Ensure AKS uses disk encryption set

Error: AKS does not use disk encryption set

Bridgecrew Policy ID: BC_AZR_KUBERNETES_8
Checkov Check ID: CKV_AZURE_117
Severity: LOW

AKS does not use disk encryption set

Description

Disk encryption is a security measure that encrypts the data on a disk to protect it from unauthorized access or tampering. When disk encryption is enabled for AKS, it encrypts the data on the disks that are used by the nodes in your cluster. This can help to protect your data from being accessed or modified by unauthorized users, even if the disks are physically stolen or the data is accessed from an unauthorized location.

Fix - Buildtime

Terraform

  • Resource: azurerm_kubernetes_cluster
  • Argument: disk_encryption_set_id
resource "azurerm_kubernetes_cluster" "example" {
              ...
 +            disk_encryption_set_id = "someId"
            }