AKS Uses Azure Policies Add-On Disabled
- Query id: 43789711-161b-4708-b5bb-9d1c626f7492
- Query name: AKS Uses Azure Policies Add-On Disabled
- Platform: Terraform
- Severity: Low
- Category: Best Practices
- URL: Github
Description¶
Azure Container Service (AKS) should use Azure Policies Add-On
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "azurerm_kubernetes_cluster" "positive1" {
name = "example-aks1"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
dns_prefix = "exampleaks1"
addon_profile {
azure_policy {
enabled = false
}
}
}
Positive test num. 2 - tf file
resource "azurerm_kubernetes_cluster" "positive2" {
name = "example-aks1"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
dns_prefix = "exampleaks1"
azure_policy_enabled = false
}
Positive test num. 3 - tf file
resource "azurerm_kubernetes_cluster" "positive3" {
name = "example-aks1"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
dns_prefix = "exampleaks1"
addon_profile {}
}