Ensure RBAC is enabled on AKS clusters
Default Severity: high
Explanation
Using Kubernetes role-based access control (RBAC), you can grant users, groups, and service accounts access to only the resources they need.
Possible Impact
No role based access control is in place for the AKS cluster
Suggested Resolution
Enable RBAC
Insecure Example
The following example will fail the azure-container-use-rbac-permissions check.
resource "azurerm_kubernetes_cluster" "bad_example" {
// azurerm < 2.99.0
role_based_access_control {
enabled = false
}
// azurerm >= 2.99.0
role_based_access_control_enabled = false
}
Secure Example
The following example will pass the azure-container-use-rbac-permissions check.
resource "azurerm_kubernetes_cluster" "good_example" {
// azurerm < 2.99.0
role_based_access_control {
enabled = true
}
// azurerm >= 2.99.0
role_based_access_control_enabled = true
}