diff --git a/0_core-infrastructure/README.md b/0_core-infrastructure/README.md
index a9313b7..e8253bd 100644
--- a/0_core-infrastructure/README.md
+++ b/0_core-infrastructure/README.md
@@ -25,6 +25,6 @@ Last updated: 2026-02-09

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/0_core-infrastructure/azure-bastion/README.md b/0_core-infrastructure/azure-bastion/README.md
index 74dbcc1..053481a 100644
--- a/0_core-infrastructure/azure-bastion/README.md
+++ b/0_core-infrastructure/azure-bastion/README.md
@@ -46,6 +46,6 @@ Below is a list of variables used in this template, their expected values, types

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/0_core-infrastructure/azure-dns/README.md b/0_core-infrastructure/azure-dns/README.md
index 9f8d97c..9e37426 100644
--- a/0_core-infrastructure/azure-dns/README.md
+++ b/0_core-infrastructure/azure-dns/README.md
@@ -41,6 +41,6 @@ Below is a list of variables used in this template, their expected values, types

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/0_core-infrastructure/network-security-group/README.md b/0_core-infrastructure/network-security-group/README.md
index aee6961..2204ae6 100644
--- a/0_core-infrastructure/network-security-group/README.md
+++ b/0_core-infrastructure/network-security-group/README.md
@@ -41,6 +41,6 @@ Below is a list of variables used in this template, their expected values, types

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/0_core-infrastructure/public-ip/README.md b/0_core-infrastructure/public-ip/README.md
index fd2af69..9931453 100644
--- a/0_core-infrastructure/public-ip/README.md
+++ b/0_core-infrastructure/public-ip/README.md
@@ -43,6 +43,6 @@ Below is a list of variables used in this template, their expected values, types

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/0_core-infrastructure/resource-group/README.md b/0_core-infrastructure/resource-group/README.md
index f9872a9..923c1c1 100644
--- a/0_core-infrastructure/resource-group/README.md
+++ b/0_core-infrastructure/resource-group/README.md
@@ -34,6 +34,6 @@ Below is a list of variables used in this template, their expected values, types

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/0_core-infrastructure/subnet/README.md b/0_core-infrastructure/subnet/README.md
index 972a43e..9b8471a 100644
--- a/0_core-infrastructure/subnet/README.md
+++ b/0_core-infrastructure/subnet/README.md
@@ -44,6 +44,6 @@ Below is a list of variables used in this template, their expected values, types

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/0_core-infrastructure/virtual-network/README.md b/0_core-infrastructure/virtual-network/README.md
index 4a49e7b..a7d6554 100644
--- a/0_core-infrastructure/virtual-network/README.md
+++ b/0_core-infrastructure/virtual-network/README.md
@@ -42,6 +42,6 @@ Below is a list of variables used in this template, their expected values, types

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/10_migration-backup/README.md b/10_migration-backup/README.md
index bc37693..60f860b 100644
--- a/10_migration-backup/README.md
+++ b/10_migration-backup/README.md
@@ -20,6 +20,6 @@ Last updated: 2026-02-09

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/10_migration-backup/backup/README.md b/10_migration-backup/backup/README.md
index 56f9b20..b417f9e 100644
--- a/10_migration-backup/backup/README.md
+++ b/10_migration-backup/backup/README.md
@@ -53,6 +53,6 @@ terraform apply

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/10_migration-backup/site-recovery/README.md b/10_migration-backup/site-recovery/README.md
index af2fb1e..d048889 100644
--- a/10_migration-backup/site-recovery/README.md
+++ b/10_migration-backup/site-recovery/README.md
@@ -53,6 +53,6 @@ terraform apply

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/11_media-services/README.md b/11_media-services/README.md
index eedf7d8..44d0986 100644
--- a/11_media-services/README.md
+++ b/11_media-services/README.md
@@ -15,6 +15,6 @@ Last updated: 2026-02-09

