AZU003

Unencrypted managed disk.

Explanation

Manage disks should be encrypted at rest. When specifying the encryption_settings block, the enabled attribute should be set to true.

Insecure Example

The following example will fail the AZU003 check.

resource "azurerm_managed_disk" "my-disk" {
	encryption_settings {
		enabled = false
	}
}

Secure Example

The following example will pass the AZU003 check.

resource "azurerm_managed_disk" "my-disk" {
	encryption_settings {
		enabled = true
	}
}