DeepSource
Dashboard Resources Pricing Discover Directory Log in

Run your first analysis.

Find thousands of code security and quality issues in your codebase, before they end up in production.

Start now
Terraform

Terraform

Made by DeepSource
Use Analyzer

Azure AKS is not using RBAC TF-S1005

Security
Critical

Ensure Azure AKS has RBAC (Role-based Access Control) enabled.

AKS (Azure Kubernetes Service) can be configured to use Azure AD (Active Directory) and Kubernetes RBAC (Role-based Access Control). RBAC is designed to work on resources within your AKS clusters. With RBAC, you can create a role definition that outlines the permissions to be applied. A user or group is then assigned this role definition for a particular scope, an individual resource, a resource group, or across the subscription.

We recommend you sign in to an AKS cluster using an Azure AD authentication token and configure Kubernetes RBAC. This will limit access to cluster resources based on a user's identity or group membership.

Examples

Bad practice

resource "azurerm_k8_cluster" "example" {
    role_based_access_control {
        enabled = false
    }
}

Recommended

resource "azure_k8_cluster" "example" {
    role_based_access_control {
        enabled = true
    }
}

References