ACK Cluster RRSA Enabled
ID: rule:aliyun:ack-cluster-rrsa-enabled
Severity: medium
IaC Types: ROS, Terraform
Description
Ensures that the RAM Roles for Service Accounts (RRSA) feature is enabled for the ACK cluster.
Reason for Violation
RRSA allows pods to assume RAM roles, providing a more secure and fine-grained way to manage permissions.
Recommendation
Enable RRSA for the ACK cluster.
Resource Types
- ROS:
ALIYUN::CS::AnyCluster - ROS:
ALIYUN::CS::ManagedKubernetesCluster - Terraform:
alicloud_cs_managed_kubernetes