AKS Doesn't Use the Paid SKU for its SLA
Description
For production-grade Azure Kubernetes Service (AKS) deployments, it's recommended to use the Paid SKU to enable an Uptime SLA for the control plane components. The Uptime SLA ensures availability and redundancy for your AKS cluster, making it more resilient to outages.
This policy checks to make sure that AKS clusters are configured to use the "Standard" SKU tier, which includes the Uptime SLA.
Code Example
terraform
resource "azurerm_kubernetes_cluster" "example" {
name = "example-aks1"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
+ sku_tier = "Standard"
default_node_pool {
name = "default"
node_count = 1
vm_size = "Standard_D2_v2"
}
identity {
type = "SystemAssigned"
}
tags = {
Environment = "production"
}
}Remediation
Terraform
- Resource: azurerm_kubernetes_cluster
- Arguments: sku_tier
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0677 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, |
| Checkov ID | CKV_AZURE_170 |