turbot/steampipe-mod-azure-perimeter

Control: AKS clusters should be private

Description

Azure Kubernetes Service (AKS) clusters should have private cluster enabled to restrict worker node from API access for better security and isolation.

Usage

Run the control in your terminal:

powerpipe control run azure_perimeter.control.kubernetes_cluster_private

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_perimeter.control.kubernetes_cluster_private --share

Steampipe Tables

SQL

select
c.id as resource,
case
when api_server_access_profile ->> 'enablePrivateCluster' = 'true' then 'ok'
else 'alarm'
end as status,
case
when api_server_access_profile ->> 'enablePrivateCluster' = 'true' then c.name || ' is private.'
else c.name || ' is not private.'
end as reason
, c.resource_group as resource_group
, sub.display_name as subscription
from
azure_kubernetes_cluster c,
azure_subscription sub
where
sub.subscription_id = c.subscription_id;

Tags