Azure Policy for AKS

Jan 1, 0001

Definition

Azure Policy for AKS (Azure Kubernetes Service) is a governance tool that allows organizations to enforce compliance and security standards on their Kubernetes clusters. It provides a way to define, apply, and manage policies that control the configuration and operation of AKS resources. These policies help ensure that clusters adhere to organizational standards and regulatory requirements by automatically auditing and remediating non-compliant resources.

Secure Settings Example

{
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.ContainerService/managedClusters"
        },
        {
          "field": "Microsoft.ContainerService/managedClusters/enableRBAC",
          "equals": "true"
        }
      ]
    },
    "then": {
      "effect": "audit"
    }
  },
  "parameters": {}
}

This policy ensures that Role-Based Access Control (RBAC) is enabled on AKS clusters, which is a best practice for managing permissions and access control.

Insecure Settings Example

{
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.ContainerService/managedClusters"
        },
        {
          "field": "Microsoft.ContainerService/managedClusters/enableRBAC",
          "equals": "false"
        }
      ]
    },
    "then": {
      "effect": "audit"
    }
  },
  "parameters": {}
}

This policy audits AKS clusters where RBAC is disabled, which is insecure as it allows unrestricted access to cluster resources, potentially leading to unauthorized actions and data exposure.

Azure Policy for AKS

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter