Ensure security group is assigned to Kubernetes cluster.
Description
This policy checks whether a security group is assigned to a Kubernetes cluster. Assigning a security group to a Kubernetes cluster is important because it helps control and restrict incoming and outgoing network traffic, enhancing the overall security posture of the cluster. Without a security group, the cluster may be exposed to unauthorized access, potentially leading to security breaches. By ensuring a security group is assigned, administrators can better manage access and reduce the risk of malicious activity.
Code Example
terraform
resource "yandex_kubernetes_cluster" "example" {
name = "example"
network_id = yandex_vpc_network.example.id
master {
security_group_ids = [yandex_vpc_security_group.example.id]
}
}Remediation
Assign a security group to the Kubernetes cluster by specifying the security_group_ids attribute in the yandex_kubernetes_cluster resource.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1347 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | yandex_kubernetes_cluster |
| Checkov ID | CKV_YC_14 |