Risk Level: High
Cloud Entity: Azure AKS
CloudGuard Rule ID: D9.AZU.NET.30
Covered by Spectral: Yes
AksCluster should have properties.apiServerAccessProfile.authorizedIPRanges
API server authorized IP ranges only work for new AKS clusters and are not supported for private AKS clusters.
To create a cluster with API server authorized IP ranges enabled : https://docs.microsoft.com/en-us/azure/aks/api-server-authorized-ip-ranges?ocid=AID754288&wt.mc_id=CFID0533#create-an-aks-cluster-with-api-server-authorized-ip-ranges-enabled
To update a cluster's API server authorized IP ranges : https://docs.microsoft.com/en-us/azure/aks/api-server-authorized-ip-ranges?ocid=AID754288&wt.mc_id=CFID0533#update-a-clusters-api-server-authorized-ip-ranges
AKS is an open-source fully managed container orchestration service that became available in June 2018 and is available on the Microsoft Azure public cloud that can be used to deploy, scale and manage Docker containers and container-based applications in a cluster environment.
- Azure CloudGuard Best Practices
- Azure NIST 800-53 Rev 5
- CloudGuard Azure All Rules Ruleset
Updated 3 months ago