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/1_storage-databases/README.md b/1_storage-databases/README.md
index 77a1b3b..9c2034d 100644
--- a/1_storage-databases/README.md
+++ b/1_storage-databases/README.md
@@ -27,6 +27,6 @@ Last updated: 2026-02-09

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/1_storage-databases/blob-storage/README.md b/1_storage-databases/blob-storage/README.md
index d549be2..822a7a5 100644
--- a/1_storage-databases/blob-storage/README.md
+++ b/1_storage-databases/blob-storage/README.md
@@ -46,6 +46,6 @@ Below is a list of variables used in this template, their expected values, types

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/1_storage-databases/cosmos-db/README.md b/1_storage-databases/cosmos-db/README.md
index 77d61c2..05abce3 100644
--- a/1_storage-databases/cosmos-db/README.md
+++ b/1_storage-databases/cosmos-db/README.md
@@ -41,6 +41,6 @@ Below is a list of variables used in this template, their expected values, types

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/1_storage-databases/data-lake-storage/README.md b/1_storage-databases/data-lake-storage/README.md
index f64aee3..ebb40ff 100644
--- a/1_storage-databases/data-lake-storage/README.md
+++ b/1_storage-databases/data-lake-storage/README.md
@@ -43,6 +43,6 @@ Below is a list of variables used in this template, their expected values, types

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/1_storage-databases/file-storage/README.md b/1_storage-databases/file-storage/README.md
index fcd4372..b26fca4 100644
--- a/1_storage-databases/file-storage/README.md
+++ b/1_storage-databases/file-storage/README.md
@@ -45,6 +45,6 @@ Below is a list of variables used in this template, their expected values, types

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/1_storage-databases/mongo-atlas/README.md b/1_storage-databases/mongo-atlas/README.md
index 8503024..d7a4d59 100644
--- a/1_storage-databases/mongo-atlas/README.md
+++ b/1_storage-databases/mongo-atlas/README.md
@@ -134,6 +134,6 @@ Below is a list of variables used in this template, their expected values, types

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/1_storage-databases/mongo-atlas/known_errors.md b/1_storage-databases/mongo-atlas/known_errors.md
index 12ddade..69f220f 100644
--- a/1_storage-databases/mongo-atlas/known_errors.md
+++ b/1_storage-databases/mongo-atlas/known_errors.md
@@ -63,6 +63,6 @@ Last updated: 2026-02-09

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/1_storage-databases/mysql-flexible-server/README.md b/1_storage-databases/mysql-flexible-server/README.md
index 04c7248..836f8ee 100644
--- a/1_storage-databases/mysql-flexible-server/README.md
+++ b/1_storage-databases/mysql-flexible-server/README.md
@@ -50,6 +50,6 @@ Below is a list of variables used in this template, their expected values, types

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/1_storage-databases/postgresql/README.md b/1_storage-databases/postgresql/README.md
index b6b86ba..2e66c0f 100644
--- a/1_storage-databases/postgresql/README.md
+++ b/1_storage-databases/postgresql/README.md
@@ -49,6 +49,6 @@ Below is a list of variables used in this template, their expected values, types

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/1_storage-databases/sql-database/README.md b/1_storage-databases/sql-database/README.md
index 15ed57d..5a78e09 100644
--- a/1_storage-databases/sql-database/README.md
+++ b/1_storage-databases/sql-database/README.md
@@ -45,6 +45,6 @@ Below is a list of variables used in this template, their expected values, types

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/1_storage-databases/storage-account/README.md b/1_storage-databases/storage-account/README.md
index 1d61c86..cceec25 100644
--- a/1_storage-databases/storage-account/README.md
+++ b/1_storage-databases/storage-account/README.md
@@ -43,6 +43,6 @@ Below is a list of variables used in this template, their expected values, types

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/2_compute-containers/README.md b/2_compute-containers/README.md
index ece79e9..d6474d6 100644
--- a/2_compute-containers/README.md
+++ b/2_compute-containers/README.md
@@ -25,6 +25,6 @@ Last updated: 2026-02-09

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/2_compute-containers/app-service/README.md b/2_compute-containers/app-service/README.md
index e61737f..eca0e78 100644
--- a/2_compute-containers/app-service/README.md
+++ b/2_compute-containers/app-service/README.md
@@ -44,6 +44,6 @@ Below is a list of variables used in this template, their expected values, types

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/2_compute-containers/batch/README.md b/2_compute-containers/batch/README.md
index 9eb9628..13efdc7 100644
--- a/2_compute-containers/batch/README.md
+++ b/2_compute-containers/batch/README.md
@@ -41,6 +41,6 @@ Below is a list of variables used in this template, their expected values, types

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/2_compute-containers/container-instances/README.md b/2_compute-containers/container-instances/README.md
index 82c31f6..18da208 100644
--- a/2_compute-containers/container-instances/README.md
+++ b/2_compute-containers/container-instances/README.md
@@ -46,6 +46,6 @@ Below is a list of variables used in this template, their expected values, types

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/2_compute-containers/function-app/README.md b/2_compute-containers/function-app/README.md
index f9e2e2c..ee54dfb 100644
--- a/2_compute-containers/function-app/README.md
+++ b/2_compute-containers/function-app/README.md
@@ -44,6 +44,6 @@ Below is a list of variables used in this template, their expected values, types

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/2_compute-containers/kubernetes-service/README.md b/2_compute-containers/kubernetes-service/README.md
index 1b64bf4..7efd936 100644
--- a/2_compute-containers/kubernetes-service/README.md
+++ b/2_compute-containers/kubernetes-service/README.md
@@ -51,6 +51,6 @@ Below is a list of variables used in this template, their expected values, types

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/2_compute-containers/virtual-desktop/README.md b/2_compute-containers/virtual-desktop/README.md
index 7886b30..8b6ad90 100644
--- a/2_compute-containers/virtual-desktop/README.md
+++ b/2_compute-containers/virtual-desktop/README.md
@@ -47,6 +47,6 @@ Below is a list of variables used in this template, their expected values, types

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/2_compute-containers/virtual-machine/README.md b/2_compute-containers/virtual-machine/README.md
index 534b4a2..007d349 100644
--- a/2_compute-containers/virtual-machine/README.md
+++ b/2_compute-containers/virtual-machine/README.md
@@ -46,6 +46,6 @@ Below is a list of variables used in this template, their expected values, types

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/3_networking/README.md b/3_networking/README.md
index e5f1184..af2177a 100644
--- a/3_networking/README.md
+++ b/3_networking/README.md
@@ -26,6 +26,6 @@ Last updated: 2026-02-09

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/3_networking/application-gateway/README.md b/3_networking/application-gateway/README.md
index 36d8f64..ed8aa19 100644
--- a/3_networking/application-gateway/README.md
+++ b/3_networking/application-gateway/README.md
@@ -66,6 +66,6 @@ terraform apply

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/3_networking/cdn/README.md b/3_networking/cdn/README.md
index 5dfaa95..cc554cb 100644
--- a/3_networking/cdn/README.md
+++ b/3_networking/cdn/README.md
@@ -58,6 +58,6 @@ terraform apply

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/3_networking/expressroute/README.md b/3_networking/expressroute/README.md
index 07d9e5f..d8431e5 100644
--- a/3_networking/expressroute/README.md
+++ b/3_networking/expressroute/README.md
@@ -61,6 +61,6 @@ terraform apply

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/3_networking/firewall/README.md b/3_networking/firewall/README.md
index 6190594..28a37a4 100644
--- a/3_networking/firewall/README.md
+++ b/3_networking/firewall/README.md
@@ -57,6 +57,6 @@ terraform apply

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/3_networking/front-door/README.md b/3_networking/front-door/README.md
index 6a6d28d..700731d 100644
--- a/3_networking/front-door/README.md
+++ b/3_networking/front-door/README.md
@@ -59,6 +59,6 @@ terraform apply

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/3_networking/load-balancer/README.md b/3_networking/load-balancer/README.md
index 2ba45c1..aab4cdb 100644
--- a/3_networking/load-balancer/README.md
+++ b/3_networking/load-balancer/README.md
@@ -72,6 +72,6 @@ terraform apply

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/3_networking/traffic-manager/README.md b/3_networking/traffic-manager/README.md
index 59489a7..ea9673f 100644
--- a/3_networking/traffic-manager/README.md
+++ b/3_networking/traffic-manager/README.md
@@ -64,6 +64,6 @@ terraform apply

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/3_networking/vpn-gateway/README.md b/3_networking/vpn-gateway/README.md
index a8e6d0e..acec542 100644
--- a/3_networking/vpn-gateway/README.md
+++ b/3_networking/vpn-gateway/README.md
@@ -58,6 +58,6 @@ terraform apply

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/4_identity-security/README.md b/4_identity-security/README.md
index 835ccb9..cfe708f 100644
--- a/4_identity-security/README.md
+++ b/4_identity-security/README.md
@@ -17,10 +17,11 @@ Last updated: 2026-02-09
- [Microsoft Entra ID (Entra ID)](./entra_id)
- [Azure Key Vault](./key-vault)
- [User Assigned Managed Identity](./managed-identity)
+- [Azure Policy Assignment](./policy)

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/4_identity-security/entra_id/README.md b/4_identity-security/entra_id/README.md
index 07cd184..ac6afb0 100644
--- a/4_identity-security/entra_id/README.md
+++ b/4_identity-security/entra_id/README.md
@@ -75,6 +75,6 @@ Below is a list of variables used in this template, their expected values, types

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/4_identity-security/key-vault/README.md b/4_identity-security/key-vault/README.md
index e562dda..fca8e9e 100644
--- a/4_identity-security/key-vault/README.md
+++ b/4_identity-security/key-vault/README.md
@@ -92,6 +92,6 @@ Below is a list of variables used in this template, their expected values, types

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/4_identity-security/managed-identity/README.md b/4_identity-security/managed-identity/README.md
index 8a74290..3933081 100644
--- a/4_identity-security/managed-identity/README.md
+++ b/4_identity-security/managed-identity/README.md
@@ -75,6 +75,6 @@ Last updated: 2026-02-09

