Disk Storage

Azure Disk Sorage is a managed disk storage service that allows users to store and manage persistent data disks for virtual machines (VMs) running in Azure. It provides high-performance, durable, and scalable block-level storage for VMs, and can be used with both Windows and Linux operating systems. Azure Disk offers two types of disks: managed disks and unmanaged disks. Managed disks are Azure-managed and provide a simplified disk management experience, while unmanaged disks require users to manage the underlying storage account and disk objects. Managed disks provide several benefits, including automatic disk scaling, which allows users to increase or decrease the size of their disks without downtime, and automatic data replication, which ensures high durability and availability of the disks. Managed disks also support several disk types, including Standard HDD, Standard SSD, Premium SSD, and Ultra Disk, each with different performance characteristics and costs.‍

Terraform Name

azurerm_managed_disk

Disk Storage

attributes:

The following arguments are supported:

name - (Required) Specifies the name of the Managed Disk. Changing this forces a new resource to be created.
resource_group_name - (Required) The name of the Resource Group where the Managed Disk should exist. Changing this forces a new resource to be created.
location - (Required) Specified the supported Azure location where the resource exists. Changing this forces a new resource to be created.
storage_account_type - (Required) The type of storage to use for the managed disk. Possible values are Standard_LRS, StandardSSD_ZRS, Premium_LRS, PremiumV2_LRS, Premium_ZRS, StandardSSD_LRS or UltraSSD_LRS.

Note:

Azure Ultra Disk Storage is only available in a region that support availability zones and can only enabled on the following VM series: ESv3, DSv3, FSv3, LSv2, M and Mv2. For more information see the Azure Ultra Disk Storage product documentation.

create_option - (Required) The method to use when creating the managed disk. Changing this forces a new resource to be created. Possible values include:
Import - Import a VHD file in to the managed disk (VHD specified with source_uri).
ImportSecure - Securely import a VHD file in to the managed disk (VHD specified with source_uri).
Empty - Create an empty managed disk.
Copy - Copy an existing managed disk or snapshot (specified with source_resource_id).
FromImage - Copy a Platform Image (specified with image_reference_id)
Restore - Set by Azure Backup or Site Recovery on a restored disk (specified with source_resource_id).
Upload - Upload a VHD disk with the help of SAS URL (to be used with upload_size_bytes).

disk_encryption_set_id - (Optional) The ID of a Disk Encryption Set which should be used to encrypt this Managed Disk. Conflicts with secure_vm_disk_encryption_set_id.

NOTE:

The Disk Encryption Set must have the Reader Role Assignment scoped on the Key Vault - in addition to an Access Policy to the Key Vault

NOTE:

Disk Encryption Sets are in Public Preview in a limited set of regions

disk_iops_read_write - (Optional) The number of IOPS allowed for this disk; only settable for UltraSSD disks and PremiumV2 disks. One operation can transfer between 4k and 256k bytes.
disk_mbps_read_write - (Optional) The bandwidth allowed for this disk; only settable for UltraSSD disks and PremiumV2 disks. MBps means millions of bytes per second.
disk_iops_read_only - (Optional) The number of IOPS allowed across all VMs mounting the shared disk as read-only; only settable for UltraSSD disks and PremiumV2 disks with shared disk enabled. One operation can transfer between 4k and 256k bytes.
disk_mbps_read_only - (Optional) The bandwidth allowed across all VMs mounting the shared disk as read-only; only settable for UltraSSD disks and PremiumV2 disks with shared disk enabled. MBps means millions of bytes per second.
upload_size_bytes - (Optional) Specifies the size of the managed disk to create in bytes. Required when create_option is Upload. The value must be equal to the source disk to be copied in bytes. Source disk size could be calculated with ls -l or wc -c. More information can be found at Copy a managed disk. Changing this forces a new resource to be created.
disk_size_gb - (Optional) (Optional, Required for a new managed disk) Specifies the size of the managed disk to create in gigabytes. If create_option is Copy or FromImage, then the value must be equal to or greater than the source's size. The size can only be increased.

NOTE:

In certain conditions the Data Disk size can be updated without shutting down the Virtual Machine, however only a subset of Virtual Machine SKUs/Disk combinations support this. More information can be found for Linux Virtual Machines and Windows Virtual Machines respectively.

