Это видео недоступно.
Сожалеем об этом.
AWS re:Invent 2023 - Securing Kubernetes workloads in Amazon EKS (CON335)
HTML-код
- Опубликовано: 2 дек 2023
- In this session, learn about features that can help you secure your Amazon EKS clusters. Get guidance on how security practitioners and cluster administrators can protect information, systems, and assets that are reliant on Amazon EKS, while delivering business value to their customers. This session covers security guidance specific to Amazon EKS on managing access to Kubernetes, AWS Identity and Access Management (IAM), and network security.
Learn more about AWS re:Invent at go.aws/46iuzGv.
Subscribe:
More AWS videos: bit.ly/2O3zS75
More AWS events videos: bit.ly/316g9t4
ABOUT AWS
Amazon Web Services (AWS) hosts events, both online and in-person, bringing the cloud computing community together to connect, collaborate, and learn from AWS experts.
AWS is the world's most comprehensive and broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. Millions of customers-including the fastest-growing startups, largest enterprises, and leading government agencies-are using AWS to lower costs, become more agile, and innovate faster.
#AWSreInvent #AWSreInvent2023
![Gunna - today i did good [Official Video]](http://i.ytimg.com/vi/ulGLk8TaXcI/mqdefault.jpg)
really excited
the demos are too fast for someone to pay attention
How does this avoid the OIDC creation when the cluster is created? Or is this currently limited by the account limit on OIDC providers (100 by default)?
Hello there! From what I could find an OIDC provider is a prerequisite to use Amazon EBS with EKS cluster & does have the account limit you mentioned: go.aws/3SlAoil & go.aws/3Um0Av1. If needed, I suggest engaging with our community of developers on re:Post for further clarification: go.aws/aws-repost. 📮 ^RN
I feel like the tags conditions are not ideal, for example if someone just changes those values in the configmap of the deployment it can get permissions to other things. And what prevents that?
Hi there! Thank you for the feedback provided. I've shared your feedback internally for further review. You're also welcome to post your question on our re:Post community of experts for additional assistance, here: go.aws/aws-repost. ^RZ
Thanks for your patience! Keys of a Pod Identity's IAM Role session tags aren't configurable by the pod creator and the values are limited to metadata of the workload such as cluster name, namespace name, and pod name among others. Modifying a ConfigMap has no impact on the session tags added to an IAM role session. You can find a full list of these session tags, here: go.aws/42DsYKW. If you'd like to discuss this further, you're welcome to reach out via one of the options mentioned here: go.aws/tech-support. ^ES