Ensure NKS control plane logging enabled for all log types
Description
This policy checks whether NKS control plane logging is enabled for all log types, specifically audit logs. Enabling logging for all log types is crucial for monitoring and troubleshooting purposes, as well as for security and compliance requirements. Without logging, it may be difficult to detect and respond to security incidents. By ensuring that logging is enabled, organizations can improve their overall security posture and reduce the risk of undetected security breaches.
Code Example
terraform
resource "ncloud_nks_cluster" "example" {
log {
audit {
enabled = true
}
}
}Remediation
Enable NKS control plane logging for all log types, including audit logs, by setting the 'log/0/audit/0' property to 'true' or a similar configuration that enables logging.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1223 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | ncloud_nks_cluster, ncloud_route_table, ncloud_subnet |
| Checkov ID | CKV_NCP_22 |