Role-Based Access Control (RBAC) is disabled for AKS
ID |
azure_aks_rbac_disabled |
Severity |
low |
Vendor |
Azure |
Resource |
IAM |
Tags |
reachable |
Description
Role-Based Access Control (RBAC) is disabled for AKS. To enable this option you must put enable_rbac=yes.
Learn more about this topic at Azure AKS enable role-base access control
Examples
---
- name: Example playbook
hosts: localhost
tasks:
- name: Create an AKS instance With A System Node Pool & A User Node Pool
azure_rm_aks:
name: myAKS
resource_group: myResourceGroup
location: eastus
dns_prefix: akstest
kubernetes_version: 1.14.6
linux_profile:
admin_username: azureuser
ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAA...
service_principal:
client_id: "cf72ca99-f6b9-4004-b0e0-bee10c521948"
client_secret: "Password1234!"
agent_pool_profiles:
- name: default
count: 1
vm_size: Standard_B2s
enable_auto_scaling: True
type: VirtualMachineScaleSets
mode: System
max_count: 3
min_count: 1
enable_rbac: False
- name: user
count: 1
vm_size: Standard_D2_v2
enable_auto_scaling: True
type: VirtualMachineScaleSets
mode: User
max_count: 3
min_count: 1
enable_rbac: noMitigation / Fix
---
- name: Example playbook
hosts: localhost
tasks:
- name: Create an AKS instance With A System Node Pool & A User Node Pool
azure_rm_aks:
name: myAKS
resource_group: myResourceGroup
location: eastus
dns_prefix: akstest
kubernetes_version: 1.14.6
linux_profile:
admin_username: azureuser
ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAA...
service_principal:
client_id: "cf72ca99-f6b9-4004-b0e0-bee10c521948"
client_secret: "Password1234!"
agent_pool_profiles:
- name: default
count: 1
vm_size: Standard_B2s
enable_auto_scaling: True
type: VirtualMachineScaleSets
mode: System
max_count: 3
min_count: 1
enable_rbac: yes
- name: user
count: 1
vm_size: Standard_D2_v2
enable_auto_scaling: True
type: VirtualMachineScaleSets
mode: User
max_count: 3
min_count: 1
enable_rbac: yes