Data Explorer Not Using Managed Identities
Description
Azure Data Explorer (or Kusto) is a fast and scalable data analytics service that makes it simple and cost-effective to explore and analyze all of your data. To ensure secure access to other Azure services, it's best practice to use managed identities, which offer a secure, Azure AD integrated method of authenticating to Azure services.
This policy checks that the Azure Data Explorer (Kusto) clusters are configured to use managed identities for secure access.
Code Example
terraform
resource "azurerm_kusto_cluster" "example" {
name = "example-cluster"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
# ... other configurations ...
+ identity {
+ type = "SystemAssigned" // Use managed identity
+ }
}Remediation
Terraform
Resource:
- azurerm_kusto_cluster
Argument:
- identity/[0]/type
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0688 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | Terraform, |
| Checkov ID | CKV_AZURE_181 |