Complete the code to create an Azure Key Vault resource by setting the name property.
resource "azurerm_key_vault" "example" { location = "eastus" resource_group_name = "example-rg" [1] = "example-vault" }
The name property sets the name of the Key Vault resource. It is required to identify the vault.
Complete the code to specify the SKU name for the Key Vault.
resource "azurerm_key_vault" "example" { name = "example-vault" location = "eastus" resource_group_name = "example-rg" sku_name = [1] }
The SKU name "standard" is the common SKU for Azure Key Vaults. It defines the pricing tier.
Fix the error in the access policy block to correctly assign tenant ID.
resource "azurerm_key_vault" "example" { name = "example-vault" location = "eastus" resource_group_name = "example-rg" sku_name = "standard" access_policy { tenant_id = [1] object_id = "00000000-0000-0000-0000-000000000000" key_permissions = ["get", "list"] } }
The tenant ID should be referenced as a variable with var.tenantId to correctly pass its value.
Fill both blanks to define the network ACLs to allow access only from a specific subnet.
resource "azurerm_key_vault" "example" { name = "example-vault" location = "eastus" resource_group_name = "example-rg" sku_name = "standard" network_acls { default_action = [1] virtual_network_subnet_ids = [[2]] } }
The default_action should be set to "Deny" to block all except allowed subnets. The virtual_network_subnet_ids must be the full resource ID of the subnet.
Fill all three blanks to configure Key Vault with soft delete enabled, purge protection enabled, and a proper tenant ID.
resource "azurerm_key_vault" "example" { name = "example-vault" location = "eastus" resource_group_name = "example-rg" sku_name = "standard" tenant_id = [1] soft_delete_enabled = [2] purge_protection_enabled = [3] }
The tenant_id should be referenced as var.tenantId. Both soft_delete_enabled and purge_protection_enabled should be set to true to enable these important security features.