For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/code_security/iac_security/iac_rules/terraform-tencentcloud-tke-cluster-has-public-access.md.
A documentation index is available at /llms.txt.
In a TKE cluster, public_ip_assigned should be set to false. A tencentcloud_kubernetes_cluster is noncompliant if either master_config or worker_config sets public_ip_assigned to true while internet_max_bandwidth_out is greater than 0. It is also noncompliant if public_ip_assigned is undefined and internet_max_bandwidth_out is greater than 0; in such cases, internet_max_bandwidth_out should be set to 0 or left undefined.
Compliant Code Examples
locals{first_vpc_id=data.tencentcloud_vpc_subnets.vpc_one.instance_list.0.vpc_idfirst_subnet_id=data.tencentcloud_vpc_subnets.vpc_one.instance_list.0.subnet_idsecond_vpc_id=data.tencentcloud_vpc_subnets.vpc_two.instance_list.0.vpc_idsecond_subnet_id=data.tencentcloud_vpc_subnets.vpc_two.instance_list.0.subnet_idsg_id=tencentcloud_security_group.sg.idimage_id=data.tencentcloud_images.default.image_id}data"tencentcloud_vpc_subnets""vpc_one"{is_default=trueavailability_zone="ap-guangzhou-3"}data"tencentcloud_vpc_subnets""vpc_two"{is_default=trueavailability_zone="ap-guangzhou-4"}resource"tencentcloud_security_group""sg"{name="tf-example-sg"}resource"tencentcloud_security_group_lite_rule""sg_rule"{security_group_id=tencentcloud_security_group.sg.idingress=["ACCEPT#10.0.0.0/16#ALL#ALL","ACCEPT#172.16.0.0/22#ALL#ALL","DROP#0.0.0.0/0#ALL#ALL",]egress=["ACCEPT#172.16.0.0/22#ALL#ALL",]}data"tencentcloud_images""default"{image_type=["PUBLIC_IMAGE"]image_name_regex="Final"}resource"tencentcloud_kubernetes_cluster""example"{vpc_id=local.first_vpc_idcluster_cidr="10.31.0.0/16"cluster_max_pod_num=32cluster_name="tf_example_cluster"cluster_desc="example for tke cluster"cluster_max_service_num=32cluster_internet=falsecluster_internet_security_group=local.sg_idcluster_version="1.22.5"cluster_deploy_type="MANAGED_CLUSTER"master_config{count=1availability_zone="ap-guangzhou-3"instance_type="SA2.2XLARGE16"system_disk_type="CLOUD_SSD"system_disk_size=60subnet_id=local.first_subnet_idimg_id=local.image_iddata_disk{disk_type="CLOUD_PREMIUM"disk_size=50}enhanced_security_service=falseenhanced_monitor_service=false}worker_config{count=1availability_zone="ap-guangzhou-4"instance_type="SA2.2XLARGE16"system_disk_type="CLOUD_SSD"system_disk_size=60subnet_id=local.second_subnet_iddata_disk{disk_type="CLOUD_PREMIUM"disk_size=50}enhanced_security_service=falseenhanced_monitor_service=falsecam_role_name="CVM_QcsRole"}labels={"test1"="test1","test2"="test2",}}
