Azure Blueprints
An Azure service that provides templates for quick, repeatable creation of fully governed cloud subscriptions.
70 questions
After a lot of trial and error, I found a pretty good solution.
It may not be perfect, since I use an ARM template with Terraform, but it works.
In the following example an ISO 27001 policy is added directly to the current Azure subscription.
resource "azurerm_subscription_template_deployment" "terraform-iso" {
name = "terraform-iso-1"
location = "West Europe"
template_content = <<TEMPLATE
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"resources": [
{
"type": "Microsoft.Authorization/policyAssignments",
"name": "MyIso27001",
"apiVersion": "2021-06-01",
"properties": {
"scope": "[subscription().id]",
"policyDefinitionId": "/providers/Microsoft.Authorization/policySetDefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2",
"parameters": {}
},
"location": "westeurope",
"identity": {
"type": "SystemAssigned"
}
}
]
}
TEMPLATE
}
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 39%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)