AZU007 - Ensure RBAC is enabled on AKS clusters

Written by tfsec

Explanation

Using Kubernetes role-based access control (RBAC), you can grant users, groups, and service accounts access to only the resources they need.

Insecure Example

The following example will fail the AZU007 check.

resource "azurerm_kubernetes_cluster" "bad_example" {
	role_based_access_control {
		enabled = false
	}
}

Secure Example

The following example will pass the AZU007 check.

resource "azurerm_kubernetes_cluster" "good_example" {
	role_based_access_control {
		enabled = true
	}
}

Related Links

• https://www.terraform.io/docs/providers/azurerm/r/kubernetes_cluster.html#role_based_access_control

• https://docs.microsoft.com/en-us/azure/aks/concepts-identity

---