Azure AKS enable role-based access control (RBAC) not enforced

Description

AKS can be configured to use Azure Active Directory (AD) and Kubernetes Role-based Access Control (RBAC). RBAC is designed to work on resources within your AKS clusters. With RBAC, you can create a role definition that outlines the permissions to be applied. A user or group is then assigned this role definition for a particular scope, which could be an individual resource, a resource group, or across the subscription. We recommend you sign in to an AKS cluster using an Azure AD authentication token and configure Kubernetes RBAC. This will limit access to cluster resources based a user's identity or group membership.

Code Example

resource "azurerm_kubernetes_cluster" "pike" {
...
+ role_based_access_control_enabled = true
...
}

Remediation

Terraform

Resource: azurerm_kubernetes_cluster Argument: role_based_access_control_enabled

Rule Details

Field	Value
ID	IAC-0516
Severity	MEDIUM
IaC Type	arm
Frameworks	ARM, Terraform, Bicep, TerraformPlan
Checkov ID	CKV_AZURE_5

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Azure AKS enable role-based access control (RBAC) not enforced

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Azure AKS enable role-based access control (RBAC) not enforced ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Azure AKS enable role-based access control (RBAC) not enforced

Description

Code Example

Remediation

Rule Details

References