Control: Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host
Description
To enhance data security, the data stored on the virtual machine (VM) host of your Azure Kubernetes Service nodes VMs should be encrypted at rest. This is a common requirement in many regulatory and industry compliance standards.
Usage
Run the control in your terminal:
powerpipe control run terraform_azure_compliance.control.kubernetes_cluster_temp_disks_and_agent_node_pool_cache_encrypted_at_host
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run terraform_azure_compliance.control.kubernetes_cluster_temp_disks_and_agent_node_pool_cache_encrypted_at_host --share
SQL
This control uses a named query:
select address as resource, case when (attributes_std -> 'default_node_pool' ->> 'enable_host_encryption')::boolean then 'ok' else 'alarm' end status, split_part(address, '.', 2) || case when (attributes_std -> 'default_node_pool' ->> 'enable_host_encryption')::boolean then ' encrypted at host' else ' not encrypted at host' end || '.' reason , path || ':' || start_linefrom terraform_resourcewhere type = 'azurerm_kubernetes_cluster';