terraform/examples/azure-encrypt-running-linux-vm/README.md

3.2 KiB
Raw Blame History

Enable encryption on a running Linux VM.

This Terraform template was based on this Azure Quickstart Template. Changes to the ARM template that may have occurred since the creation of this example may not be reflected in this Terraform template.

This template enables encryption on a running linux vm using AAD client secret. This template assumes that the VM is located in the same region as the resource group. If not, please edit the template to pass appropriate location for the VM sub-resources.

Prerequisites:

Azure Disk Encryption securely stores the encryption secrets in a specified Azure Key Vault.

Create the Key Vault and assign appropriate access policies. You may use this script to ensure that your vault is properly configured: AzureDiskEncryptionPreRequisiteSetup.ps1

Use the below PS cmdlet for getting the key_vault_secret_url and key_vault_resource_id.

    Get-AzureRmKeyVault -VaultName $KeyVaultName -ResourceGroupName $rgname

References:

main.tf

The main.tf file contains the actual resources that will be deployed. It also contains the Azure Resource Group definition and any defined variables.

outputs.tf

This data is outputted when terraform apply is called, and can be queried using the terraform output command.

provider.tf

You may leave the provider block in the main.tf, as it is in this template, or you can create a file called provider.tf and add it to your .gitignore file.

Azure requires that an application is added to Azure Active Directory to generate the client_id, client_secret, and tenant_id needed by Terraform (subscription_id can be recovered from your Azure account details). Please go here for full instructions on how to create this to populate your provider.tf file.

terraform.tfvars

If a terraform.tfvars or any .auto.tfvars files are present in the current directory, Terraform automatically loads them to populate variables. We don't recommend saving usernames and password to version control, but you can create a local secret variables file and use the -var-file flag or the .auto.tfvars extension to load it.

If you are committing this template to source control, please insure that you add this file to your .gitignore file.

variables.tf

The variables.tf file contains all of the input parameters that the user can specify when deploying this Terraform template.

graph