Azure_KubernatesService_4

Ensure that you are using authorized IP address ranges in order to secure access to the API server

Description

In Kubernetes, the API server receives requests to perform actions in the cluster such as to create resources or scale the number of nodes. The API server is the central way to interact with and manage a cluster. To improve cluster security and minimize attacks, the API server should only be accessible from a limited set of IP address ranges.

Remediation

API server authorized IP ranges only work for new AKS clusters and are not supported for private AKS clusters.

To create a cluster with API server authorized IP ranges enabled : https://docs.microsoft.com/en-us/azure/aks/api-server-authorized-ip-ranges?ocid=AID754288&wt.mc_id=CFID0533#create-an-aks-cluster-with-api-server-authorized-ip-ranges-enabled

To update a cluster’s API server authorized IP ranges : https://docs.microsoft.com/en-us/azure/aks/api-server-authorized-ip-ranges?ocid=AID754288&wt.mc_id=CFID0533#update-a-clusters-api-server-authorized-ip-ranges

Service

Other Security Considerations

Severity

High

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!