Azure Linux and Windows Virtual Machines does not utilize Managed Disks
Description
Using Azure Managed disk over traditional BLOB based VHD's has more advantage features like Managed disks are by default encrypted, reduces cost over storage accounts and more resilient as Microsoft will manage the disk storage and move around if underlying hardware goes faulty. It is recommended to move BLOB based VHD's to Managed Disks.
Code Example
go
{
"resource "azurerm_windows_virtual_machine" "example" {
...
+ storage_os_disk {
name = "myosdisk1"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type = "Standard_LRS"
}
...
} ",
}Remediation
- In Azure CLI*
. Log in to the Azure Portal
. Select 'Virtual Machines' from the left pane
. Select the reported virtual machine
. Select 'Disks' under 'Settings'
. Click on 'Migrate to managed disks'
. Select 'Migrate'", "remediable": false, === Fix - Buildtime
Terraform
- Resource: azurerm_windows_virtual_machine
- Arguments: storage_os_disk
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0599 |
| Severity | LOW |
| IaC Type | arm |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AZURE_92 |