Ensure Data Lake Store accounts enable encryption
Error: Unencrypted Data Lake Store accounts
Bridgecrew Policy ID: BC_AZR_GENERAL_22
Checkov Check ID: CKV_AZURE_105
Severity: MEDIUM
Unencrypted Data Lake Store accounts
Description
Azure Data Lake Storage Gen2 is a set of capabilities dedicated to big data analytics, built on Azure Blob storage. Data Lake Storage Gen2 converges the capabilities of Azure Data Lake Storage Gen1 with Azure Blob storage. Data Lake Storage Gen1 supports encryption of data both at rest and in transit. For data at rest, Data Lake Storage Gen1 supports "on by default," transparent encryption.
Fix - Buildtime
Terraform
- Resource: xyz
- Argument: encryption_state - (Optional) Is Encryption enabled on this Data Lake Store Account? Possible values are Enabled or Disabled. Defaults to Enabled.
encryption_type - (Optional) The Encryption Type used for this Data Lake Store Account. Currently can be set to ServiceManaged when encryption_state is Enabled - and must be a blank string when it's Disabled.
resource "azurerm_data_lake_store" "example" {
...
encryption_state = "Enabled"
encryption_type = "ServiceManaged"
}
Updated 10 months ago