New-CmAzSecurityPolicy

Creates Security Policies

Completes following:

  • Creates policies.
  • Creates initiatives.

This command forms part of the Security Building Block.

Parameters

-SettingsFile

Required. (String) File path for the settings file to be converted into a settings object.

-SettingsObject

Required. (Object) Object containing the configuration values required to run this cmdlet.

-TagSettingsFile

Required. (String) File path for the tag settings file to be converted into a tag settings object.

-WhatIf

(Switch) Run the command without executing any actions, so that no changes are made. The command will output a description of actions to be performed against the affected resources in the console window. Use this option if you are unsure of the overall impact of your command and wish to review it before committing to making changes.

-Confirm

(Switch) Run the command without executing any actions, so that no changes are made. The command will output a description of actions to be performed against the affected resources in the console window. Use this option if you are unsure of the overall impact of your command and wish to review it before committing to making changes.

Usage

Example 1

1
New-CmAzSecurityPolicy -settingsFile "SecurityPolicy.yml"

Example 2

1
New-CmAzSecurityPolicy -settingsObject $SecurityPoliciesSettings

Settings

Beta documentation
The following schema documentation is automatically generated as part of a recent roadmap task. There may be inaccuracies or incomplete information while we flush out bugs; please refer to the packed project settings examples where necessary.

The settings file for security policy enables creation of custom initiatives by collecting policies defined in a target repo directory.

Component

component [string | null]

Value to determine what cmdlet should be dynamically loaded for these settings.

Initiatives

initiatives [array | null] Mandatory

List of details required to deploy initiatives.

Name

name [string]

Name of the initiative.

DefinitionDirectory

definitionDirectory [string | null]

Becomes part of the generated resource group's name.

Default:{projectRoot}/policies

Description

description [string]

Short description about the initiative.

Category

category [string]

Category of the initiative.

Version

version [string]

Initiative Version.

Definitions

definitions [array]

Containers of definition policy file names.

parameters

parameters [array | null]

Contains parameter values to be set on definition.

Name

name [string]

Name of the definition parameter.

Value

value []

Value to be set for the parameter.

Examples

The following example files are automatically generated from the settings file schema definition to show how the specification can be used in practise. Cloudmarque can accept both JSON and YAML parameter files.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
{
  "component": "string",
  "initiatives": [
    {
      "name": "string",
      "definitionDirectory": "{projectRoot}/policies",
      "description": "string",
      "category": "string",
      "version": "string",
      "definitions": [
        "string"
      ],
      "parameters": [
        {
          "name": "string",
          "value": "unknown"
        }
      ]
    }
  ]
}
1
2
3
4
5
6
7
8
9
10
11
12
component: "string"    # Optional
initiatives:     # Mandatory
  - name: "string"    # Mandatory
    definitionDirectory: "{projectRoot}/policies"    # Optional
    description: "string"    # Mandatory
    category: "string"    # Mandatory
    version: "string"    # Optional
    definitions:     # Mandatory
      - "string"
    parameters:     # Optional
      - name: "string"    # Mandatory
        value: "unknown"    # Mandatory