AKS cluster not encrypting temp disks, caches, and data flows

Description

This policy checks to verify if the Azure Kubernetes Service (AKS) cluster encrypts temporary disks, caches, and data flows. It's bad not to have encryption because it can lead to unauthorized data access or data loss. Encrypting these disk resources ensures that all data is unreadable by anyone without the correct encryption key, thereby mitigating risks related to data confidentiality and integrity. Without such a policy in place, sensitive data might be exposed to potential threats, making the system vulnerable to harmful security breaches.

Code Example

resource "azurerm_kubernetes_cluster" "example" {
  ...
  default_node_pool {
+   enable_host_encryption = true
    ...
  }
}

Remediation

Terraform

Resource: azurerm_kubernetes_cluster
Arguments: default_node_pool.enable_host_encryption

Rule Details

Field	Value
ID	IAC-0734
Severity	HIGH
IaC Type	arm
Frameworks	Terraform, TerraformPlan
Checkov ID	CKV_AZURE_227

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

AKS cluster not encrypting temp disks, caches, and data flows

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

AKS cluster not encrypting temp disks, caches, and data flows ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

AKS cluster not encrypting temp disks, caches, and data flows

Description

Code Example

Remediation

Rule Details

References