SP 800-171 Rev. 2 Compliance”

│ Can’t configure a value for “display_name”: its value will be decided automatically based on the result of
│ applying this configuration.


│ Error: Reference to undeclared resource

│ on main.tf line 28, in output “managed_identity_id”:
│ 28: value = azurerm_policy_assignment.nist_800_171_r2.identity[0].principal_id

│ A managed resource “azurerm_policy_assignment” “nist_800_171_r2” has not been declared in the root module.

│ Did you mean the data resource data.azurerm_policy_assignment.nist_800_171_r2?
"

Can you help me please on this matter? Do you have any feedback on implementing Azure Policy using Terraform please ?

Your help is much appreciated.

Thanks in advance. :slight_smile:

N.B: I’m new in Terraform. :slight_smile:

2

Here’s the script. # Configuration du fournisseur Azure
provider “azurerm” {
features {}
}

Variable pour l’ID de la souscription

variable “subscription_id” {
description = “ID de la souscription Azure”
type = string
}

Affectation de l’initiative NIST SP 800-171 Rev. 2

data “azurerm_policy_assignment” “nist_800_171_r2” {
name = “nist-800-171-r2-assignment”
scope_id = “/subscriptions/${var.subscription_id}”
policy_definition_id = “/providers/Microsoft.Authorization/policySetDefinitions/030563c1-56f5-405a-a783-866454d9a8fb”
description = “Affectation de l’initiative NIST SP 800-171 Rev. 2 à la souscription”
display_name = “NIST SP 800-171 Rev. 2 Compliance”

Identité managée pour les remédiations

identity {
type = “SystemAssigned”
}
}

Sortie pour vérifier l’identité managée

output “managed_identity_id” {
value = azurerm_policy_assignment.nist_800_171_r2.identity[0].principal_id
}