Azure AKS cluster HTTP application routing enabled
Description
This policy detects whether ingress controllers in AKS clusters are configured to allow HTTP application routing. While convenient for development and testing within your AKS clusters, enabling HTTP application routing for production deployments can introduce security risks. Because publicly accessible DNS names are automatically created for application endpoints, using HTTP instead of HTTPS for these endpoints could expose sensitive data, as HTTP traffic is not encrypted.
Code Example
go
resource "azurerm_kubernetes_cluster" "example" {
...
- http_application_routing_enabled = true
+ http_application_routing_enabled = false
}Remediation
Terraform
- Resource: azurerm_kubernetes_cluster
- Arguments: http_application_routing_enabled
To mitigate this issue, set the `http_application_routing_enabled`` attribute to false in your Terraform configuration.
Example:
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0753 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, Terraform |
| Checkov ID | CKV_AZURE_246 |