github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/azure/container/AVD-AZU-0042/Terraform.md (about) 1 2 Enable RBAC 3 4 ```hcl 5 resource "azurerm_kubernetes_cluster" "good_example" { 6 // azurerm < 2.99.0 7 role_based_access_control { 8 enabled = true 9 } 10 11 // azurerm >= 2.99.0 12 role_based_access_control_enabled = true 13 } 14 15 ``` 16 ```hcl 17 resource "azurerm_kubernetes_cluster" "aks_cluster" { 18 name = var.name 19 location = var.location 20 resource_group_name = var.resource_group_name 21 dns_prefix = var.name 22 kubernetes_version = var.cluster_version 23 api_server_authorized_ip_ranges = var.ip_whitelist 24 azure_policy_enabled = true 25 default_node_pool { 26 name = "default" 27 enable_auto_scaling = true 28 min_count = var.node_min_count 29 max_count = var.node_max_count 30 max_pods = var.pod_max_count # If you don't specify only allows 30 pods 31 vm_size = var.vm_size 32 os_disk_size_gb = 250 # default 30GB 33 vnet_subnet_id = var.vnet_subnet_id 34 } 35 36 network_profile { 37 network_plugin = "azure" 38 network_policy = "azure" 39 } 40 41 identity { 42 type = "SystemAssigned" 43 } 44 45 azure_active_directory_role_based_access_control { 46 managed = true 47 azure_rbac_enabled = true 48 admin_group_object_ids = [data.azuread_group.aks_admins.object_id] 49 } 50 51 } 52 53 ``` 54 55 #### Remediation Links 56 - https://www.terraform.io/docs/providers/azurerm/r/kubernetes_cluster.html#role_based_access_control 57