Cloud Flight Simulator Part 4: Least Privileged Pods with Kubernetes Workloads
In the final part of the Cloud Security Flight Simulator series, join SEC540 lead author and instructor Eric Johnson to learn how to enable workload identity for AWS Elastic Kubernetes Service (EKS) and Azure Kubernetes Service (AKS).
Rather than issuing long-lived credentials to individual pods or inheriting excessive permissions from the node, Kubernetes service accounts can use an internal OpenID Connect (OIDC) provider to obtain a signed identity token (JWT). Then, cloud administrators can configure their identity services (IAM, Entra ID) to trust the Kubernetes cluster's OpenID Connect provider and grant the service account to obtain temporary, least privilege credentials.
Explore the rest of the Cloud Flight Simulator Series:
Speaker and Presenter Information
Relevant Government Agencies
Other Federal Agencies, Federal Government, State & Local Government
Event Type
Webcast
When
Thu, Feb 15, 2024, 10:00am
ET
Cost
Complimentary: $ 0.00
Website
Click here to visit event website
Organizer
SANS Institute