v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/azure_compliance
Overview
13Dashboards
1311Controls
430Queries
2Variables
GitHub

Control: 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services

Description

It is recommended to enable RBAC on all Azure Kubernetes Services Instances. Azure Kubernetes Services has the capability to integrate Azure Active Directory users and groups into Kubernetes RBAC controls within the AKS Kubernetes API Server. This should be utilized to enable granular access to Kubernetes resources within the AKS clusters supporting RBAC controls not just of the overarching AKS instance but also the individual resources managed within Kubernetes.

Remediation

As default, RBAC is enabled. This setting cannot be changed after AKS deployment, cluster will require recreation. For more information refer Use Azure RBAC for Kubernetes

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.cis_v130_8_5

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.cis_v130_8_5 --share

SQL

This control uses a named query:

keyvault_vault_recoverable

Tags

category = Compliance
cis = true
cis_item_id = 8.5
cis_level = 1
cis_section_id = 8
cis_type = automated
cis_version = v1.3.0
plugin = azure
service = Azure/KeyVault