NOTE:

If No Downtime Resizing is not available, be aware that changing this value is disruptive if the disk is attached to a Virtual Machine. The VM will be shut down and de-allocated as required by Azure to action the change. Terraform will attempt to start the machine again after the update if it was in a running state when the apply was started.

edge_zone - (Optional) Specifies the Edge Zone within the Azure Region where this Managed Disk should exist. Changing this forces a new Managed Disk to be created.
encryption_settings - (Optional) A encryption_settings block as defined below.

NOTE:

Removing encryption_settings forces a new resource to be created.

hyper_v_generation - (Optional) The HyperV Generation of the Disk when the source of an Import or Copy operation targets a source that contains an operating system. Possible values are V1 and V2. For ImportSecure it must be set to V2. Changing this forces a new resource to be created.
image_reference_id - (Optional) ID of an existing platform/marketplace disk image to copy when create_option is FromImage. This field cannot be specified if gallery_image_reference_id is specified. Changing this forces a new resource to be created.
gallery_image_reference_id - (Optional) ID of a Gallery Image Version to copy when create_option is FromImage. This field cannot be specified if image_reference_id is specified. Changing this forces a new resource to be created.
logical_sector_size - (Optional) Logical Sector Size. Possible values are: 512 and 4096. Defaults to 4096. Changing this forces a new resource to be created.

NOTE:

Setting logical sector size is supported only with UltraSSD_LRS disks and PremiumV2_LRS disks.

os_type - (Optional) Specify a value when the source of an Import, ImportSecure or Copy operation targets a source that contains an operating system. Valid values are Linux or Windows.
source_resource_id - (Optional) The ID of an existing Managed Disk or Snapshot to copy when create_option is Copy or the recovery point to restore when create_option is Restore. Changing this forces a new resource to be created.
source_uri - (Optional) URI to a valid VHD file to be used when create_option is Import or ImportSecure. Changing this forces a new resource to be created.
storage_account_id - (Optional) The ID of the Storage Account where the source_uri is located. Required when create_option is set to Import or ImportSecure. Changing this forces a new resource to be created.
tier - (Optional) The disk performance tier to use. Possible values are documented here. This feature is currently supported only for premium SSDs.

NOTE:

Changing this value is disruptive if the disk is attached to a Virtual Machine. The VM will be shut down and de-allocated as required by Azure to action the change. Terraform will attempt to start the machine again after the update if it was in a running state when the apply was started.

max_shares - (Optional) The maximum number of VMs that can attach to the disk at the same time. Value greater than one indicates a disk that can be mounted on multiple VMs at the same time.

Note:

Premium SSD maxShares limit: P15 and P20 disks: 2. P30,P40,P50 disks: 5. P60,P70,P80 disks: 10. For ultra disks the max_shares minimum value is 1 and the maximum is 5.

trusted_launch_enabled - (Optional) Specifies if Trusted Launch is enabled for the Managed Disk. Changing this forces a new resource to be created.

Note:

Trusted Launch can only be enabled when create_option is FromImage or Import.

security_type - (Optional) Security Type of the Managed Disk when it is used for a Confidential VM. Possible values are ConfidentialVM_VMGuestStateOnlyEncryptedWithPlatformKey, ConfidentialVM_DiskEncryptedWithPlatformKey and ConfidentialVM_DiskEncryptedWithCustomerKey. Changing this forces a new resource to be created.

NOTE:

When security_type is set to ConfidentialVM_DiskEncryptedWithCustomerKey the value of create_option must be one of FromImage or ImportSecure.

NOTE:

security_type cannot be specified when trusted_launch_enabled is set to true.

NOTE:

secure_vm_disk_encryption_set_id must be specified when security_type is set to ConfidentialVM_DiskEncryptedWithCustomerKey.

secure_vm_disk_encryption_set_id - (Optional) The ID of the Disk Encryption Set which should be used to Encrypt this OS Disk when the Virtual Machine is a Confidential VM. Conflicts with disk_encryption_set_id. Changing this forces a new resource to be created.

