Ensure that your Azure Kubernetes Service (AKS) clusters are using system-assigned managed identities in order to allow secure application access to other Azure cloud resources such as load balancers, managed disks, and key vaults.
A system-assigned managed identity enables Azure Kubernetes Service (AKS) clusters to authenticate to other cloud services without storing credentials in code. With system-assigned managed identities you don't have to secure, manage, and rotate access credentials anymore as these are handled automatically by Microsoft Azure.
Audit
To determine if your AKS clusters are configured to use system-assigned managed identities, perform the following actions:
Checking Azure Kubernetes Service (AKS) clusters for system-assigned managed identities using Azure Console (Azure Portal) is not currently supported.Remediation / Resolution
To ensure that your Azure Kubernetes Service (AKS) clusters are using system-assigned managed identities, perform the following actions:
Configuring Azure Kubernetes Service (AKS) clusters to use system-assigned managed identities using Azure Console (Azure Portal) is not currently supported.References
- Azure Official Documentation
- What are managed identities for Azure resources?
- Use a managed identity in Azure Kubernetes Service (AKS)
- Azure PowerShell Documentation
- az aks list
- az aks show
- az aks update
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Use System-Assigned Managed Identities for AKS Clusters
Risk Level: Medium