Unencrypted managed disk.

Explanation

Manage disks should be encrypted at rest. When specifying the encryption_settings block, the enabled attribute should be set to true.

Insecure Example

The following example will fail the AZU003 check.

resource "azurerm_managed_disk" "my-disk" {
	encryption_settings {
		enabled = false
	}
}

Secure Example

The following example will pass the AZU003 check.

resource "azurerm_managed_disk" "my-disk" {
	encryption_settings {
		enabled = true
	}
}

Related Links

• https://docs.microsoft.com/en-us/azure/virtual-machines/linux/disk-encryption

• https://www.terraform.io/docs/providers/azurerm/r/managed_disk.html