Talk With an Expert

Cloud Flight Simulator Part 4: Least Privileged Pods with Kubernetes Workloads

  • Thu, Feb 15, 2024
  • 10:00AM - 11:00AM UTC
  • English
  • Eric Johnson
  • Technical Presentation
Webcast Hero

In the final part of the Cloud Security Flight Simulator series, join SEC540 lead author and instructor Eric Johnson to learn how to enable workload identity for AWS Elastic Kubernetes Service (EKS) and Azure Kubernetes Service (AKS). 

Rather than issuing long-lived credentials to individual pods or inheriting excessive permissions from the node, Kubernetes service accounts can use an internal OpenID Connect (OIDC) provider to obtain a signed identity token (JWT). Then, cloud administrators can configure their identity services (IAM, Entra ID) to trust the Kubernetes cluster's OpenID Connect provider and grant the service account to obtain temporary, least privilege credentials.

Explore the rest of the Cloud Flight Simulator Series:

Meet the speaker

Eric Johnson
Eric Johnson

Eric Johnson

Principal Security Engineer

Eric is a co-founder and principal security engineer at Puma Security focusing on modern static analysis product development and DevSecOps automation. He is co-author and instructor for three SANS Cloud Security courses.

Read more about Eric Johnson