Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-alicloud-compliance
Overview
1Dashboards
78Benchmarks
40Queries
2Variables
GitHub

Control: 7.9 Ensure Kubernetes Cluster is created with Private cluster enabled

Description

A private cluster is a cluster that makes your master inaccessible from the public internet. In a private cluster, nodes do not have public IP addresses, so your workloads run in an environment that is isolated from the internet. Nodes have addresses only in the private address space. Nodes and masters communicate with each other privately using VPC peering.

Remediation

From Console

  1. Logon to ACK console.
  2. Click the Create Kubernetes Cluster button and make sure Public Access is not enabled.

Usage

Run the control in your terminal:

powerpipe control run alicloud_compliance.control.cis_v100_7_9

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run alicloud_compliance.control.cis_v100_7_9 --share

SQL

This control uses a named query:

select
  'arn:acs:::' || account_id as resource,
  'info' as status,
  'Manual verification required.' as reason
  , account_id as account_id
from
  alicloud_account;

Tags

category = Compliance
cis = true
cis_item_id = 7.9
cis_level = 1
cis_section_id = 7
cis_type = automated
cis_version = v1.0.0
plugin = alicloud
service = AliCloud/ACK