Beta - Kubernetes Cluster Managed Identity Disabled
- Query id: 9b0140d1-50c1-4deb-ba58-472315c7a1ae
- Query name: Beta - Kubernetes Cluster Managed Identity Disabled
- Platform: Terraform
- Severity: Medium
- Category: Insecure Configurations
- CWE: 522
- Risk score: 3.0
- URL: Github
Description¶
Kubernetes Clusters should have managed identity enabled
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "azurerm_kubernetes_cluster" "positive" {
name = "example-aks1"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
dns_prefix = "exampleaks1"
default_node_pool {
name = "default"
node_count = 1
vm_size = "Standard_D2_v2"
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "azurerm_kubernetes_cluster" "negative1" {
name = "example-aks1"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
dns_prefix = "exampleaks1"
default_node_pool {
name = "default"
node_count = 1
vm_size = "Standard_D2_v2"
}
identity {
type = "SystemAssigned"
}
}
Negative test num. 2 - tf file
resource "azurerm_kubernetes_cluster" "negative2" {
name = "example-aks1"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
dns_prefix = "exampleaks1"
default_node_pool {
name = "default"
node_count = 1
vm_size = "Standard_D2_v2"
}
identity {
type = "UserAssigned"
}
}