Setting Policy parameter in the Policy Assignment

Below I have a piece of working example of Policy Assignment where I am setting the logAnalytics parameter to our single Log Analytics Workspace. I would like to read some more information on this functionality i.e. how Terraform grabs the Policy parameter and assign it to the value given in the Assignment. Sometimes I run into problems and getting strange error messages saying that the parameter does not exist despite its actually there in the Policy definition.

Best Regards
Jan

resource “azurerm_management_group_policy_assignment” “diag-policies-assign” {
for_each = azurerm_policy_definition.diagnostics-policies
name = random_id.policies_on_mg_names[each.key].hex
display_name = azurerm_policy_definition.diagnostics-policies[each.key].display_name
policy_definition_id = azurerm_policy_definition.diagnostics-policies[each.key].id
management_group_id = azurerm_management_group.mg-postnordaz.id
enforce = true
location = local.azure_location
identity {type = “SystemAssigned”}

parameters = jsonencode({
“logAnalytics”: {
“value”: azurerm_log_analytics_workspace.law-mgmt-we.id,
},
})

}

This then is an example of a NOT working example. The BuiltIn Policy has a property called defaultValue but getting the error shown:

data “azurerm_policy_definition” “policy_definition_storage_deny_public_access” {
display_name = “[Preview]: Storage account public access should be disallowed”
}

resource “azurerm_subscription_policy_assignment” “storage_mintls-assign” {

for_each = local.internal-spokes
name = “storage_mintls-assign”
display_name = data.azurerm_policy_definition.policy_definition_storage_deny_public_access.display_name
policy_definition_id = data.azurerm_policy_definition.policy_definition_storage_deny_public_access.id
subscription_id = “/subscriptions/${each.value}”
enforce = true

location = local.azure_location
identity {type = “SystemAssigned”}
parameters = jsonencode({
“defaultValue”: {
“value”: “Deny”,
},
})
}

creating Policy Assignment ID: (Assignment Name “storage_mintls-assign” / Scope “/subscriptions/b938f909-9c6a-4a44-ac36-ff75d1678393”): policy.AssignmentsClient#Create: Failure responding to request: StatusCode=400 – Original Error:
│ autorest/azure: Service returned an error. Status=400 Code=“UndefinedPolicyParameter” Message=“The policy assignment ‘storage_mintls-assign’ has the parameter(s) ‘defaultValue’ which are not defined in the policy definition
│ ‘4fa4b6c0-31ca-4c0d-b10d-24b96f62a751’.”