Ensure RBAC is enabled on AKS clusters
Explanation
Using Kubernetes role-based access control (RBAC), you can grant users, groups, and service accounts access to only the resources they need.
Insecure Example
The following example will fail the AZU007 check.
resource "azurerm_kubernetes_cluster" "my-aks-cluster" {
role_based_access_control {
enabled = false
}
}
Secure Example
The following example will pass the AZU007 check.
resource "azurerm_kubernetes_cluster" "my-aks-cluster" {
role_based_access_control {
enabled = true
}
}