Severity Framework
CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Snyk CCSS
Rule category
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
IAM/ Usage
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CIS-AzureCIS-ControlsCSA-CCMSOC-2
- Snyk IDSNYK-CC-00513
- creditSnyk Research Team
Description
Administrators won't be able to configure role-based access controls to resources.
How to fix?
Set enableRBAC attribute to true or remove the attribute .
For Azure provider >= v3.0.0, set role_based_access_control_enabled to true or remove the attribute. For Azure provider < v3.0.0, set role_based_access_control.enabled to true or remove the attribute.
Example Configuration
# Provider version >= 3.0.0
resource "azurerm_kubernetes_cluster" "allowed" {
name = "example-aks1"
location = "example"
resource_group_name = "example"
dns_prefix = "exampleaks1"
default_node_pool {
name = "default"
node_count = 1
vm_size = "Standard_D2_v2"
}
identity {
type = "SystemAssigned"
}
role_based_access_control_enabled = true
}
# Provider version < 3.0.0
resource "azurerm_kubernetes_cluster" "k8s_rbac_enabled" {
name = "k8s-rbac-enabled"
resource_group_name = "${azurerm_resource_group.main.name}"
location = "${azurerm_resource_group.main.location}"
dns_prefix = "k8s-rbac-enabled"
default_node_pool {
name = "default"
node_count = 1
vm_size = "Standard_D2_v2"
}
service_principal {
client_id = "<client_id>"
client_secret = "<client_secret>"
}
role_based_access_control {
enabled = true
}
}