NOTE:

secure_vm_disk_encryption_set_id can only be specified when security_type is set to ConfidentialVM_DiskEncryptedWithCustomerKey.

on_demand_bursting_enabled - (Optional) Specifies if On-Demand Bursting is enabled for the Managed Disk.

Note:

Credit-Based Bursting is enabled by default on all eligible disks. More information on Credit-Based and On-Demand Bursting can be found in the documentation.

tags - (Optional) A mapping of tags to assign to the resource.
zone - (Optional) Specifies the Availability Zone in which this Managed Disk should be located. Changing this property forces a new resource to be created.

Note:

Availability Zones are only supported in select regions at this time.

network_access_policy - (Optional) Policy for accessing the disk via network. Allowed values are AllowAll, AllowPrivate, and DenyAll.
disk_access_id - (Optional) The ID of the disk access resource for using private endpoints on disks.

Note:

disk_access_id is only supported when network_access_policy is set to AllowPrivate.

public_network_access_enabled - (Optional) Whether it is allowed to access the disk via public network. Defaults to true.

For more information on managed disks, such as sizing options and pricing, please check out the Azure Documentation.

The disk_encryption_key block supports:

secret_url - (Required) The URL to the Key Vault Secret used as the Disk Encryption Key. This can be found as id on the azurerm_key_vault_secret resource.
source_vault_id - (Required) The ID of the source Key Vault. This can be found as id on the azurerm_key_vault resource.

The encryption_settings block supports:

disk_encryption_key - (Optional) A disk_encryption_key block as defined above.
key_encryption_key - (Optional) A key_encryption_key block as defined below.

The key_encryption_key block supports:

key_url - (Required) The URL to the Key Vault Key used as the Key Encryption Key. This can be found as id on the azurerm_key_vault_key resource.
source_vault_id - (Required) The ID of the source Key Vault. This can be found as id on the azurerm_key_vault resource.

‍

Associating resources with a

Disk Storage

Resources do not "belong" to a

Disk Storage

Rather, one or more Security Groups are associated to a resource.

Create

Disk Storage

via Terraform:

The following HCL manages a managed disk

Syntax:

resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}

resource "azurerm_managed_disk" "example" {
name = "acctestmd"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
storage_account_type = "Standard_LRS"
create_option = "Empty"
disk_size_gb = "1"

tags = {
environment = "staging"
}
}

Create

Disk Storage

via CLI:

Parametres:

az disk create --name
--resource-group
[--accelerated-network {false, true}]
[--architecture {Arm64, x64}]
[--data-access-auth-mode {AzureActiveDirectory, None}]
[--disk-access]
[--disk-encryption-set]
[--disk-iops-read-only]
[--disk-iops-read-write]
[--disk-mbps-read-only]
[--disk-mbps-read-write]
[--edge-zone]
[--enable-bursting {false, true}]
[--encryption-type {EncryptionAtRestWithCustomerKey, EncryptionAtRestWithPlatformAndCustomerKeys, EncryptionAtRestWithPlatformKey}]
[--gallery-image-reference]
[--gallery-image-reference-lun]
[--hyper-v-generation {V1, V2}]
[--image-reference]
[--image-reference-lun]
[--location]
[--logical-sector-size]
[--max-shares]
[--network-access-policy {AllowAll, AllowPrivate, DenyAll}]
[--no-wait]
[--os-type {Linux, Windows}]
[--performance-plus {false, true}]
[--public-network-access {Disabled, Enabled}]
[--secure-vm-disk-encryption-set]
[--security-data-uri]
[--security-type {ConfidentialVM_DiskEncryptedWithCustomerKey, ConfidentialVM_DiskEncryptedWithPlatformKey, ConfidentialVM_VMGuestStateOnlyEncryptedWithPlatformKey, TrustedLaunch}]
[--size-gb]
[--sku {PremiumV2_LRS, Premium_LRS, Premium_ZRS, StandardSSD_LRS, StandardSSD_ZRS, Standard_LRS, UltraSSD_LRS}]
[--source]
[--source-storage-account-id]
[--support-hibernation {false, true}]
[--tags]
[--tier]
[--upload-size-bytes]
[--upload-type {Upload, UploadWithSecurityData}]
[--zone {1, 2, 3}]

Disk Storage

Terraform Name

Costs

Indirect Cost