locals{first_vpc_id=data.tencentcloud_vpc_subnets.vpc_one.instance_list.0.vpc_idfirst_subnet_id=data.tencentcloud_vpc_subnets.vpc_one.instance_list.0.subnet_idsecond_vpc_id=data.tencentcloud_vpc_subnets.vpc_two.instance_list.0.vpc_idsecond_subnet_id=data.tencentcloud_vpc_subnets.vpc_two.instance_list.0.subnet_idsg_id=tencentcloud_security_group.sg.idimage_id=data.tencentcloud_images.default.image_id}data"tencentcloud_vpc_subnets""vpc_one"{is_default=trueavailability_zone="ap-guangzhou-3"}data"tencentcloud_vpc_subnets""vpc_two"{is_default=trueavailability_zone="ap-guangzhou-4"}resource"tencentcloud_security_group""sg"{name="tf-example-sg"}resource"tencentcloud_security_group_lite_rule""sg_rule"{security_group_id=tencentcloud_security_group.sg.idingress=["ACCEPT#10.0.0.0/16#ALL#ALL","ACCEPT#172.16.0.0/22#ALL#ALL","DROP#0.0.0.0/0#ALL#ALL",]egress=["ACCEPT#172.16.0.0/22#ALL#ALL",]}data"tencentcloud_images""default"{image_type=["PUBLIC_IMAGE"]image_name_regex="Final"}resource"tencentcloud_kubernetes_cluster""example"{vpc_id=local.first_vpc_idcluster_cidr="10.31.0.0/16"cluster_max_pod_num=32cluster_name="tf_example_cluster"cluster_desc="example for tke cluster"cluster_max_service_num=32cluster_internet=falsecluster_internet_security_group=local.sg_idcluster_version="1.22.5"cluster_deploy_type="MANAGED_CLUSTER"master_config{count=1availability_zone="ap-guangzhou-3"instance_type="SA2.2XLARGE16"system_disk_type="CLOUD_SSD"system_disk_size=60public_ip_assigned=falsesubnet_id=local.first_subnet_idimg_id=local.image_iddata_disk{disk_type="CLOUD_PREMIUM"disk_size=50}enhanced_security_service=falseenhanced_monitor_service=false}worker_config{count=1availability_zone="ap-guangzhou-4"instance_type="SA2.2XLARGE16"system_disk_type="CLOUD_SSD"system_disk_size=60public_ip_assigned=falsesubnet_id=local.second_subnet_iddata_disk{disk_type="CLOUD_PREMIUM"disk_size=50}enhanced_security_service=falseenhanced_monitor_service=falsecam_role_name="CVM_QcsRole"}labels={"test1"="test1","test2"="test2",}}
Non-Compliant Code Examples
locals{first_vpc_id=data.tencentcloud_vpc_subnets.vpc_one.instance_list.0.vpc_idfirst_subnet_id=data.tencentcloud_vpc_subnets.vpc_one.instance_list.0.subnet_idsecond_vpc_id=data.tencentcloud_vpc_subnets.vpc_two.instance_list.0.vpc_idsecond_subnet_id=data.tencentcloud_vpc_subnets.vpc_two.instance_list.0.subnet_idsg_id=tencentcloud_security_group.sg.idimage_id=data.tencentcloud_images.default.image_id}data"tencentcloud_vpc_subnets""vpc_one"{is_default=trueavailability_zone="ap-guangzhou-3"}data"tencentcloud_vpc_subnets""vpc_two"{is_default=trueavailability_zone="ap-guangzhou-4"}resource"tencentcloud_security_group""sg"{name="tf-example-sg"}resource"tencentcloud_security_group_lite_rule""sg_rule"{security_group_id=tencentcloud_security_group.sg.idingress=["ACCEPT#10.0.0.0/16#ALL#ALL","ACCEPT#172.16.0.0/22#ALL#ALL","DROP#0.0.0.0/0#ALL#ALL",]egress=["ACCEPT#172.16.0.0/22#ALL#ALL",]}data"tencentcloud_images""default"{image_type=["PUBLIC_IMAGE"]image_name_regex="Final"}resource"tencentcloud_kubernetes_cluster""example"{vpc_id=local.first_vpc_idcluster_cidr="10.31.0.0/16"cluster_max_pod_num=32cluster_name="tf_example_cluster"cluster_desc="example for tke