Skip to main content

azurerm_security_center_policies resource


This resource will be deprecated when version 2 of the inspec-azure resource pack is released. Please use the azure_security_center_policies resource instead.

Use the azurerm_security_center_policies InSpec audit resource to test properties of some or all Azure Security Center Policies.

Security Center Policies are defined for each Resource Group. A Security Center Policy called default also exists for every subscription.

Azure REST API version

This resource interacts with version 2015-06-01-Preview of the Azure Management API. For more information see the official Azure documentation.

At the moment, there doesn’t appear to be a way to select the version of the Azure API docs. If you notice a newer version being referenced in the official documentation please open an issue or submit a pull request using the updated version.



This resource is available in the inspec-azure resource pack. To use it, add the following to your inspec.yml in your top-level profile:

  - name: inspec-azure

You’ll also need to setup your Azure credentials; see the resource pack README.


This resource first became available in 1.0.0 of the inspec-azure resource pack.


An azurerm_security_center_policies resource block uses an optional filter to select a group of Security Center Policies and confirm that the expected groups exist.

describe azurerm_security_center_policies do


Check for a Security Center Policy

describe azurerm_security_center_policies do
  its('names') { should include 'default' }

Assert default Security Center Policy exists

describe azurerm_security_center_policies.where(name: 'default')
  it { should exist }

Filter Criteria

  • names


Filters the results to include only those Security Center Policies that match the given name. This is a string value.

# default should always exist
describe azurerm_security_center_policies.where(name: 'default')
  it { should exist }


For a full list of available matchers, see our Universal Matchers page.

This resource has the following special matchers.


The control will pass if the filter returns at least one result. Use should_not if you expect zero matches.

# default should always exist
describe azurerm_security_center_policies.where(name: 'default')
  it { should exist }

# this security center policy should not exist
describe azurerm_security_center_policies.where(name: 'DoesNotExist')
  it { should_not exist }

Azure Permissions

Your Service Principal must be setup with a contributor role on the subscription you wish to test.

Edit this page on GitHub

Thank you for your feedback!


Search Results