enable-at-rest-encryption
Default Severity: high
Explanation
Datalake storage encryption defaults to Enabled, it shouldn't be overridden to Disabled.
Possible Impact
Data could be read if compromised
Suggested Resolution
Enable encryption of data lake storage
Insecure Example
The following example will fail the azure-datalake-enable-at-rest-encryption check.
resource "azurerm_data_lake_store" "bad_example" {
encryption_state = "Disabled"
}
Secure Example
The following example will pass the azure-datalake-enable-at-rest-encryption check.
resource "azurerm_data_lake_store" "good_example" {
encryption_state = "Enabled"
}