Managed disks do not use a specific set of disk encryption sets for customer-managed key encryption

Description

Requiring a specific set of disk encryption sets to be used with managed disks give you control over the keys used for encryption at rest. You are able to select the allowed encrypted sets and all others are rejected when attached to a disk.

Code Example

resource "azurerm_managed_disk" "source" {
              name                 = "acctestmd1"
              location             = "West US 2"
              resource_group_name  = azurerm_resource_group.example.name
              storage_account_type = "Standard_LRS"
              create_option        = "Empty"
              disk_size_gb         = "1"
+             disk_encryption_set_id = "koko"
              tags = {
                environment = "staging"
              }
            }

Remediation

Terraform

Resource: azurerm_managed_disk
Arguments: disk_encryption_set_id

Rule Details

Field	Value
ID	IAC-0600
Severity	LOW
IaC Type	arm
Frameworks	Terraform, TerraformPlan
Checkov ID	CKV_AZURE_93

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Managed disks do not use a specific set of disk encryption sets for customer-managed key encryption

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Managed disks do not use a specific set of disk encryption sets for customer-managed key encryption ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Managed disks do not use a specific set of disk encryption sets for customer-managed key encryption

Description

Code Example

Remediation

Rule Details

References