04/06/2022, 8:51 AM
I'm trying to import one of the Builtin Azure Policy Definitions to use it in a Policy Assignment, but have some difficulties with the import. According to the documentation the import should be like this:
pulumi import azure-native:authorization:PolicyDefinition <name> /subscriptions/<subid>/providers/Microsoft.Authorization/policyDefinitions/<definitionid>
But the Builtin definitions are not in any subscriptions. Tested running this:
pulumi import azure-native:authorization:PolicyDefinition ActivityLogStreamToLogAnalytics /subscription/<one of my subscription id's>/providers/Microsoft.Authorization/policyDefinitions/2465583e-4e78-4c15-b6be-a36cbc7c8b0f
But it fails:
error: Preview failed: resource '/subscription/<one of my subscription id's>/providers/Microsoft.Authorization/policyDefinitions/2465583e-4e78-4c15-b6be-a36cbc7c8b0f' does not exist
Any idea how I can get this definition imported?


04/06/2022, 9:12 PM
I don't, but I'm asking internally.


04/06/2022, 9:25 PM
Hey @straight-sunset-92336, Hmm. Import creates code & state to manage the resource, but I believe the built-in roles are immutable & can't be modified by Pulumi. I don't see that role definition when I run the Azure CLI, either, so I wonder if this might be behind a feature flag. Is this a recently added role definition to Azure? I found some code we use to manage Azure IAM here at Pulumi, and it looks like this is how we create role assignments. I modified it a bit and pasted it in as a snippet above.


04/07/2022, 6:48 AM
I created a ticket and got an answer that it isn't possible to import the builtin definitions.