Control: Kubernetes cluster nodes should restrict public access
Description
Ensure Kubernetes cluster node do not have public IP addresses. This control is non-compliant if Kubernetes cluster node have a public IP address assigned.
Usage
Run the control in your terminal:
powerpipe control run terraform_azure_compliance.control.kubernetes_cluster_node_restrict_public_accessSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run terraform_azure_compliance.control.kubernetes_cluster_node_restrict_public_access --shareSQL
This control uses a named query:
select address as resource, case when (attributes_std -> 'default_node_pool' ->> 'enable_node_public_ip') = 'true' then 'alarm' else 'ok' end status, split_part(address, '.', 2) || case when (attributes_std -> 'default_node_pool' ->> 'enable_node_public_ip') = 'true' then ' has public node' else ' has no public node' end || '.' reason , path || ':' || start_linefrom terraform_resourcewhere type = 'azurerm_kubernetes_cluster';