Unencrypted managed disk.
Explanation
Manage disks should be encrypted at rest. When specifying the encryption_settings
block, the enabled attribute should be set to true
.
Insecure Example
The following example will fail the AZU003 check.
resource "azurerm_managed_disk" "my-disk" {
encryption_settings {
enabled = false
}
}
Secure Example
The following example will pass the AZU003 check.
resource "azurerm_managed_disk" "my-disk" {
encryption_settings {
enabled = true
}
}