Ensure managed disks use a specific set of disk encryption sets for customer-managed key encryption
Error: Managed disks do not use a specific set of disk encryption sets for customer-managed key encryption
Bridgecrew Policy ID: BC_AZR_GENERAL_29
Checkov Check ID: CKV_AZURE_93
Severity: LOW
Managed disks do not use a specific set of disk encryption sets for customer-managed key encryption
Description
Requiring a specific set of disk encryption sets to be used with managed disks give you control over the keys used for encryption at rest. You are able to select the allowed encrypted sets and all others are rejected when attached to a disk.
Fix - Buildtime
Terraform
- Resource: azurerm_managed_disk
- Argument: disk_encryption_set_id
resource "azurerm_managed_disk" "source" {
name = "acctestmd1"
location = "West US 2"
resource_group_name = azurerm_resource_group.example.name
storage_account_type = "Standard_LRS"
create_option = "Empty"
disk_size_gb = "1"
+ disk_encryption_set_id = "koko"
tags = {
environment = "staging"
}
}
Updated 10 months ago