Azure Disk Encryption with Terraform for multiple disks
So i can encrypt the os disk with Terrafrom from what i have seen on this site. But how do i encrypt the data disks as well? I thought maybe "VolumeType": "All" would cover all disks but that did not happen. This code works for encrypting os disk... what do i need to do for multiple disks? I am stuck.
Thanks!
provider "azurerm" {
features {}
}
data "azurerm_key_vault" "keyvault" {
name = "testkeyvault1"
resource_group_name = "testRG1"
}
resource "azurerm_virtual_machine_extension" "vmextension" {
name = "DiskEncryption"
virtual_machine_id = "/subscriptions/<sub id>/resourceGroups/TESTRG1/providers/Microsoft.Compute/virtualMachines/testvm-1"
publisher = "Microsoft.Azure.Security"
type = "AzureDiskEncryption"
type_handler_version = "2.2"
#auto_upgrade_minor_version = true
settings = <<SETTINGS
{
"EncryptionOperation": "EnableEncryption",
"KeyVaultURL": "${data.azurerm_key_vault.keyvault.vault_uri}",
"KeyVaultResourceId": "${data.azurerm_key_vault.keyvault.id}",
"KeyEncryptionKeyURL": "https://testkeyvault1-1.vault.azure.net/keys/testKey/314c507de8a047a5bfeeb477efcbff60",
"KekVaultResourceId": "${data.azurerm_key_vault.keyvault.id}",
"KeyEncryptionAlgorithm": "RSA-OAEP",
"VolumeType": "All"
}
SETTINGS
tags = {
Environment = "test"
}
}
I tested your code for a newly created VM with 2 Data Disks and it was the same for me as well , If I keep "Volume: ALL" then also only OS Disk get ADE enabled and not the data disks if I verify from portal or Azure CLI.
Solution for it will be as below :
Please make sure that the attached data disks are added as volumes and are formatted from within the VM before adding the extension from Terraform.
Once the above is done and you do a terraform apply to your code , After successful apply it will reflect on Portal and as well as inside the VM.
