Misconfigurations in infrastructure as code (IaC) can be just as dangerous as vulnerabilities in code. Small mistakes in configuration can lead to the sensitive data being readable on the internet, or private endpoints and dashboard accessible to the anonymous users and abused as the initial point of compromise. By Kamil Potrec.
Recent security research findings indicate the rise in malware targeting the Kubernetes platform which showcases the need for secure configuration.
In this series of blog posts, we will look into the default settings used in Amazon Elastic Kubernetes Service (EKS) deployments. We will then demonstrate how small misconfigurations or unwanted side-effects may put our clusters at risk of EKS security issues.
The article covers the following:
- What is Amazon Elastic Kubernetes Service?
- Quick EKS deployment
- Restricting access to Kubernetes API
- Restrict access to the instance metadata service
- Enable logging
Amazon Elastic Kubernetes Service is a managed Kubernetes service. AWS takes responsibility for managing the control plane components of the cluster, and the customer is responsible for managing the worker nodes and cluster resources. Good read!
[Read More]