Ensure Azure AKS enable RBAC is enforced

Error: Azure AKS enable RBAC not enforced

Bridgecrew Policy ID: BC_AZR_KUBERNETES_2
Checkov Check ID: CKV_AZURE_5
Severity: HIGH

Azure AKS enable RBAC not enforced


Azure Kubernetes Service (AKS) can be configured to use Azure Active Directory (AD) and Kubernetes Role-based Access Control (RBAC). RBAC is designed to work on resources within your AKS clusters. With RBAC, you can create a role definition that outlines the permissions to be applied. A user or group is then assigned this role definition for a particular scope, which could be an individual resource, a resource group, or across the subscription.

We recommend you sign in to an AKS cluster using an Azure AD authentication token and configure Kubernetes RBAC. This will limit access to cluster resources based a user's identity or group membership.

Fix - Buildtime


Resource: azurerm_kubernetes_cluster
Argument: role_based_access_control_enabled

resource "azurerm_kubernetes_cluster" "pike" {
+ role_based_access_control_enabled = true