pulumi_wasm_providers_azure_mini::compute

Module disk_encryption_set

source
Expand description

Manages a Disk Encryption Set.

NOTE: At this time the Key Vault used to store the Active Key for this Disk Encryption Set must have both Soft Delete & Purge Protection enabled - which are not yet supported by this provider.

§Example Usage

resources:
  example:
    type: azure:core:ResourceGroup
    properties:
      name: example-resources
      location: West Europe
  exampleKeyVault:
    type: azure:keyvault:KeyVault
    name: example
    properties:
      name: des-example-keyvault
      location: ${example.location}
      resourceGroupName: ${example.name}
      tenantId: ${current.tenantId}
      skuName: premium
      enabledForDiskEncryption: true
      purgeProtectionEnabled: true
  exampleKey:
    type: azure:keyvault:Key
    name: example
    properties:
      name: des-example-key
      keyVaultId: ${exampleKeyVault.id}
      keyType: RSA
      keySize: 2048
      keyOpts:
        - decrypt
        - encrypt
        - sign
        - unwrapKey
        - verify
        - wrapKey
    options:
      dependsOn:
        - ${["example-user"]}
  exampleDiskEncryptionSet:
    type: azure:compute:DiskEncryptionSet
    name: example
    properties:
      name: des
      resourceGroupName: ${example.name}
      location: ${example.location}
      keyVaultKeyId: ${exampleKey.id}
      identity:
        type: SystemAssigned
  example-disk:
    type: azure:keyvault:AccessPolicy
    properties:
      keyVaultId: ${exampleKeyVault.id}
      tenantId: ${exampleDiskEncryptionSet.identity.tenantId}
      objectId: ${exampleDiskEncryptionSet.identity.principalId}
      keyPermissions:
        - Create
        - Delete
        - Get
        - Purge
        - Recover
        - Update
        - List
        - Decrypt
        - Sign
  example-user:
    type: azure:keyvault:AccessPolicy
    properties:
      keyVaultId: ${exampleKeyVault.id}
      tenantId: ${current.tenantId}
      objectId: ${current.objectId}
      keyPermissions:
        - Create
        - Delete
        - Get
        - Purge
        - Recover
        - Update
        - List
        - Decrypt
        - Sign
        - GetRotationPolicy
  example-diskAssignment:
    type: azure:authorization:Assignment
    name: example-disk
    properties:
      scope: ${exampleKeyVault.id}
      roleDefinitionName: Key Vault Crypto Service Encryption User
      principalId: ${exampleDiskEncryptionSet.identity.principalId}
variables:
  current:
    fn::invoke:
      function: azure:core:getClientConfig
      arguments: {}

§With Automatic Key Rotation Enabled

resources:
  example:
    type: azure:core:ResourceGroup
    properties:
      name: example-resources
      location: West Europe
  exampleKeyVault:
    type: azure:keyvault:KeyVault
    name: example
    properties:
      name: des-example-keyvault
      location: ${example.location}
      resourceGroupName: ${example.name}
      tenantId: ${current.tenantId}
      skuName: premium
      enabledForDiskEncryption: true
      purgeProtectionEnabled: true
  exampleKey:
    type: azure:keyvault:Key
    name: example
    properties:
      name: des-example-key
      keyVaultId: ${exampleKeyVault.id}
      keyType: RSA
      keySize: 2048
      keyOpts:
        - decrypt
        - encrypt
        - sign
        - unwrapKey
        - verify
        - wrapKey
    options:
      dependsOn:
        - ${["example-user"]}
  exampleDiskEncryptionSet:
    type: azure:compute:DiskEncryptionSet
    name: example
    properties:
      name: des
      resourceGroupName: ${example.name}
      location: ${example.location}
      keyVaultKeyId: ${exampleKey.versionlessId}
      autoKeyRotationEnabled: true
      identity:
        type: SystemAssigned
  example-disk:
    type: azure:keyvault:AccessPolicy
    properties:
      keyVaultId: ${exampleKeyVault.id}
      tenantId: ${exampleDiskEncryptionSet.identity.tenantId}
      objectId: ${exampleDiskEncryptionSet.identity.principalId}
      keyPermissions:
        - Create
        - Delete
        - Get
        - Purge
        - Recover
        - Update
        - List
        - Decrypt
        - Sign
  example-user:
    type: azure:keyvault:AccessPolicy
    properties:
      keyVaultId: ${exampleKeyVault.id}
      tenantId: ${current.tenantId}
      objectId: ${current.objectId}
      keyPermissions:
        - Create
        - Delete
        - Get
        - Purge
        - Recover
        - Update
        - List
        - Decrypt
        - Sign
        - GetRotationPolicy
  example-diskAssignment:
    type: azure:authorization:Assignment
    name: example-disk
    properties:
      scope: ${exampleKeyVault.id}
      roleDefinitionName: Key Vault Crypto Service Encryption User
      principalId: ${exampleDiskEncryptionSet.identity.principalId}
variables:
  current:
    fn::invoke:
      function: azure:core:getClientConfig
      arguments: {}

§Import

Disk Encryption Sets can be imported using the resource id, e.g.

$ pulumi import azure:compute/diskEncryptionSet:DiskEncryptionSet example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Compute/diskEncryptionSets/encryptionSet1

Structs§

Functions§

  • create
    Registers a new resource with the given unique name and arguments