More Info:
Ensure that RBAC is enabled on all Azure Kubernetes Services InstancesRisk Level
MediumAddress
SecurityCompliance Standards
CISAZURE, CBP, HITRUST, SOC2Triage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of enabling Role-Based Access Control (RBAC) within Azure Kubernetes Services, you can follow the below steps using the Azure console:
- Open the Azure Portal and navigate to the Azure Kubernetes Service (AKS) cluster that needs to be remediated.
- Click on the “Access Control (IAM)” option from the left-hand menu.
- Click on the “Add” button and select “Add role assignment” from the dropdown menu.
- In the “Add role assignment” blade, select the desired role from the “Role” dropdown menu. For example, “Owner”, “Contributor” or “Reader”.
- In the “Select” box, search for the user or group that needs to be assigned the role.
- Click on the “Save” button to assign the role to the selected user or group.
- Repeat steps 4 to 6 to assign roles to other users or groups as needed.
- Once all the roles have been assigned, click on the “Save” button to save the changes.
Using CLI
Using CLI
To enable Role-Based Access Control (RBAC) within Azure Kubernetes Services (AKS) using AZURE CLI, please follow the below steps:Step 1: Open the Azure CLI and login to your Azure account using the command:Step 2: Once you are logged in, set the subscription that contains the AKS cluster using the command:Step 3: After setting the subscription, enable RBAC on the AKS cluster using the following command:Step 4: Verify that RBAC is enabled on the AKS cluster using the following command:If the output of the above command is “Contributor”, it means that RBAC is enabled on the AKS cluster.By following the above steps, you can enable Role-Based Access Control (RBAC) within Azure Kubernetes Services (AKS) using AZURE CLI.
Using Python
Using Python
To enable Role-Based Access Control (RBAC) within Azure Kubernetes Services using python, you can follow the below steps:Note: In the above code, replace the values of This will list all the role assignments for the resource group. You can verify that the role assignment created in step 3 is present in the list.By following the above steps, you can enable Role-Based Access Control (RBAC) within Azure Kubernetes Services using python.
- Import the required libraries and authenticate to Azure using the Azure Identity library.
- Get the resource group and AKS cluster details.
- Create a role assignment for the AKS cluster.
<resource-group-name>
, <aks-cluster-name>
, <principal-id>
with the actual values.- Verify the role assignment by listing all the role assignments for the resource group.