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/4_identity-security/policy/README.md b/4_identity-security/policy/README.md
new file mode 100644
index 0000000..68219b2
--- /dev/null
+++ b/4_identity-security/policy/README.md
@@ -0,0 +1,92 @@
+# Terraform Template - Azure Policy Assignment (with Managed Identity)
+
+Costa Rica
+
+[](https://github.com/)
+[brown9804](https://github.com/brown9804)
+
+Last updated: 2026-02-10
+
+------------------------------------------
+
+> This template contains Terraform configurations to create an Azure Policy Assignment scoped to a Resource Group, using a User Assigned Managed Identity.
+
+
+
+
+
+
+
+> [!NOTE]
+> Some Azure Policies (for example, `DeployIfNotExists` / remediation scenarios) require an identity on the assignment. This template always creates a User Assigned Managed Identity and attaches it to the assignment.
+
+## File Descriptions
+
+- **main.tf**: Creates the Resource Group, User Assigned Managed Identity, and the Azure Policy Assignment.
+- **variables.tf**: Defines the input variables used in the Terraform configuration.
+- **provider.tf**: Configures the Azure provider to interact with Azure resources.
+- **terraform.tfvars**: Provides example values for the variables defined in `variables.tf`.
+- **outputs.tf**: Defines outputs such as the policy assignment ID and identity IDs.
+
+## Variables
+
+| Variable Name | Description | Type | Example Value |
+| --- | --- | --- | --- |
+| `resource_group_name` | The name of the Azure Resource Group to create and scope the assignment to. | string | `"rg-identity-security-dev"` |
+| `location` | The Azure region where the Resource Group and identity will be created. | string | `"East US"` |
+| `managed_identity_name` | The name of the User Assigned Managed Identity to create. | string | `"id-policy-identity-security-dev-001"` |
+| `policy_assignment_name` | The name of the Azure Policy Assignment. | string | `"pa-identity-security-dev-001"` |
+| `policy_definition_id` | The policy definition resource ID (built-in or custom). | string | `"/providers/Microsoft.Authorization/policyDefinitions/"` |
+| `policy_assignment_display_name` | Optional display name for the assignment. | string | `"Identity/Security policy assignment (dev)"` |
+| `policy_assignment_description` | Optional description for the assignment. | string | `"Example policy assignment scoped to a resource group."` |
+| `policy_parameters_json` | Optional policy parameters JSON string. | string | `jsonencode({ effect = { value = "Audit" } })` |
+| `enforce` | Whether the policy should be enforced. | bool | `true` |
+| `tags` | A map of tags to assign to the resources. | map(string) | `{ "env": "dev" }` |
+
+## Usage
+
+1. Authenticate:
+
+ ```sh
+ az login
+ ```
+
+2. Ensure Azure CLI has the correct active subscription:
+
+ ```sh
+ az account show
+ # If needed:
+ az account set --subscription ""
+ ```
+
+3. Initialize:
+
+ ```sh
+ terraform init -upgrade
+ ```
+
+4. Validate and plan:
+
+ ```sh
+ terraform validate
+ terraform plan
+ ```
+
+5. Apply:
+
+ ```sh
+ terraform apply -auto-approve
+ ```
+
+> [!NOTE]
+>
+> - This template creates the Resource Group for you.
+> - If you leave `policy_definition_id` as a placeholder, `terraform apply` will fail with `PolicyDefinitionNotFound`. Use Azure CLI to find a valid definition ID (built-in or custom), for example: `az policy definition list --query "[0].id" -o tsv`.
+> - If your policy requires remediation, you may need to grant the assignment identity additional Azure RBAC permissions at the assignment scope.
+
+
+
+

