Simplified EKS access https://aws.amazon.com/about-aws/whats-new/2023/12/amazon-eks-controls-iam-cluster-access-management/ https://aws.amazon.com/blogs/containers/a-deep-dive-into-simplified-amazon-eks-access-management-controls/ https://github.com/hashicorp/terraform-provider-aws/issues/34982
Keep the cloud provider platform secure Least privilege Secure traffic into cluster Run security test in development environments Mirror environments Cluster authentication & authorization Leverage OIDC for k8s authentication RBAC - define roles In cluster network/security/micro segmentation Prevent namespace-to-namespace communication Network policy Policy & Governance k8s admission controllers Read only Non-privileges ports Runtime security & monitoring...
Amazon Elastic Kubernetes Service (Amazon EKS) now supports using the Amazon EKS console, CLI, and API to install and manage CoreDNS and kube-proxy in addition to existing support for the Amazon VPC CNI networking plugin. https://aws.amazon.com/about-aws/whats-new/2021/05/eks-add-ons-now-support-coredns-kube-proxy/ https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html
Full list of videos from KubeCon 2021 Europe https://www.youtube.com/playlist?list=PLj6h78yzYM2MqBm19mRz9SYLsw4kfQBrC
How to use AWS Secrets & Configuration Provider with your Kubernetes Secrets Store CSI driver. One more example of kubernetes secrets management among vault, external-secrets and 1password operator 😅 https://aws.amazon.com/blogs/security/how-to-use-aws-secrets-configuration-provider-with-kubernetes-secrets-store-csi-driver/