加密vm azure备份的密钥保险库访问策略-Terraform_Azure_Encryption_Terraform_Backup_Azure Keyvault

加密vm azure备份的密钥保险库访问策略-Terraform

azure encryption terraform

加密vm azure备份的密钥保险库访问策略-Terraform,azure,encryption,terraform,backup,azure-keyvault,Azure,Encryption,Terraform,Backup,Azure Keyvault,我正在使用terraform部署azure infra。我有一个加密的虚拟机，但它的备份一直失败，原因如下： Azure备份服务没有足够的权限为加密虚拟机备份的Vault设置密钥我检查了文档，发现我必须为keyvault-azure备份创建访问策略 To set permissions: In the Azure portal, select All services, and search for Key vaults. Select the key vault associated

我正在使用terraform部署azure infra。我有一个加密的虚拟机，但它的备份一直失败，原因如下：

Azure备份服务没有足够的权限为加密虚拟机备份的Vault设置密钥

我检查了文档，发现我必须为keyvault-azure备份创建访问策略

To set permissions:

In the Azure portal, select All services, and search for Key vaults.

Select the key vault associated with the encrypted VM you're backing up.

Select Access policies > Add Access Policy.

Add access policy

In Add access policy > Configure from template (optional), select Azure Backup.

The required permissions are prefilled for Key permissions and Secret permissions.
If your VM is encrypted using BEK only, remove the selection for Key permissions since you only need permissions for secrets.

我如何在地形中做到这一点。找不到这方面的示例？

正如您提供的屏幕截图所示，当您选择Azure Backup时，它会选择主体备份管理服务并授予它必要的权限。在地形中，它应该是这样的：

resource "azurerm_key_vault_access_policy" "example" {
  key_vault_id = azurerm_key_vault.example.id

  tenant_id = "tenant_id"
  object_id = "Backup Management Service object Id"

  key_permissions = [
    "get",
    "list",
    "backup"
  ]

  secret_permissions = [
    "get",
    "list",
    "backup"
  ]
}

获取有关的更多详细信息。

谢谢。它需要UUID-一旦指定了对象ID（UUID），它就会工作。