Ensure Tencent Cloud TKE cluster is not assigned a public IP address
Description
This policy checks whether a Tencent Cloud TKE cluster is assigned a public IP address. Assigning a public IP address to a TKE cluster can expose it to the internet, increasing the risk of unauthorized access and potential security breaches. It's essential to ensure that TKE clusters are not unnecessarily exposed to the public internet. By not assigning a public IP address, the risk of external attacks and data breaches can be significantly reduced.
Code Example
terraform
resource "tencentcloud_kubernetes_cluster" "example" {
master_config {
public_ip_assigned = false
}
worker_config {
public_ip_assigned = false
}
}Remediation
Ensure the TKE cluster does not have a public IP address assigned by setting 'public_ip_assigned' to false or omitting 'internet_max_bandwidth_out' for both master and worker configurations.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1324 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | tencentcloud_kubernetes_cluster |
| Checkov ID | CKV_TC_7 |