cluster"cluster_max_service_num=32cluster_internet=truecluster_internet_security_group=local.sg_idcluster_version="1.22.5"cluster_deploy_type="MANAGED_CLUSTER"master_config{count=1availability_zone="ap-guangzhou-3"instance_type="SA2.2XLARGE16"system_disk_type="CLOUD_SSD"system_disk_size=60internet_charge_type="TRAFFIC_POSTPAID_BY_HOUR"internet_max_bandwidth_out=100public_ip_assigned=truesubnet_id=local.first_subnet_idimg_id=local.image_iddata_disk{disk_type="CLOUD_PREMIUM"disk_size=50}enhanced_security_service=falseenhanced_monitor_service=false}worker_config{count=1availability_zone="ap-guangzhou-4"instance_type="SA2.2XLARGE16"system_disk_type="CLOUD_SSD"system_disk_size=60internet_charge_type="TRAFFIC_POSTPAID_BY_HOUR"internet_max_bandwidth_out=100public_ip_assigned=truesubnet_id=local.second_subnet_iddata_disk{disk_type="CLOUD_PREMIUM"disk_size=50}enhanced_security_service=falseenhanced_monitor_service=falsecam_role_name="CVM_QcsRole"}labels={"test1"="test1","test2"="test2",}}
locals{first_vpc_id=data.tencentcloud_vpc_subnets.vpc_one.instance_list.0.vpc_idfirst_subnet_id=data.tencentcloud_vpc_subnets.vpc_one.instance_list.0.subnet_idsecond_vpc_id=data.tencentcloud_vpc_subnets.vpc_two.instance_list.0.vpc_idsecond_subnet_id=data.tencentcloud_vpc_subnets.vpc_two.instance_list.0.subnet_idsg_id=tencentcloud_security_group.sg.idimage_id=data.tencentcloud_images.default.image_id}data"tencentcloud_vpc_subnets""vpc_one"{is_default=trueavailability_zone="ap-guangzhou-3"}data"tencentcloud_vpc_subnets""vpc_two"{is_default=trueavailability_zone="ap-guangzhou-4"}resource"tencentcloud_security_group""sg"{name="tf-example-sg"}resource"tencentcloud_security_group_lite_rule""sg_rule"{security_group_id=tencentcloud_security_group.sg.idingress=["ACCEPT#10.0.0.0/16#ALL#ALL","ACCEPT#172.16.0.0/22#ALL#ALL","DROP#0.0.0.0/0#ALL#ALL",]egress=["ACCEPT#172.16.0.0/22#ALL#ALL",]}data"tencentcloud_images""default"{image_type=["PUBLIC_IMAGE"]image_name_regex="Final"}resource"tencentcloud_kubernetes_cluster""example"{vpc_id=local.first_vpc_idcluster_cidr="10.31.0.0/16"cluster_max_pod_num=32cluster_name="tf_example_cluster"cluster_desc="example for tke cluster"cluster_max_service_num=32cluster_internet=truecluster_internet_security_group=local.sg_idcluster_version="1.22.5"cluster_deploy_type="MANAGED_CLUSTER"master_config{count=1availability_zone="ap-guangzhou-3"instance_type="SA2.2XLARGE16"system_disk_type="CLOUD_SSD"system_disk_size=60internet_charge_type="TRAFFIC_POSTPAID_BY_HOUR"internet_max_bandwidth_out=100subnet_id=local.first_subnet_idimg_id=local.image_iddata_disk{disk_type="CLOUD_PREMIUM"disk_size=50}enhanced_security_service=falseenhanced_monitor_service=falseuser_data="dGVzdA=="}worker_config{count=1availability_zone="ap-guangzhou-4"instance_type="SA2.2XLARGE16"system_disk_type="CLOUD_SSD"system_disk_size=60internet_charge_type="TRAFFIC_POSTPAID_BY_HOUR"internet_max_bandwidth_out=100subnet_id=local.second_subnet_iddata_disk{disk_type="CLOUD_PREMIUM"disk_size=50}enhanced_security_service=falseenhanced_monitor_service=falsecam_role_name="CVM_QcsRole"}labels={"test1"="test1","test2"="test2",}}
