Update Terraform variables to include instructions for enabling host-…

…level encryption using Azure CLI
Azure · May 14, 2024 · 7b30be0 · 7b30be0
1 parent 2511ca8
commit 7b30be0
Show file tree

Hide file tree

Showing 5 changed files with 7 additions and 9 deletions.
diff --git a/docs/reference-implementation/Getting-Started-CLI.md b/docs/reference-implementation/Getting-Started-CLI.md
@@ -137,6 +137,8 @@ All pipelines require an Azure DevOps service connection to access the target Az
 
 > **Important!** The AAD Service Principal needs **subscription-level owner permissions** as the pipeline will create various role assignments.
 
+> **Important!** Azure Mission-Critical is using host-level encryption compute. This feature needs to be manually registered in each subscription. See [Use the Azure CLI to enable end-to-end encryption using encryption at host](https://learn.microsoft.com/en-us/azure/virtual-machines/linux/disks-enable-host-based-encryption-cli) for more.
+
 You need to repeat these steps for each of the environments that you want to create. But you can also only start with one for now. If so, we recommend to start with `e2e`.
 
 ```powershell

diff --git a/docs/reference-implementation/Getting-Started.md b/docs/reference-implementation/Getting-Started.md
@@ -46,7 +46,6 @@ To deploy the Azure Mission-Critical reference implementation, you need to creat
 
 - [Create an organization or project collection](https://learn.microsoft.com/azure/devops/organizations/accounts/create-organization?view=azure-devops)
 
-
 #### Create a new Azure DevOps project
 
 Once you have created an Azure DevOps organization, you can create a new project in that organization. Go to the Azure DevOps portal, select the desired Organization and Click on "+ New Project" in the upper right hand corner.
@@ -123,6 +122,8 @@ All pipelines require an Azure DevOps service connection to access the target Az
 
 > **Important!** The AAD Service Principal needs **subscription-level owner permissions** as the pipeline will create various role assignments.
 
+> **Important!** Azure Mission-Critical is using host-level encryption compute. This feature needs to be manually registered in each subscription. See [Use the Azure CLI to enable end-to-end encryption using encryption at host](https://learn.microsoft.com/en-us/azure/virtual-machines/linux/disks-enable-host-based-encryption-cli) for more.
+
 You need to repeat these steps for each of the environments that you want to create. But you can also only start with one for now. If so, we recommend to start with `e2e`.
 
 ```powershell
@@ -185,7 +186,7 @@ Modify the respective file for the environment which you want to deploy. At leas
 | Required to modify | Key | Description | Sample value |
 | --- | --- | --- | --- |
 | **YES** | prefix | Custom prefix used for Azure resources. **Must not be longer than 6 characters!** | mye2e |
-| **YES** | contactEmail | E-mail alias used for alerting. **Be careful which address you put in here as it will potentially receive a lot of notification emails** | alwaysonappnet@example.com |
+| **YES** | contactEmail | E-mail alias used for alerting. **Be careful which address you put in here as it will potentially receive a lot of notification emails** | `alwaysonappnet@example.com` |
 | NO | terraformResourceGroup | Resource Group where the Terraform state Storage account will be deployed | terraformstate-rg |
 | NO | stampLocations | List of locations (Azure Regions) where this environment will be deployed into. You can keep the default to start with.  | ["northeurope", "eastus2"] |
 | NO | envDnsZoneRG | OPTIONAL: Name of the Azure Resource group which holds the Azure DNS Zone for your custom domain. Not required if you do not plan to use a custom DNS name | mydns-rg |
@@ -195,7 +196,6 @@ Modify the respective file for the environment which you want to deploy. At leas
 
 For more details on the variables, you can consult [this guide](/.ado/pipelines/README.md#configuration-files).
 
-
 ### 7) Execute the first deployment
 
 After completing all previous steps in this guide, you can start executing the pipelines to spin up the infrastructure.

diff --git a/src/infra/workload/releaseunit/main.tf b/src/infra/workload/releaseunit/main.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "3.97.1"
+      version = "3.101.0"
     }
     azapi = {
       source  = "Azure/azapi"

diff --git a/src/infra/workload/releaseunit/modules/stamp/main.tf b/src/infra/workload/releaseunit/modules/stamp/main.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "3.97.1"
+      version = "3.101.0"
     }
     azapi = {
       source  = "Azure/azapi"

diff --git a/src/infra/workload/releaseunit/stamp.tf b/src/infra/workload/releaseunit/stamp.tf
@@ -57,8 +57,4 @@ module "stamp" {
   alerts_enabled       = var.alerts_enabled
   api_key              = random_password.api_key.result
   ai_adaptive_sampling = var.ai_adaptive_sampling
-
-  depends_on = [ 
-    azurerm_resource_provider_registration.compute
-  ]
 }