stackoom
  简体   繁体   中英

Azure Disk Encryption with Terraform for multiple disks

 原文  2021-12-17 15:05:41       azure/ encryption/ terraform/ disk

Question

So i can encrypt the os disk with Terrafrom from what i have seen on this site. But how do i encrypt the data disks as well? I thought maybe "VolumeType": "All" would cover all disks but that did not happen. This code works for encrypting os disk... what do i need to do for multiple disks? I am stuck.

Thanks!

provider "azurerm" {
  features {}
}

data "azurerm_key_vault" "keyvault" {
  name                = "testkeyvault1"
  resource_group_name = "testRG1"
}

resource "azurerm_virtual_machine_extension" "vmextension" {
   name                       = "DiskEncryption"
   virtual_machine_id         = "/subscriptions/<sub id>/resourceGroups/TESTRG1/providers/Microsoft.Compute/virtualMachines/testvm-1"
  publisher                  = "Microsoft.Azure.Security"
  type                       = "AzureDiskEncryption"
  type_handler_version       = "2.2"
  #auto_upgrade_minor_version = true

  settings = <<SETTINGS
    {
        "EncryptionOperation": "EnableEncryption",
        "KeyVaultURL": "${data.azurerm_key_vault.keyvault.vault_uri}",
        "KeyVaultResourceId": "${data.azurerm_key_vault.keyvault.id}",                  
        "KeyEncryptionKeyURL": "https://testkeyvault1-1.vault.azure.net/keys/testKey/314c507de8a047a5bfeeb477efcbff60",
        "KekVaultResourceId": "${data.azurerm_key_vault.keyvault.id}",                  
        "KeyEncryptionAlgorithm": "RSA-OAEP",
        "VolumeType": "All"
    }
SETTINGS

  tags = {
    Environment = "test"
  }
}

1 answers

solution1
 1 ACCPTED  2021-12-20 12:00:37

I tested your code for a newly created VM with 2 Data Disks and it was the same for me as well, If I keep "Volume: ALL" then also only OS Disk get ADE enabled and not the data disks if I verify from portal or Azure CLI.

在此处输入图像描述

Solution for it will be as below:

Please make sure that the attached data disks are added as volumes and are formatted from within the VM before adding the extension from Terraform.

在此处输入图像描述

Once the above is done and you do a terraform apply to your code, After successful apply it will reflect on Portal and as well as inside the VM.

在此处输入图像描述

在此处输入图像描述

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Multiple VMs & Disks Using Terraform Azure Terraform Backend in azure with managed disks Azure Disk Encryption - via Terraform with Key vault - VmExtensionProvisioningError Azure Disk Encryption (ADE) for AKS cluster node's OS & Data disks Azure disk encryption for Linux VM How to config backups of Azure Managed Disks from Terraform? How to get the disk capacity and free space of unattached disks in Azure Using Azure Encryption for a Linux IaaS VM and its attached hard disks Azure Vm Backup - change from OS Disk only to all disks Terraform Azure provider - VM encryption at rest
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM