Detections
Analytics

Ensure that logging to Azure Monitoring is configured for Azure Kubernetes Cluster

MEDIUM

Description

Disabling Azure Monitoring services for Azure Kubernetes Cluster may make audit challenging.

Remediation

Enabling Container Insights for AKS requires several prerequisites. For the complete guide on how to prepare for, and use, Container Insights, see the Azure documentation (below).

In Terraform -

  1. In the azurerm_kubernetes_cluster resource, create an addon_profile block that contains an oms_agent block.
  2. Set the field oms_agent.log_analytics_workspace_id to the appropriate ID (as created through the Azure guide).

References:
https://learn.microsoft.com/en-us/azure/azure-monitor/containers/container-insights-enable-aks
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster

Policy Details

Rule Reference ID: AC_AZURE_0291
CSP: Azure
Remediation Available: Yes
Domain: Logging and Monitoring
Resource: azurerm_kubernetes_cluster
Resource Category: Compute
Resource Type: Azure Kubernetes Service (AKS)

Frameworks