Operating system disks are not ephemeral disks
Description
This policy checks if ephemeral disks are being used for Operating System (OS) disks in Azure. The use of ephemeral disks for OS disks has several benefits including improved read/write speeds and reduced costs, as they are directly attached to the virtual machine and are not billed separately. Not using ephemeral disks could lead to slower application performance and increased costs.
Code Example
hcl
resource "azurerm_kubernetes_cluster" "example" {
...
default_node_pool {
...
os_disk_type = "Ephemeral"
...
}
...
}Remediation
Terraform
- Resource: azurerm_kubernetes_cluster
- Arguments: default_node_pool.os_disk_type
To fix the issue, you should use ephemeral disks for OS disks in your Kubernetes configuration. This would mean using the azure provider in your Terraform plan to ensure that you are specifying the OS disk to be ephemeral.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0733 |
| Severity | MEDIUM |
| IaC Type | arm |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AZURE_226 |