Ensure Data Lake Store accounts enable encryption

Error: Unencrypted Data Lake Store accounts

Bridgecrew Policy ID: BC_AZR_GENERAL_22
Checkov Check ID: CKV_AZURE_105
Severity: MEDIUM

Unencrypted Data Lake Store accounts

Description

‎Azure Data Lake Storage Gen2 is a set of capabilities dedicated to big data analytics, built on Azure Blob storage. Data Lake Storage Gen2 converges the capabilities of Azure Data Lake Storage Gen1 with Azure Blob storage. Data Lake Storage Gen1 supports encryption of data both at rest and in transit. For data at rest, Data Lake Storage Gen1 supports "on by default," transparent encryption.

Fix - Buildtime

Terraform

  • Resource: xyz
  • Argument: encryption_state - (Optional) Is Encryption enabled on this Data Lake Store Account? Possible values are Enabled or Disabled. Defaults to Enabled.

encryption_type - (Optional) The Encryption Type used for this Data Lake Store Account. Currently can be set to ServiceManaged when encryption_state is Enabled - and must be a blank string when it's Disabled.

resource "azurerm_data_lake_store" "example" {
  ...
  encryption_state    = "Enabled"
  encryption_type     = "ServiceManaged"
}