Ensure Azure AKS cluster nodes do not have public IP addresses
Error: Azure AKS cluster nodes have public IP addresses
Bridgecrew Policy ID: BC_AZR_NETWORKING_59
Checkov Check ID: CKV_AZURE_143
Severity: LOW
Azure AKS cluster nodes have public IP addresses
Description
Disabling the public network access properly improves security by ensuring your Azure AKS cluster nodes can only be accessed from a non-public IP address.
Fix - Runtime
Fix - Buildtime
Terraform
- Resource: azurerm_kubernetes_cluster
- Argument: enable_node_public_ip (default is "false")
resource "azurerm_kubernetes_cluster" "ckv_unittest_pass" {
name = "example-aks1"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
dns_prefix = "exampleaks1"
default_node_pool {
name = "default"
node_count = 1
vm_size = "Standard_D2_v2"
}
identity {
type = "SystemAssigned"
}
tags = {
Environment = "Production"
}
}
Updated 12 months ago