Ensure Azure Windows VM enables encryption

Error: Azure Windows VM does not enable encryption

Bridgecrew Policy ID: BC_AZR_GENERAL_89
Checkov Check ID: CKV_AZURE_151
Severity: LOW

Azure Windows VM does not enable encryption

Description

Enabling encryption for your Azure Windows virtual machine (VM) can help improve the security of your VM and its data. Encryption helps protect data by encoding it in such a way that it can only be accessed by authorized users.

Fix - Runtime

Fix - Buildtime

Terraform

Resource: azurerm_windows_virtual_machine
Argument: encryption_at_host_enabled

resource "azurerm_windows_virtual_machine" "pass" {
  name                = "example-machine"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  size                = "Standard_F2"
  admin_username      = "adminuser"
  admin_password      = "P@$$w0rd1234!"

  network_interface_ids = [
    azurerm_network_interface.example.id,
  ]

  os_disk {
    caching              = "ReadWrite"
    storage_account_type = "Standard_LRS"
  }

  source_image_reference {
    publisher = "MicrosoftWindowsServer"
    offer     = "WindowsServer"
    sku       = "2016-Datacenter"
    version   = "latest"
  }

   encryption_at_host_enabled=true
}

Updated 9 months ago