+
Refresh Date: 2026-02-10
+
+
diff --git a/4_identity-security/policy/main.tf b/4_identity-security/policy/main.tf
new file mode 100644
index 0000000..209a544
--- /dev/null
+++ b/4_identity-security/policy/main.tf
@@ -0,0 +1,44 @@
+# main.tf
+# This file contains the main configuration for creating an Azure Policy Assignment.
+# It creates a Resource Group, a User Assigned Managed Identity, and a Policy Assignment scoped to the Resource Group.
+
+resource "azurerm_resource_group" "example" {
+ name = var.resource_group_name
+ location = var.location
+
+ tags = var.tags
+}
+
+resource "azurerm_user_assigned_identity" "example" {
+ name = var.managed_identity_name
+ location = azurerm_resource_group.example.location
+ resource_group_name = azurerm_resource_group.example.name
+
+ tags = var.tags
+
+ depends_on = [
+ azurerm_resource_group.example
+ ]
+}
+
+resource "azurerm_resource_group_policy_assignment" "example" {
+ name = var.policy_assignment_name
+ resource_group_id = azurerm_resource_group.example.id
+ policy_definition_id = var.policy_definition_id
+
+ location = azurerm_resource_group.example.location
+ display_name = var.policy_assignment_display_name
+ description = var.policy_assignment_description
+ parameters = var.policy_parameters_json
+
+ enforce = var.enforce
+
+ identity {
+ type = "UserAssigned"
+ identity_ids = [azurerm_user_assigned_identity.example.id]
+ }
+
+ depends_on = [
+ azurerm_user_assigned_identity.example
+ ]
+}
diff --git a/4_identity-security/policy/outputs.tf b/4_identity-security/policy/outputs.tf
new file mode 100644
index 0000000..1cc74a4
--- /dev/null
+++ b/4_identity-security/policy/outputs.tf
@@ -0,0 +1,42 @@
+# outputs.tf
+# This file defines the outputs of the Terraform configuration.
+
+output "policy_assignment_id" {
+ description = "The resource ID of the Policy Assignment."
+ value = azurerm_resource_group_policy_assignment.example.id
+}
+
+output "policy_assignment_name" {
+ description = "The name of the Policy Assignment."
+ value = azurerm_resource_group_policy_assignment.example.name
+}
+
+output "policy_assignment_scope" {
+ description = "The scope of the Policy Assignment."
+ value = azurerm_resource_group.example.id
+}
+
+output "managed_identity_id" {
+ description = "The resource ID of the User Assigned Managed Identity used by the Policy Assignment."
+ value = azurerm_user_assigned_identity.example.id
+}
+
+output "managed_identity_name" {
+ description = "The name of the User Assigned Managed Identity used by the Policy Assignment."
+ value = azurerm_user_assigned_identity.example.name
+}
+
+output "managed_identity_client_id" {
+ description = "The client ID (application ID) of the User Assigned Managed Identity."
+ value = azurerm_user_assigned_identity.example.client_id
+}
+
+output "managed_identity_principal_id" {
+ description = "The principal ID (object ID) of the User Assigned Managed Identity."
+ value = azurerm_user_assigned_identity.example.principal_id
+}
+
+output "resource_group_name" {
+ description = "The name of the Resource Group created for this template."
+ value = azurerm_resource_group.example.name
+}
diff --git a/4_identity-security/policy/provider.tf b/4_identity-security/policy/provider.tf
new file mode 100644
index 0000000..ea7ee3c
--- /dev/null
+++ b/4_identity-security/policy/provider.tf
@@ -0,0 +1,25 @@
+# provider.tf
+# This file configures the Azure provider to interact with Azure resources.
+# It specifies the required provider and its version, along with provider-specific configurations.
+
+terraform {
+ required_version = ">= 1.8, < 2.0"
+
+ required_providers {
+ azurerm = {
+ source = "hashicorp/azurerm"
+ version = "~> 3.116"
+ }
+ }
+}
+
+provider "azurerm" {
+ features {
+ resource_group {
+ prevent_deletion_if_contains_resources = false
+ }
+ }
+
+ # Uses the current Azure CLI context (az login + az account set)
+ skip_provider_registration = false
+}
diff --git a/4_identity-security/policy/terraform.tfvars b/4_identity-security/policy/terraform.tfvars
new file mode 100644
index 0000000..76c27e0
--- /dev/null
+++ b/4_identity-security/policy/terraform.tfvars
@@ -0,0 +1,31 @@
+# Example values for the Azure Policy Assignment template
+
+resource_group_name = "rg-identity-security-dev"
+location = "East US"
+managed_identity_name = "id-policy-identity-security-dev-001"
+policy_assignment_name = "pa-identity-security-dev-001"
+
+# Provide a built-in or custom policy definition ID.
+# Example format: /providers/Microsoft.Authorization/policyDefinitions/
+# Tip: list definitions with:
+# az policy definition list --query "[0].id" -o tsv
+policy_definition_id = "/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945"
+
+# Optional
+policy_assignment_display_name = "Identity/Security policy assignment (dev)"
+policy_assignment_description = "Example policy assignment scoped to a resource group."
+
+# Optional parameters JSON (only if your policy expects parameters)
+# policy_parameters_json = jsonencode({
+# effect = {
+# value = "Audit"
+# }
+# })
+
+enforce = true
+
+tags = {
+ env = "dev"
+ app = "identity-security"
+ owner = "terraform"
+}
diff --git a/4_identity-security/policy/variables.tf b/4_identity-security/policy/variables.tf
new file mode 100644
index 0000000..6d4b94d
--- /dev/null
+++ b/4_identity-security/policy/variables.tf
@@ -0,0 +1,72 @@
+# variables.tf
+# This file defines the input variables used in the Terraform configuration.
+
+variable "resource_group_name" {
+ description = "The name of the Azure Resource Group to create and scope the Policy Assignment to."
+ type = string
+}
+
+variable "location" {
+ description = "The Azure region where the Resource Group (and Managed Identity) will be created."
+ type = string
+}
+
+variable "managed_identity_name" {
+ description = "The name of the User Assigned Managed Identity to create for the Policy Assignment."
+ type = string
+
+ validation {
+ condition = length(trimspace(var.managed_identity_name)) > 0
+ error_message = "managed_identity_name must not be empty."
+ }
+}
+
+variable "policy_assignment_name" {
+ description = "The name of the Azure Policy Assignment."
+ type = string
+
+ validation {
+ condition = length(trimspace(var.policy_assignment_name)) > 0 && length(var.policy_assignment_name) <= 64
+ error_message = "policy_assignment_name must be 1-64 characters."
+ }
+}
+
+variable "policy_definition_id" {
+ description = "The resource ID of the Policy Definition (built-in or custom) to assign. Example: /providers/Microsoft.Authorization/policyDefinitions/"
+ type = string
+
+ validation {
+ condition = length(trimspace(var.policy_definition_id)) > 0
+ error_message = "policy_definition_id must not be empty."
+ }
+}
+
+variable "policy_assignment_display_name" {
+ description = "Optional display name for the Policy Assignment."
+ type = string
+ default = null
+}
+
+variable "policy_assignment_description" {
+ description = "Optional description for the Policy Assignment."
+ type = string
+ default = null
+}
+
+variable "policy_parameters_json" {
+ description = "Optional policy parameters JSON string. Example: jsonencode({ effect = { value = \"Audit\" } })"
+ type = string
+ default = null
+}
+
+variable "enforce" {
+ description = "Whether the Policy Assignment should be enforced. Defaults to true."
+ type = bool
+ default = true
+}
+
+variable "tags" {
+ description = "A map of tags to assign to the resources."
+ type = map(string)
+ default = {}
+}
diff --git a/5_analytics-bigdata/README.md b/5_analytics-bigdata/README.md
index a008557..a0b4069 100644
--- a/5_analytics-bigdata/README.md
+++ b/5_analytics-bigdata/README.md
@@ -15,6 +15,6 @@ Last updated: 2026-02-09

