test 9

Error: Virtual Machine scale sets do not have encryption at host enabled

Bridgecrew Policy ID: BC_AZR_GENERAL_999

Virtual Machine scale sets do not have encryption at host enabled

Description

TBA

Fix - Buildtime

Terraform

  • Resource: azurerm_windows_virtual_machine_scale_set
  • Argument: encryption_at_host_enabled
resource "azurerm_windows_virtual_machine_scale_set" "example" {
                  name                = "example-vmss"
                  resource_group_name = azurerm_resource_group.example.name
                  location            = azurerm_resource_group.example.location
                  sku                 = "Standard_F2"
                  instances           = 1
                  admin_password      = "[email protected]!"
                  admin_username      = "adminuser"
  +               encryption_at_host_enabled = true
                  source_image_reference {
                    publisher = "MicrosoftWindowsServer"
                    offer     = "WindowsServer"
                    sku       = "2016-Datacenter-Server-Core"
                    version   = "latest"
                  }
                  os_disk {
                    storage_account_type = "Standard_LRS"
                    caching              = "ReadWrite"
                  }
                  network_interface {
                    name    = "example"
                    primary = true
                    ip_configuration {
                      name      = "internal"
                      primary   = true
                      subnet_id = azurerm_subnet.internal.id
                    }
                  }

Did this page help you?