search

microsoft / AzureTRE

An accelerator to help organizations build Trusted Research Environments on Azure.
https://microsoft.github.io/AzureTRE
MIT License
185 stars 145 forks source link

Enable storage account infrastructure encryption #4139

Open jonnyry opened 1 week ago

jonnyry commented 1 week ago

Resolves #4001

What is being addressed

Enable storage account infrastructure encryption.

Since storage account infrastructure encryption can only be turned on when a storage account is first created (unless you allow terraform to destroy the storage account and recreate it), this change is only applied on first deployment of a TRE (or a template component). Storage accounts that exist within an existing TRE deployment will not be affected.

The terraform pattern used to acheive this behaviour is as follows:

resource "azurerm_storage_account" "stg" {

  ... existing attributes ...

  # changing this value is destructive, hence attribute is in lifecycle.ignore_changes block below
  infrastructure_encryption_enabled = true

  lifecycle { ignore_changes = [infrastructure_encryption_enabled ] }
}
github-actions[bot] commented 1 week ago

Unit Test Results

0 tests   0 ✅  0s ⏱️ 0 suites  0 💤 0 files    0 ❌

Results for commit 522aaa7b.

yuvalyaron commented 5 days ago

@tamirkamara yes, they are compatible