Skip to content

azurermManagedDisk

Manages a managed disk.

Example Usage with Create Empty

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "example-resources",
  }
);
const azurermManagedDiskExample = new azurerm.managedDisk.ManagedDisk(
  this,
  "example_1",
  {
    create_option: "Empty",
    disk_size_gb: "1",
    location: azurermResourceGroupExample.location,
    name: "acctestmd",
    resource_group_name: azurermResourceGroupExample.name,
    storage_account_type: "Standard_LRS",
    tags: {
      environment: "staging",
    },
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermManagedDiskExample.overrideLogicalId("example");

Example Usage with Create Copy

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "example-resources",
  }
);
const azurermManagedDiskSource = new azurerm.managedDisk.ManagedDisk(
  this,
  "source",
  {
    create_option: "Empty",
    disk_size_gb: "1",
    location: azurermResourceGroupExample.location,
    name: "acctestmd1",
    resource_group_name: azurermResourceGroupExample.name,
    storage_account_type: "Standard_LRS",
    tags: {
      environment: "staging",
    },
  }
);
new azurerm.managedDisk.ManagedDisk(this, "copy", {
  create_option: "Copy",
  disk_size_gb: "1",
  location: azurermResourceGroupExample.location,
  name: "acctestmd2",
  resource_group_name: azurermResourceGroupExample.name,
  source_resource_id: azurermManagedDiskSource.id,
  storage_account_type: "Standard_LRS",
  tags: {
    environment: "staging",
  },
});

Argument Reference

The following arguments are supported:

  • name - (Required) Specifies the name of the Managed Disk. Changing this forces a new resource to be created.

  • resourceGroupName - (Required) The name of the Resource Group where the Managed Disk should exist. Changing this forces a new resource to be created.

  • location - (Required) Specified the supported Azure location where the resource exists. Changing this forces a new resource to be created.

  • storageAccountType - (Required) The type of storage to use for the managed disk. Possible values are standardLrs, standardSsdZrs, premiumLrs, premiumV2Lrs, premiumZrs, standardSsdLrs or ultraSsdLrs.

-> Note: Azure Ultra Disk Storage is only available in a region that support availability zones and can only enabled on the following VM series: eSv3, dSv3, fSv3, lSv2, m and mv2. For more information see the azureUltraDiskStorage product documentation.

  • createOption - (Required) The method to use when creating the managed disk. Changing this forces a new resource to be created. Possible values include:
  • import - Import a VHD file in to the managed disk (VHD specified with sourceUri).
  • importSecure - Securely import a VHD file in to the managed disk (VHD specified with sourceUri).
  • empty - Create an empty managed disk.
  • copy - Copy an existing managed disk or snapshot (specified with sourceResourceId).
  • fromImage - Copy a Platform Image (specified with imageReferenceId)
  • restore - Set by Azure Backup or Site Recovery on a restored disk (specified with sourceResourceId).
  • upload - Upload a VHD disk with the help of SAS URL (to be used with uploadSizeBytes).
  • diskEncryptionSetId - (Optional) The ID of a Disk Encryption Set which should be used to encrypt this Managed Disk. Conflicts with secureVmDiskEncryptionSetId.

\~> NOTE: The Disk Encryption Set must have the reader Role Assignment scoped on the Key Vault - in addition to an Access Policy to the Key Vault

\~> NOTE: Disk Encryption Sets are in Public Preview in a limited set of regions

  • diskIopsReadWrite - (Optional) The number of IOPS allowed for this disk; only settable for UltraSSD disks and PremiumV2 disks. One operation can transfer between 4k and 256k bytes.

  • diskMbpsReadWrite - (Optional) The bandwidth allowed for this disk; only settable for UltraSSD disks and PremiumV2 disks. MBps means millions of bytes per second.

  • diskIopsReadOnly - (Optional) The number of IOPS allowed across all VMs mounting the shared disk as read-only; only settable for UltraSSD disks and PremiumV2 disks with shared disk enabled. One operation can transfer between 4k and 256k bytes.

  • diskMbpsReadOnly - (Optional) The bandwidth allowed across all VMs mounting the shared disk as read-only; only settable for UltraSSD disks and PremiumV2 disks with shared disk enabled. MBps means millions of bytes per second.

  • uploadSizeBytes - (Optional) Specifies the size of the managed disk to create in bytes. Required when createOption is upload. The value must be equal to the source disk to be copied in bytes. Source disk size could be calculated with lsL or wcC. More information can be found at Copy a managed disk. Changing this forces a new resource to be created.

  • diskSizeGb - (Optional) (Optional, Required for a new managed disk) Specifies the size of the managed disk to create in gigabytes. If createOption is copy or fromImage, then the value must be equal to or greater than the source's size. The size can only be increased.

-> NOTE: In certain conditions the Data Disk size can be updated without shutting down the Virtual Machine, however only a subset of Virtual Machine SKUs/Disk combinations support this. More information can be found for Linux Virtual Machines and Windows Virtual Machines respectively.

\~> NOTE: If No Downtime Resizing is not available, be aware that changing this value is disruptive if the disk is attached to a Virtual Machine. The VM will be shut down and de-allocated as required by Azure to action the change. Terraform will attempt to start the machine again after the update if it was in a running state when the apply was started.

  • edgeZone - (Optional) Specifies the Edge Zone within the Azure Region where this Managed Disk should exist. Changing this forces a new Managed Disk to be created.

  • encryptionSettings - (Optional) A encryptionSettings block as defined below.

\~> NOTE: Removing encryptionSettings forces a new resource to be created.

  • hyperVGeneration - (Optional) The HyperV Generation of the Disk when the source of an import or copy operation targets a source that contains an operating system. Possible values are v1 and v2. For importSecure it must be set to v2. Changing this forces a new resource to be created.

