Control: Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK)
Description
Ensure that unattached disks in a subscription are encrypted with a Customer Managed Key (CMK).
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.compute_unattached_disk_encrypted_with_cmkSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.compute_unattached_disk_encrypted_with_cmk --shareSQL
This control uses a named query:
select disk.id as resource, case when encryption_type = 'EncryptionAtRestWithCustomerKey' then 'ok' else 'alarm' end as status, case when encryption_type = 'EncryptionAtRestWithCustomerKey' then disk.name || ' encrypted with CMK.' else disk.name || ' not encrypted with CMK.' end as reason , disk.resource_group as resource_group , sub.display_name as subscriptionfrom azure_compute_disk disk, azure_subscription subwhere disk_state != 'Attached' and sub.subscription_id = disk.subscription_id;