Shielded GKE Nodes Disabled

• Query id: 579a0727-9c29-4d58-8195-fc5802a8bdb4
• Query name: Shielded GKE Nodes Disabled
• Platform: Terraform
• Severity: Medium
• Category: Insecure Configurations
• URL: Github

Description

GKE cluster nodes must be launched with Shielded VM enabled, which means the attribute 'enable_shielded_nodes' must be set to 'true'.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file

resource "google_container_cluster" "false" {
  name                  = "my-gke-cluster"
  location              = "us-central1"
  enable_shielded_nodes = false
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

resource "google_container_cluster" "negative1" {
  name                  = "my-gke-cluster"
  location              = "us-central1"
  enable_shielded_nodes = true
}