az policy remediation
Manage resource policy remediations.
Commands
Name | Description | Type | Status |
---|---|---|---|
az policy remediation cancel |
Cancel a resource policy remediation. |
Core | GA |
az policy remediation create |
Create a resource policy remediation. |
Core | GA |
az policy remediation delete |
Delete a resource policy remediation. |
Core | GA |
az policy remediation deployment |
Manage resource policy remediation deployments. |
Core | GA |
az policy remediation deployment list |
Lists deployments for a resource policy remediation. |
Core | GA |
az policy remediation list |
List resource policy remediations. |
Core | GA |
az policy remediation show |
Show a resource policy remediation. |
Core | GA |
az policy remediation cancel
Cancel a resource policy remediation.
az policy remediation cancel --name
[--management-group]
[--namespace]
[--parent]
[--resource]
[--resource-group]
[--resource-type]
Required Parameters
Name of the remediation.
Optional Parameters
Name of management group.
Provider namespace (Ex: Microsoft.Provider).
The parent path (Ex: resourceTypeA/nameA/resourceTypeB/nameB).
Resource ID or resource name. If a name is given, please provide the resource group and other relevant resource id arguments.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Resource type (Ex: resourceTypeC).
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az policy remediation create
Create a resource policy remediation.
az policy remediation create --name
--policy-assignment
[--definition-reference-id]
[--location-filters]
[--management-group]
[--namespace]
[--parent]
[--resource]
[--resource-discovery-mode {ExistingNonCompliant, ReEvaluateCompliance}]
[--resource-group]
[--resource-type]
Examples
Create a remediation at resource group scope for a policy assignment
az policy remediation create -g myRg -n myRemediation --policy-assignment eeb18edc813c42d0ad5a9eab
Create a remediation at resource group scope for a policy assignment using the policy assignment resource ID
az policy remediation create -g myRg -n myRemediation --policy-assignment "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/providers/Microsoft.Authorization/policyAssignments/myPa"
Create a remediation at subscription scope for a policy set assignment
az policy remediation create -n myRemediation --policy-assignment eeb18edc813c42d0ad5a9eab --definition-reference-id auditVMPolicyReference
Create a remediation at management group scope for specific resource locations
az policy remediation create -m myMg -n myRemediation --policy-assignment eeb18edc813c42d0ad5a9eab --location-filters eastus westeurope
Create a remediation for a specific resource using the resource ID
az policy remediation create --resource "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/myVm" -n myRemediation --policy-assignment eeb18edc813c42d0ad5a9eab
Create a remediation that will re-evaluate compliance before remediating
az policy remediation create -g myRg -n myRemediation --policy-assignment eeb18edc813c42d0ad5a9eab --resource-discovery-mode ReEvaluateCompliance
Required Parameters
Name of the remediation.
Name or resource ID of the policy assignment.
Optional Parameters
Policy definition reference ID inside the policy set definition. Only required when the policy assignment is assigning a policy set definition.
Space separated list of resource locations that should be remediated (Ex: centralus westeurope).
Name of management group.
Provider namespace (Ex: Microsoft.Provider).
The parent path (Ex: resourceTypeA/nameA/resourceTypeB/nameB).
Resource ID or resource name. If a name is given, please provide the resource group and other relevant resource id arguments.
The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Resource type (Ex: resourceTypeC).
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az policy remediation delete
Delete a resource policy remediation.
az policy remediation delete --name
[--management-group]
[--namespace]
[--parent]
[--resource]
[--resource-group]
[--resource-type]
Required Parameters
Name of the remediation.
Optional Parameters
Name of management group.
Provider namespace (Ex: Microsoft.Provider).
The parent path (Ex: resourceTypeA/nameA/resourceTypeB/nameB).
Resource ID or resource name. If a name is given, please provide the resource group and other relevant resource id arguments.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Resource type (Ex: resourceTypeC).
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az policy remediation list
List resource policy remediations.
az policy remediation list [--management-group]
[--namespace]
[--parent]
[--resource]
[--resource-group]
[--resource-type]
Optional Parameters
Name of management group.
Provider namespace (Ex: Microsoft.Provider).
The parent path (Ex: resourceTypeA/nameA/resourceTypeB/nameB).
Resource ID or resource name. If a name is given, please provide the resource group and other relevant resource id arguments.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Resource type (Ex: resourceTypeC).
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az policy remediation show
Show a resource policy remediation.
az policy remediation show --name
[--management-group]
[--namespace]
[--parent]
[--resource]
[--resource-group]
[--resource-type]
Required Parameters
Name of the remediation.
Optional Parameters
Name of management group.
Provider namespace (Ex: Microsoft.Provider).
The parent path (Ex: resourceTypeA/nameA/resourceTypeB/nameB).
Resource ID or resource name. If a name is given, please provide the resource group and other relevant resource id arguments.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Resource type (Ex: resourceTypeC).
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.