Azure Compute Disk Encryption Set
This page shows how to write Terraform and Azure Resource Manager for Compute Disk Encryption Set and write them securely.
azurerm_disk_encryption_set (Terraform)
The Disk Encryption Set in Compute can be configured in Terraform with the resource name azurerm_disk_encryption_set. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "azurerm_disk_encryption_set" "disk_encryption_set" {
count = length(var.disk_encryption_set)
name = lookup(var.disk_encryption_set[count.index], "name")
resource_group_name = element(var.resource_group_name, lookup(var.disk_encryption_set[count.index], "resource_group_id"))
location = element(var.location, lookup(var.disk_encryption_set[count.index], "location_id"))
key_vault_key_id = element(var.key_vault_key_id, lookup(var.disk_encryption_set[count.index], "key_vault_key_id"))
resource "azurerm_disk_encryption_set" "encryption_set" {
name = var.settings.name
resource_group_name = var.resource_groups[var.settings.resource_group_key].name
location = lookup(var.settings, "region", null) == null ? var.resource_groups[var.settings.resource_group_key].location : var.global_settings.regions[var.settings.region]
key_vault_key_id = var.key_vault_key_ids[var.settings.key_vault_key_key].id
resource "azurerm_disk_encryption_set" "example" {
name = var.name
resource_group_name = module.resource_group.azurerm_resource_group.example.name
location = module.resource_group.azurerm_resource_group.example.location
key_vault_key_id = module.key_vault_key.azurerm_key_vault_key.example.example.id
resource "azurerm_disk_encryption_set" "des" {
name = "des"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
key_vault_key_id = azurerm_key_vault_key.encryption_key.id
resource "azurerm_disk_encryption_set" "encryption_set" {
name = var.settings.name
resource_group_name = var.resource_groups[var.settings.resource_group_key].name
location = lookup(var.settings, "region", null) == null ? var.resource_groups[var.settings.resource_group_key].location : var.global_settings.regions[var.settings.region]
key_vault_key_id = var.key_vault_key_ids[var.settings.key_vault_key_key].id
resource "azurerm_disk_encryption_set" "encryption_set" {
name = var.settings.name
resource_group_name = var.resource_groups[var.settings.resource_group_key].name
location = lookup(var.settings, "region", null) == null ? var.resource_groups[var.settings.resource_group_key].location : var.global_settings.regions[var.settings.region]
key_vault_key_id = var.key_vault_key_ids[var.settings.key_vault_key_key].id
resource "azurerm_disk_encryption_set" "this" {
key_vault_key_id = var.key_vault_key_id
location = var.location
name = var.name
resource_group_name = var.resource_group_name
tags = var.tags
resource "azurerm_disk_encryption_set" "des" {
name = var.des_name
resource_group_name = var.resource_group_name
location = var.location
key_vault_key_id = azurerm_key_vault_key.des_key.id
resource "azurerm_disk_encryption_set" "des" {
name = var.des_name
resource_group_name = var.resource_group_name
location = var.location
key_vault_key_id = azurerm_key_vault_key.des_key.id
resource "azurerm_disk_encryption_set" "des" {
name = var.des_name
resource_group_name = var.resource_group_name
location = var.location
key_vault_key_id = data.azurerm_key_vault_key.kek.id
tags = var.tags
Parameters
-
idoptional computed - string -
key_vault_key_idrequired - string -
locationrequired - string -
namerequired - string -
resource_group_namerequired - string -
tagsoptional - map from string to string -
identitylist block-
principal_idoptional computed - string -
tenant_idoptional computed - string -
typerequired - string
-
-
timeoutssingle block
Explanation in Terraform Registry
Manages a Disk Encryption Set.
Tips: Best Practices for The Other Azure Compute Resources
In addition to the azurerm_linux_virtual_machine, Azure Compute has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
azurerm_linux_virtual_machine
Ensure to use SSH authentication for virtual machines
It is better to use SSH authentication for virtual machines instead of password authentication to enforce more secure ways.
azurerm_managed_disk
Ensure to enable the encryption on managed disks
It is better to enable the encryption on managed disks.
azurerm_virtual_machine
Ensure to use SSH authentication for virtual machines
It is better to use SSH authentication for virtual machines instead of password authentication to enforce more secure ways.
Microsoft.Compute/diskEncryptionSets (Azure Resource Manager)
The diskEncryptionSets in Microsoft.Compute can be configured in Azure Resource Manager with the resource name Microsoft.Compute/diskEncryptionSets. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
"type": "Microsoft.Compute/diskEncryptionSets",
"location": "westus",
"tags": {
"department": "Development",
"project": "Encryption"
},
"type": "Microsoft.Compute/diskEncryptionSets",
"location": "westus",
"tags": {
"department": "Development",
"project": "Encryption"
},
"type": "Microsoft.Compute/diskEncryptionSets"
}
"type": "Microsoft.Compute/diskEncryptionSets"
}
"type": "Microsoft.Compute/diskEncryptionSets"
}
"type": "Microsoft.Compute/diskEncryptionSets"
}
"type": "Microsoft.Compute/diskEncryptionSets",
"location": "westus",
"tags": {
"department": "Development",
"project": "Encryption"
},
"type": "Microsoft.Compute/diskEncryptionSets",
"location": "westus",
"tags": {
"department": "Development",
"project": "Encryption"
},
"type": "Microsoft.Compute/diskEncryptionSets",
"location": "westus",
"tags": {
"department": "Development",
"project": "Encryption"
},
"type": "Microsoft.Compute/diskEncryptionSets",
"location": "westus",
"tags": {
"department": "Development",
"project": "Encryption"
},
Frequently asked questions
What is Azure Compute Disk Encryption Set?
Azure Compute Disk Encryption Set is a resource for Compute of Microsoft Azure. Settings can be wrote in Terraform.
Where can I find the example code for the Azure Compute Disk Encryption Set?
For Terraform, the mikamakusa/terraform, anmoltoppo/Terraform and VentsislavDinev/en_sample source code examples are useful. See the Terraform Example section for further details.
For Azure Resource Manager, the Azure/autorest.az, Azure/autorest.az and blinkops/blink-azure-query source code examples are useful. See the Azure Resource Manager Example section for further details.