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/6_monitoring-management/README.md b/6_monitoring-management/README.md
index 888521f..b80cf97 100644
--- a/6_monitoring-management/README.md
+++ b/6_monitoring-management/README.md
@@ -15,6 +15,6 @@ Last updated: 2026-02-09

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/7_iot/README.md b/7_iot/README.md
index 7fe7b8e..b1961ff 100644
--- a/7_iot/README.md
+++ b/7_iot/README.md
@@ -15,6 +15,6 @@ Last updated: 2026-02-09

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/8_ai-ml/README.md b/8_ai-ml/README.md
index 8ebdf19..100f86c 100644
--- a/8_ai-ml/README.md
+++ b/8_ai-ml/README.md
@@ -15,6 +15,6 @@ Last updated: 2026-02-09

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/9_developer-tools/README.md b/9_developer-tools/README.md
index d809768..5c147e6 100644
--- a/9_developer-tools/README.md
+++ b/9_developer-tools/README.md
@@ -15,6 +15,6 @@ Last updated: 2026-02-09

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10
diff --git a/README.md b/README.md
index 0964255..8dd3dc0 100644
--- a/README.md
+++ b/README.md
@@ -208,7 +208,7 @@ graph TD;

-
Refresh Date: 2026-02-09
+
Refresh Date: 2026-02-10