Azure Data Explorer without SLA
Description
Azure Data Explorer is a fast, fully managed data analytics service for real-time analysis on large volumes of data streaming from applications, websites, IoT devices, and more. Service Level Agreements (SLA) ensure that services are up and running. Using SKUs without an SLA may introduce risks in terms of availability.
This policy checks that the Azure Data Explorer cluster does not use a SKU which lacks an SLA.
Code Example
terraform
resource "azurerm_kusto_cluster" "example" {
name = "example-cluster"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
# ... other configurations ...
- sku {
- name = "Dev(No SLA)_Standard_D11_v2" // Not recommended
- capacity = 2
- }
+ sku {
+ name = "Standard_D13_v2" // Use a SKU with an SLA
+ capacity = 2
+ }
}Remediation
Terraform
Resource:
- azurerm_kusto_cluster
Argument:
- sku/[0]/name
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0687 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, |
| Checkov ID | CKV_AZURE_180 |