Skip to main content

azurerm_security_center_policies resource


This resource will be deprecated when version 2 of the inspec-azure resource pack is released. Please use the azure_security_center_policies resource instead.

Use the azurerm_security_center_policies InSpec audit resource to test properties of some or all Azure Security Center Policies.

Security Center Policies are defined for each Resource Group. A Security Center Policy called default also exists for every subscription.

Azure REST API version

This resource interacts with version 2015-06-01-Preview of the Azure Management API. For more information see the official Azure documentation.

At the moment, there doesn’t appear to be a way to select the version of the Azure API docs. If you notice a newer version being referenced in the official documentation please open an issue or submit a pull request using the updated version.



This resource is available in the inspec-azure resource pack. To use it, add the following to your inspec.yml in your top-level profile:

  - name: inspec-azure

You’ll also need to setup your Azure credentials; see the resource pack README.


This resource first became available in 1.0.0 of the inspec-azure resource pack.


An azurerm_security_center_policies resource block uses an optional filter to select a group of Security Center Policies and confirm that the expected groups exist.

describe azurerm_security_center_policies do


Check for a Security Center Policy

describe azurerm_security_center_policies do
  its('names') { should include 'default' }

Assert default Security Center Policy exists

describe azurerm_security_center_policies.where(name: 'default')
  it { should exist }

Filter Criteria

  • names


Filters the results to include only those Security Center Policies that match the given name. This is a string value.

# default should always exist
describe azurerm_security_center_policies.where(name: 'default')
  it { should exist }


This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.


The control will pass if the filter returns at least one result. Use should_not if you expect zero matches.

# default should always exist
describe azurerm_security_center_policies.where(name: 'default')
  it { should exist }

# this security center policy should not exist
describe azurerm_security_center_policies.where(name: 'DoesNotExist')
  it { should_not exist }

Azure Permissions

Your Service Principal must be setup with a contributor role on the subscription you wish to test.

Edit this page on GitHub

Thank you for your feedback!


Search Results