data "template_file" "requiredTag_policy_rule" { template = <<POLICY_RULE{

1. data "template_file" "requiredTag_policy_rule" {
2. template = <<POLICY_RULE
3. {
4. "if": {
5. "field": "[concat('tags[', parameters('tagName'), ']')]",
6. "exists": "false"
7. },
8. "then": {
9. "effect": "audit"
10. }
11. }
12. POLICY_RULE
13. }
14.  
15. data "template_file" "requiredTag_policy_parameters" {
16. template = <<PARAMETERS
17. {
18. "tagName": {
19. "type": "String",
20. "metadata": {
21. "displayName": "Tag Name",
22. "description": "Name of the tag, such as 'environment'"
23. }
24. }
25. }
26. PARAMETERS
27. }
28.  
29. resource "azurerm_policy_definition" "requiredTag" {
30. name = "Audit-RequiredTag-Resource"
31. display_name = "Audit a Required Tag on a Resource"
32. description = "Audit all resources for a required tag"
33. policy_type = "Custom"
34. mode = "All"
35. policy_rule = "${data.template_file.requiredTag_policy_rule.rendered}"
36. parameters = "${data.template_file.requiredTag_policy_parameters.rendered}"
37. }
38.  
39. data "azurerm_subscription" "current" {}
40.  
41. variable "requiredTags" {
42. default = [
43. "Environment",
44. "Owner",
45. "Department",
46. ]
47. }
48.  
49. resource "azurerm_policy_assignment" "requiredTag" {
50. count = "${length(var.requiredTags)}"
51. name = "Audit-RequiredTag-${var.requiredTags[count.index]}"
52. display_name = "Assign Required Tag '${var.requiredTags[count.index]}'"
53. description = "Assignment of Required Tag Policy for '${var.requiredTags[count.index]}'"
54. policy_definition_id = "${azurerm_policy_definition.requiredTag.id}"
55. scope = "${data.azurerm_subscription.current.id}"
56.  
57. parameters = <<PARAMETERS
58. {
59. "tagName": {
60. "value": "${var.requiredTags[count.index]}"
61. }
62. }
63. PARAMETERS
64. }