Detections
Analytics

Ensure that private cluster is enabled for Azure Kubernetes Cluster

MEDIUM

Description

Azure Kubernetes Cluster with public API may remain open to unauthorized access.

Remediation

Once a cluster has been created, the private cluster settings cannot be changed. To create a private cluster, follow the steps below.

In Azure Console -

  1. Open the Azure Portal and go to Kubernetes Services.
  2. Click the Create button and select Create a Kubernetes Cluster.
  3. Configure as needed. On the Networking tab, under Security, check the box for Enable private cluster.

In Terraform -

  1. In the azurerm_kubernetes_cluster resource, set the field private_cluster_enabled to true.

References:
https://learn.microsoft.com/en-us/azure/aks/private-clusters
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster

Policy Details

Rule Reference ID: AC_AZURE_0160
CSP: Azure
Remediation Available: Yes
Domain: Infrastructure Security
Resource: azurerm_kubernetes_cluster
Resource Category: Compute
Resource Type: Azure Kubernetes Service (AKS)

Frameworks