Ensure Azure AKS cluster nodes do not have public IP addresses

Error: Azure AKS cluster nodes have public IP addresses

Bridgecrew Policy ID: BC_AZR_NETWORKING_59
Checkov Check ID: CKV_AZURE_143
Severity: LOW

Azure AKS cluster nodes have public IP addresses

Description

Disabling the public network access properly improves security by ensuring your Azure AKS cluster nodes can only be accessed from a non-public IP address.

Fix - Runtime

Fix - Buildtime

Terraform

  • Resource: azurerm_kubernetes_cluster
  • Argument: enable_node_public_ip (default is "false")
resource "azurerm_kubernetes_cluster" "ckv_unittest_pass" {
  name                = "example-aks1"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  dns_prefix          = "exampleaks1"

  default_node_pool {
    name       = "default"
    node_count = 1
    vm_size    = "Standard_D2_v2"
  }

  identity {
    type = "SystemAssigned"
  }

  tags = {
    Environment = "Production"
  }
}