turbot/steampipe-mod-terraform-azure-compliance

Control: Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host

Description

To enhance data security, the data stored on the virtual machine (VM) host of your Azure Kubernetes Service nodes VMs should be encrypted at rest. This is a common requirement in many regulatory and industry compliance standards.

Usage

Run the control in your terminal:

powerpipe control run terraform_azure_compliance.control.kubernetes_cluster_temp_disks_and_agent_node_pool_cache_encrypted_at_host

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run terraform_azure_compliance.control.kubernetes_cluster_temp_disks_and_agent_node_pool_cache_encrypted_at_host --share

SQL

This control uses a named query:

select
address as resource,
case
when (attributes_std -> 'default_node_pool' ->> 'enable_host_encryption')::boolean then 'ok'
else 'alarm'
end status,
split_part(address, '.', 2) || case
when (attributes_std -> 'default_node_pool' ->> 'enable_host_encryption')::boolean then ' encrypted at host'
else ' not encrypted at host'
end || '.' reason
, path || ':' || start_line
from
terraform_resource
where
type = 'azurerm_kubernetes_cluster';

Tags