locals{first_vpc_id=data.tencentcloud_vpc_subnets.vpc_one.instance_list.0.vpc_idfirst_subnet_id=data.tencentcloud_vpc_subnets.vpc_one.instance_list.0.subnet_idsecond_vpc_id=data.tencentcloud_vpc_subnets.vpc_two.instance_list.0.vpc_idsecond_subnet_id=data.tencentcloud_vpc_subnets.vpc_two.instance_list.0.subnet_idsg_id=tencentcloud_security_group.sg.idimage_id=data.tencentcloud_images.default.image_id}data"tencentcloud_vpc_subnets""vpc_one"{is_default=trueavailability_zone="ap-guangzhou-3"}data"tencentcloud_vpc_subnets""vpc_two"{is_default=trueavailability_zone="ap-guangzhou-4"}resource"tencentcloud_security_group""sg"{name="tf-example-sg"}resource"tencentcloud_security_group_lite_rule""sg_rule"{security_group_id=tencentcloud_security_group.sg.idingress=["ACCEPT#10.0.0.0/16#ALL#ALL","ACCEPT#172.16.0.0/22#ALL#ALL","DROP#0.0.0.0/0#ALL#ALL",]egress=["ACCEPT#172.16.0.0/22#ALL#ALL",]}data"tencentcloud_images""default"{image_type=["PUBLIC_IMAGE"]image_name_regex="Final"}resource"tencentcloud_kubernetes_cluster""example"{vpc_id=local.first_vpc_idcluster_cidr="10.31.0.0/16"cluster_max_pod_num=32cluster_name="tf_example_cluster"cluster_desc="example for tke cluster"cluster_max_service_num=32cluster_internet=truecluster_internet_security_group=local.sg_idcluster_version="1.22.5"cluster_deploy_type="MANAGED_CLUSTER"master_config{count=1availability_zone="ap-guangzhou-3"instance_type="SA2.2XLARGE16"system_disk_type="CLOUD_SSD"system_disk_size=60internet_charge_type="TRAFFIC_POSTPAID_BY_HOUR"internet_max_bandwidth_out=100public_ip_assigned=truesubnet_id=local.first_subnet_idimg_id=local.image_iddata_disk{disk_type="CLOUD_PREMIUM"disk_size=50}enhanced_security_service=falseenhanced_monitor_service=false}master_config{count=1availability_zone="ap-guangzhou-3"instance_type="SA2.2XLARGE16"system_disk_type="CLOUD_SSD"system_disk_size=60internet_charge_type="TRAFFIC_POSTPAID_BY_HOUR"internet_max_bandwidth_out=100public_ip_assigned=truesubnet_id=local.first_subnet_idimg_id=local.image_iddata_disk{disk_type="CLOUD_PREMIUM"disk_size=50}enhanced_security_service=falseenhanced_monitor_service=false}worker_config{count=1availability_zone="ap-guangzhou-4"instance_type="SA2.2XLARGE16"system_disk_type="CLOUD_SSD"system_disk_size=60internet_charge_type="TRAFFIC_POSTPAID_BY_HOUR"internet_max_bandwidth_out=100public_ip_assigned=truesubnet_id=local.second_subnet_iddata_disk{disk_type="CLOUD_PREMIUM"disk_size=50}enhanced_security_service=falseenhanced_monitor_service=falsecam_role_name="CVM_QcsRole"}worker_config{count=1availability_zone="ap-guangzhou-4"instance_type="SA2.2XLARGE16"system_disk_type="CLOUD_SSD"system_disk_size=60internet_charge_type="TRAFFIC_POSTPAID_BY_HOUR"internet_max_bandwidth_out=100public_ip_assigned=truesubnet_id=local.second_subnet_iddata_disk{disk_type="CLOUD_PREMIUM"disk_size=50}enhanced_security_service=falseenhanced_monitor_service=falsecam_role_name="CVM_QcsRole"}labels={"test1"="test1","test2"="test2",}}
1
2
rulesets:- Terraform / TencentCloud # Rules to enforce / TencentCloud.
Request a personalized demo
Get Started with Datadog
Ask AI
AI-generated responses may be inaccurate. Verify important info.
