Guide to the Secure Configuration of Amazon Elastic Kubernetes Service
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Root of files obtained from OCP nodes
When scanning OpenShift clusters, some settings are not exposed as files. In the case that they are exported from the cluster (typically as yaml files), this variable determines the directory where...Value -
Kubernetes Settings
Each section of this configuration guide includes information about the configuration of a Kubernetes cluster and a set of recommendations for hardening the configuration. For each hardening recomm...Group -
Kubernetes - Account and Access Control
In traditional Unix security, if an attacker gains shell access to a certain login account, they can perform any action or access any file to which that account has access. The same idea applies to...Group -
Use Dedicated Service Accounts
Kubernetes workloads should not use cluster node service accounts to authenticate to Amazon EKS APIs. Each Kubernetes workload that needs to authenticate to other AWS services using AWS IAM should ...Rule Unknown Severity -
Authentication
In cloud workloads, there are many ways to create and configure to multiple authentication services. Some of these authentication methods by not be secure or common methodologies, or they may not b...Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules