AKS Disk Encryption Set ID Undefined
- Query id: b17d8bb8-4c08-4785-867e-cb9e62a622aa
- Query name: AKS Disk Encryption Set ID Undefined
- Platform: Terraform
- Severity: Medium
- Category: Encryption
- URL: Github
Description¶
Azure Container Service (AKS) should use Disk Encryption Set ID in supported types of disk
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "azurerm_kubernetes_cluster" "positive" {
name = "example-aks1"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
dns_prefix = "exampleaks1"
default_node_pool {
name = "default"
node_count = 1
vm_size = "Standard_D2_v2"
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "azurerm_kubernetes_cluster" "negative" {
name = "example-aks1"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
dns_prefix = "exampleaks1"
disk_encryption_set_id = "id"
default_node_pool {
name = "default"
node_count = 1
vm_size = "Standard_D2_v2"
}
}
resource "azurerm_kubernetes_cluster" "negative" {
name = "example-aks1"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
dns_prefix = "exampleaks1"
default_node_pool {
name = "default"
node_count = 1
vm_size = "Standard_D2_v2"
os_disk_type = "Ephemeral"
}
}