🚀 Launch Week 10, September 22nd - 26th, 2025 🚀
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-azure-perimeter
Overview
2Dashboards
14Benchmarks
0Queries
3Variables
GitHub

Control: AKS clusters should be private

Description

Azure Kubernetes Service (AKS) clusters should have private cluster enabled to restrict worker node from API access for better security and isolation.

Usage

Run the control in your terminal:

powerpipe control run azure_perimeter.control.kubernetes_cluster_private

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_perimeter.control.kubernetes_cluster_private --share

Steampipe Tables

azure_kubernetes_cluster
azure_subscription
Azure plugin

SQL

select
  c.id as resource,
  case
    when api_server_access_profile ->> 'enablePrivateCluster' = 'true' then 'ok'
    else 'alarm'
  end as status,
  case
    when api_server_access_profile ->> 'enablePrivateCluster' = 'true' then c.name || ' is private.'
    else c.name || ' is not private.'
  end as reason
  
  , c.resource_group as resource_group
  , sub.display_name as subscription
from
  azure_kubernetes_cluster c,
  azure_subscription sub
where
  sub.subscription_id = c.subscription_id;

Tags

category = Perimeter
plugin = azure
service = Azure/AKS