AWS re:Invent 2023 - Securing Kubernetes workloads in Amazon EKS (CON335)
Рет қаралды 6,574
Күн бұрынIn this session, learn about features that can help you secure your Amazon EKS clusters. Get guidance on how security practitioners and cluster administrators can protect information, systems, and assets that are reliant on Amazon EKS, while delivering business value to their customers. This session covers security guidance specific to Amazon EKS on managing access to Kubernetes, AWS Identity and Access Management (IAM), and network security.
Learn more about AWS re:Invent at go.aws/46iuzGv.
Subscribe:
More AWS videos: bit.ly/2O3zS75
More AWS events videos: bit.ly/316g9t4
ABOUT AWS
Amazon Web Services (AWS) hosts events, both online and in-person, bringing the cloud computing community together to connect, collaborate, and learn from AWS experts.
AWS is the world's most comprehensive and broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. Millions of customers-including the fastest-growing startups, largest enterprises, and leading government agencies-are using AWS to lower costs, become more agile, and innovate faster.
#AWSreInvent #AWSreInvent2023
@刘方外 10 ай бұрын
really excited
@ThomasFoster-NOAAAffiliate 9 ай бұрын
How does this avoid the OIDC creation when the cluster is created? Or is this currently limited by the account limit on OIDC providers (100 by default)?
@awssupport 9 ай бұрын
Hello there! From what I could find an OIDC provider is a prerequisite to use Amazon EBS with EKS cluster & does have the account limit you mentioned: go.aws/3SlAoil & go.aws/3Um0Av1. If needed, I suggest engaging with our community of developers on re:Post for further clarification: go.aws/aws-repost. 📮 ^RN
@cocnitive 8 ай бұрын
I feel like the tags conditions are not ideal, for example if someone just changes those values in the configmap of the deployment it can get permissions to other things. And what prevents that?
@awssupport 8 ай бұрын
Hi there! Thank you for the feedback provided. I've shared your feedback internally for further review. You're also welcome to post your question on our re:Post community of experts for additional assistance, here: go.aws/aws-repost. ^RZ
@awssupport 8 ай бұрын
Thanks for your patience! Keys of a Pod Identity's IAM Role session tags aren't configurable by the pod creator and the values are limited to metadata of the workload such as cluster name, namespace name, and pod name among others. Modifying a ConfigMap has no impact on the session tags added to an IAM role session. You can find a full list of these session tags, here: go.aws/42DsYKW. If you'd like to discuss this further, you're welcome to reach out via one of the options mentioned here: go.aws/tech-support. ^ES
@SV-tc8cu 2 ай бұрын
the demos are too fast for someone to pay attention
Containers from the Couch
Рет қаралды 4,7 М.
Amazon Web Services
Рет қаралды 158 М.
Container Camp
Рет қаралды 10 М.
AWS Events
Рет қаралды 8 М.
AWS re:Invent 2023 - Harness the power of Karpenter to scale, optimize & upgrade Kubernetes (CON331)
AWS Events
Рет қаралды 13 М.
Cloud Quick Labs
Рет қаралды 6 М.