homepage
Open menu
Contact Sales

Cloud Flight Simulator Part 4: Least Privileged Pods with Kubernetes Workloads

  • Thursday, 15 Feb 2024 10:00AM EST (15 Feb 2024 15:00 UTC)
  • Speaker: Eric Johnson

In the final part of the Cloud Security Flight Simulator series, join SEC540 lead author and instructor Eric Johnson to learn how to enable workload identity for AWS Elastic Kubernetes Service (EKS) and Azure Kubernetes Service (AKS). 

Rather than issuing long-lived credentials to individual pods or inheriting excessive permissions from the node, Kubernetes service accounts can use an internal OpenID Connect (OIDC) provider to obtain a signed identity token (JWT). Then, cloud administrators can configure their identity services (IAM, Entra ID) to trust the Kubernetes cluster's OpenID Connect provider and grant the service account to obtain temporary, least privilege credentials.

Explore the rest of the Cloud Flight Simulator Series:

Login to Register

Related Content

Blog
CLD_-_Aviata_Cloud_Solo_Flight_Challenge_-_General_-_Workshop_340_x_340.jpg
Cloud Security
Aviata Cloud Solo Flight Challenge
Master cloud security by tackling this free series of workshops.
Cloud_Ace_Final.png
SANS Cloud Security
read more
Blog
N2C_blog_image.png
Security Awareness, Cybersecurity Leadership, Cloud Security, Open-Source Intelligence (OSINT), Industrial Control Systems Security, Digital Forensics, Incident Response & Threat Hunting, Cybersecurity and IT Essentials, Cyber Defense, Offensive Operations, Pen Testing, and Red Teaming, Artificial Intelligence (AI)
A Visual Summary of SANS New2Cyber Summit 2024
Check out these graphic recordings created in real-time throughout the event for SANS New2Cyber Summit 2024
370x370-person-placeholder.png
Alison Kim
read more
Blog
CLD_-_Blog_-_Prevent_Cloud_Incidents_from_Becoming_Cloud_Breaches_340_x_340.jpg
Cloud Security
Prevent Cloud Incidents from Becoming Cloud Breaches
Explore the mission of the newly renamed SEC510: Cloud Security Controls and Mitigations.
BrandonEvans_Headshot_370x370.png
Brandon Evans
read more