  • imageReferenceId - (Optional) ID of an existing platform/marketplace disk image to copy when createOption is fromImage. This field cannot be specified if gallery_image_reference_id is specified. Changing this forces a new resource to be created.

  • galleryImageReferenceId - (Optional) ID of a Gallery Image Version to copy when createOption is fromImage. This field cannot be specified if image_reference_id is specified. Changing this forces a new resource to be created.

  • logicalSectorSize - (Optional) Logical Sector Size. Possible values are: 512 and 4096. Defaults to 4096. Changing this forces a new resource to be created.

\~> NOTE: Setting logical sector size is supported only with ultraSsdLrs disks and premiumV2Lrs disks.

  • osType - (Optional) Specify a value when the source of an import, importSecure or copy operation targets a source that contains an operating system. Valid values are linux or windows.

  • sourceResourceId - (Optional) The ID of an existing Managed Disk or Snapshot to copy when createOption is copy or the recovery point to restore when createOption is restore. Changing this forces a new resource to be created.

  • sourceUri - (Optional) URI to a valid VHD file to be used when createOption is import or importSecure. Changing this forces a new resource to be created.

  • storageAccountId - (Optional) The ID of the Storage Account where the sourceUri is located. Required when createOption is set to import or importSecure. Changing this forces a new resource to be created.

  • tier - (Optional) The disk performance tier to use. Possible values are documented here. This feature is currently supported only for premium SSDs.

\~> NOTE: Changing this value is disruptive if the disk is attached to a Virtual Machine. The VM will be shut down and de-allocated as required by Azure to action the change. Terraform will attempt to start the machine again after the update if it was in a running state when the apply was started.

  • maxShares - (Optional) The maximum number of VMs that can attach to the disk at the same time. Value greater than one indicates a disk that can be mounted on multiple VMs at the same time.

-> Note: Premium SSD maxShares limit: p15 and p20 disks: 2. p30,p40,p50 disks: 5. p60,p70,p80 disks: 10. For ultra disks the maxShares minimum value is 1 and the maximum is 5.

  • trustedLaunchEnabled - (Optional) Specifies if Trusted Launch is enabled for the Managed Disk. Changing this forces a new resource to be created.

-> Note: Trusted Launch can only be enabled when createOption is fromImage or import.

  • securityType - (Optional) Security Type of the Managed Disk when it is used for a Confidential VM. Possible values are confidentialVmVmGuestStateOnlyEncryptedWithPlatformKey, confidentialVmDiskEncryptedWithPlatformKey and confidentialVmDiskEncryptedWithCustomerKey. Changing this forces a new resource to be created.

\~> NOTE: When securityType is set to confidentialVmDiskEncryptedWithCustomerKey the value of createOption must be one of fromImage or importSecure.

\~> NOTE: securityType cannot be specified when trustedLaunchEnabled is set to true.

\~> NOTE: secureVmDiskEncryptionSetId must be specified when securityType is set to confidentialVmDiskEncryptedWithCustomerKey.

  • secureVmDiskEncryptionSetId - (Optional) The ID of the Disk Encryption Set which should be used to Encrypt this OS Disk when the Virtual Machine is a Confidential VM. Conflicts with diskEncryptionSetId. Changing this forces a new resource to be created.

\~> NOTE: secureVmDiskEncryptionSetId can only be specified when securityType is set to confidentialVmDiskEncryptedWithCustomerKey.

  • onDemandBurstingEnabled - (Optional) Specifies if On-Demand Bursting is enabled for the Managed Disk.

-> Note: Credit-Based Bursting is enabled by default on all eligible disks. More information on Credit-Based and On-Demand Bursting can be found in the documentation.

  • tags - (Optional) A mapping of tags to assign to the resource.

  • zone - (Optional) Specifies the Availability Zone in which this Managed Disk should be located. Changing this property forces a new resource to be created.

\~> Note: Availability Zones are only supported in select regions at this time.

  • networkAccessPolicy - (Optional) Policy for accessing the disk via network. Allowed values are allowAll, allowPrivate, and denyAll.

  • diskAccessId - (Optional) The ID of the disk access resource for using private endpoints on disks.

\~> Note: diskAccessId is only supported when networkAccessPolicy is set to allowPrivate.

  • publicNetworkAccessEnabled - (Optional) Whether it is allowed to access the disk via public network. Defaults to true.

For more information on managed disks, such as sizing options and pricing, please check out the Azure Documentation.

The diskEncryptionKey block supports:

  • secretUrl - (Required) The URL to the Key Vault Secret used as the Disk Encryption Key. This can be found as id on the azurermKeyVaultSecret resource.

  • sourceVaultId - (Required) The ID of the source Key Vault. This can be found as id on the azurermKeyVault resource.

The encryptionSettings block supports:

  • diskEncryptionKey - (Optional) A diskEncryptionKey block as defined above.

  • keyEncryptionKey - (Optional) A keyEncryptionKey block as defined below.

The keyEncryptionKey block supports:

  • keyUrl - (Required) The URL to the Key Vault Key used as the Key Encryption Key. This can be found as id on the azurermKeyVaultKey resource.

  • sourceVaultId - (Required) The ID of the source Key Vault. This can be found as id on the azurermKeyVault resource.

Attributes Reference

The following attributes are exported:

  • id - The ID of the Managed Disk.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 30 minutes) Used when creating the Managed Disk.
  • update - (Defaults to 30 minutes) Used when updating the Managed Disk.
  • read - (Defaults to 5 minutes) Used when retrieving the Managed Disk.
  • delete - (Defaults to 30 minutes) Used when deleting the Managed Disk.

Import

Managed Disks can be imported using the resourceId, e.g.

terraform import azurerm_managed_disk.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Compute/disks/manageddisk1