azurermStorageEncryptionScope
Manages a Storage Encryption Scope.
\~> Note: Storage Encryption Scopes are in Preview more information can be found here.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "West Europe",
name: "example-resources",
}
);
const azurermStorageAccountExample = new azurerm.storageAccount.StorageAccount(
this,
"example_1",
{
account_replication_type: "LRS",
account_tier: "Standard",
identity: [
{
type: "SystemAssigned",
},
],
location: azurermResourceGroupExample.location,
name: "examplesa",
resource_group_name: azurermResourceGroupExample.name,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageAccountExample.overrideLogicalId("example");
const azurermStorageEncryptionScopeExample =
new azurerm.storageEncryptionScope.StorageEncryptionScope(this, "example_2", {
name: "microsoftmanaged",
source: "Microsoft.Storage",
storage_account_id: azurermStorageAccountExample.id,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageEncryptionScopeExample.overrideLogicalId("example");
Arguments Reference
The following arguments are supported:
-
name
- (Required) The name which should be used for this Storage Encryption Scope. Changing this forces a new Storage Encryption Scope to be created. -
source
- (Required) The source of the Storage Encryption Scope. Possible values aremicrosoftKeyVault
andmicrosoftStorage
. -
storageAccountId
- (Required) The ID of the Storage Account where this Storage Encryption Scope is created. Changing this forces a new Storage Encryption Scope to be created. -
infrastructureEncryptionRequired
- (Optional) Is a secondary layer of encryption with Platform Managed Keys for data applied? Changing this forces a new resource to be created.
keyVaultKeyId
- (Optional) The ID of the Key Vault Key. Required whensource
ismicrosoftKeyVault
.
Attributes Reference
In addition to the Arguments listed above - the following Attributes are exported:
id
- The ID of the Storage Encryption Scope.
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 30 minutes) Used when creating the Storage Encryption Scope.read
- (Defaults to 5 minutes) Used when retrieving the Storage Encryption Scope.update
- (Defaults to 30 minutes) Used when updating the Storage Encryption Scope.delete
- (Defaults to 30 minutes) Used when deleting the Storage Encryption Scope.
Import
Storage Encryption Scopes can be imported using the resourceId
, e.g.