Azure Machine Learning Compute Cluster Local Authentication is enabled
Description
Disabling local authentication for Azure Machine Learning Compute Clusters can help improve the security of your clusters. Local authentication allows users to access the cluster using a local account and password, rather than an Azure Active Directory (Azure AD) account.
//=== Fix - Runtime
//CLI Command
Code Example
go
resource "azurerm_machine_learning_compute_cluster" "ckv_unittest_pass" {
name = "example"
location = "West Europe"
vm_priority = "LowPriority"
vm_size = "Standard_DS2_v2"
machine_learning_workspace_id = azurerm_machine_learning_workspace.example.id
local_auth_enabled = false
scale_settings {
min_node_count = 0
max_node_count = 1
scale_down_nodes_after_idle_duration = "PT30S" # 30 seconds
}
identity {
type = "SystemAssigned"
}
}Remediation
//CLI Command
=== Fix - Buildtime
Terraform
- Resource: azurerm_machine_learning_compute_cluster
- Arguments: local_auth_enabled
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0649 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_AZURE_142 |