Control: AKS clusters should be private
Description
Azure Kubernetes Service (AKS) clusters should have private cluster enabled to restrict worker node from API access for better security and isolation.
Usage
Run the control in your terminal:
powerpipe control run azure_perimeter.control.kubernetes_cluster_private
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_perimeter.control.kubernetes_cluster_private --share
Steampipe Tables
SQL
select c.id as resource, case when api_server_access_profile ->> 'enablePrivateCluster' = 'true' then 'ok' else 'alarm' end as status, case when api_server_access_profile ->> 'enablePrivateCluster' = 'true' then c.name || ' is private.' else c.name || ' is not private.' end as reason , c.resource_group as resource_group , sub.display_name as subscriptionfrom azure_kubernetes_cluster c, azure_subscription subwhere sub.subscription_id = c.subscription_id;