Skip to content

azurermStorageEncryptionScope

Manages a Storage Encryption Scope.

\~> Note: Storage Encryption Scopes are in Preview more information can be found here.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "example-resources",
  }
);
const azurermStorageAccountExample = new azurerm.storageAccount.StorageAccount(
  this,
  "example_1",
  {
    account_replication_type: "LRS",
    account_tier: "Standard",
    identity: [
      {
        type: "SystemAssigned",
      },
    ],
    location: azurermResourceGroupExample.location,
    name: "examplesa",
    resource_group_name: azurermResourceGroupExample.name,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageAccountExample.overrideLogicalId("example");
const azurermStorageEncryptionScopeExample =
  new azurerm.storageEncryptionScope.StorageEncryptionScope(this, "example_2", {
    name: "microsoftmanaged",
    source: "Microsoft.Storage",
    storage_account_id: azurermStorageAccountExample.id,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageEncryptionScopeExample.overrideLogicalId("example");

Arguments Reference

The following arguments are supported:

  • name - (Required) The name which should be used for this Storage Encryption Scope. Changing this forces a new Storage Encryption Scope to be created.

  • source - (Required) The source of the Storage Encryption Scope. Possible values are microsoftKeyVault and microsoftStorage.

  • storageAccountId - (Required) The ID of the Storage Account where this Storage Encryption Scope is created. Changing this forces a new Storage Encryption Scope to be created.

  • infrastructureEncryptionRequired - (Optional) Is a secondary layer of encryption with Platform Managed Keys for data applied? Changing this forces a new resource to be created.

  • keyVaultKeyId - (Optional) The ID of the Key Vault Key. Required when source is microsoftKeyVault.

Attributes Reference

In addition to the Arguments listed above - the following Attributes are exported:

  • id - The ID of the Storage Encryption Scope.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 30 minutes) Used when creating the Storage Encryption Scope.
  • read - (Defaults to 5 minutes) Used when retrieving the Storage Encryption Scope.
  • update - (Defaults to 30 minutes) Used when updating the Storage Encryption Scope.
  • delete - (Defaults to 30 minutes) Used when deleting the Storage Encryption Scope.

Import

Storage Encryption Scopes can be imported using the resourceId, e.g.

terraform import azurerm_storage_encryption_scope.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Storage/storageAccounts/account1/encryptionScopes/scope1