Skip to content

enable-at-rest-encryption

Default Severity: high

Explanation

Datalake storage encryption defaults to Enabled, it shouldn't be overridden to Disabled.

Possible Impact

Data could be read if compromised

Suggested Resolution

Enable encryption of data lake storage

Insecure Example

The following example will fail the azure-datalake-enable-at-rest-encryption check.

 resource "azurerm_data_lake_store" "bad_example" {
    encryption_state = "Disabled"
 }

Secure Example

The following example will pass the azure-datalake-enable-at-rest-encryption check.

 resource "azurerm_data_lake_store" "good_example" {
    encryption_state = "Enabled"
 }