Ensure security group is assigned to Kubernetes node group.
Description
This policy checks whether a security group is assigned to a Kubernetes node group. Assigning a security group to a node group is crucial for controlling inbound and outbound network traffic, ensuring the security and isolation of the cluster. Without a security group, the node group may be exposed to unauthorized access, potentially leading to security breaches. It is essential to assign a security group to restrict traffic and maintain the security posture of the Kubernetes cluster.
Code Example
terraform
resource "yandex_kubernetes_node_group" "example" {
instance_template {
network_interface {
security_group_ids = [yandex_vpc_security_group.example.id]
}
}
}Remediation
Assign a security group to the Kubernetes node group by specifying the security_group_ids attribute in the instance_template block of the yandex_kubernetes_node_group resource.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1348 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | yandex_kubernetes_node_group |
| Checkov ID | CKV_YC_15 |