PSRule.Rules.Azure icon indicating copy to clipboard operation
PSRule.Rules.Azure copied to clipboard

Published 20 hours ago verified publisher icon Azure

Use kube-audit-admin instead of kube-audit

Open BernieWhite opened this issue 2 years ago • 0 comments

Existing rule

None

Suggested rule

Create a new rule Azure.AKS.AuditAdmin to flag when the kube-audit log is collected with diagnostic settings.

When kube-audit is enabled, this can significantly increase cost for monitoring AKS clusters.

Instead enable collection for kube-audit-admin, which excludes the get and list audit events, but includes changes.

Pillar

Cost Optimization

Additional context

Related to #2249

  • https://learn.microsoft.com/azure/aks/monitor-aks#resource-logs

BernieWhite avatar Sep 29 '23 15:09 BernieWhite