CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-CC-00507
- creditSnyk Research Team
Description
Encrypting the virtual machine's data disks ensures that its entire content is fully unrecoverable without a key and thus protects the volume from unwarranted reads.
How to fix?
Set properties.encryptionSettings.enabled attribute to true.
Configure an encryption_settings.disk_encryption_key or disk_encryption_set_id for Encryption.
For Azure provider versions <= 3.25.0, set the encryption_settings.enabled attribute to true.
Example Configuration
resource "azurerm_managed_disk" "allowed" {
name = "acctestmdallowed507"
location = azurerm_resource_group.example507.location
resource_group_name = azurerm_resource_group.example507.name
storage_account_type = "Standard_LRS"
create_option = "Empty"
disk_size_gb = "1"
encryption_settings {
enabled = true
disk_encryption_key {
secret_url = azurerm_key_vault_secret.example507.id
source_vault_id = azurerm_key_vault.example507.id
}
}
}
resource "azurerm_managed_disk" "allowed2" {
name = "acctestmdallowed2507"
location = azurerm_resource_group.example507.location
resource_group_name = azurerm_resource_group.example507.name
storage_account_type = "Standard_LRS"
create_option = "Empty"
disk_size_gb = "1"
disk_encryption_set_id = azurerm_disk_encryption_set.example507.id
}