Open magnus-longva-bouvet opened 1 week ago
Hi @magnus-longva-bouvet
There is an issue with this policy as it's not technically possible to disable blob encryption. The AzureRM provider removed the ability to set this value as the service always sets this to true despite the value in the payload.
We have an open issue about it on the enterprise scale repo.
Is there an existing issue for this?
Description
The Azure Enterprise Scale repository includes a policy initiative called Enforce recommended guardrails for Storage. I can't make a valid configuration of this module which is compliant with this initiative.
Here's my attempt
This deployment fails with this error
I don't see any option in this module to make the field
encryption.services.blob.enabled
equal totrue
.New or Affected Resource(s)/Data Source(s)
azurerm_storage_account.this
Potential Terraform Configuration
References
This seems sort of similar, but this guy has a different problem with some different policy which is also called a guardrail.
https://github.com/Azure/terraform-azurerm-avm-res-storage-storageaccount/issues/41