In today’s cloud-native world, securing your Kubernetes environment is paramount. Managed Kubernetes services like Amazon EKS offer convenience, but maintaining robust security requires vigilance.
Enter MKAT, the Managed Kubernetes Auditing Toolkit, your one-stop shop for identifying common security vulnerabilities within your EKS cluster.
Here’s what MKAT can do for you:
- Unveil Trust Relationships:
MKAT sheds light on the connections between your Kubernetes service accounts and AWS IAM roles. It supports both IAM Roles for Service Accounts (IRSA) and Pod Identity, ensuring comprehensive analysis. This helps you understand how pods can potentially assume AWS IAM roles and access resources.
- Hunt Down Hardcoded Credentials: Hardcoded AWS credentials lurking within your Kubernetes resources (Pods, ConfigMaps, Secrets) pose a significant security risk. MKAT scans these resources, with a low false positive rate, to identify instances of both access key IDs and secret access keys. It even delves into unstructured data like JSON or YAML documents to ensure no credentials escape detection.
- Test IMDS Accessibility: Compromised pods accessing the AWS Instance Metadata Service (IMDS) on EKS nodes can be a major security breach. MKAT tests for this vulnerability by creating temporary pods that attempt to access both IMDSv1 and IMDSv2. This allows you to proactively address this potential exploit.
Beyond the Features:
- Effortless Installation:
MKAT provides multiple installation methods, including Homebrew and pre-compiled binaries. Once installed, it leverages your existing AWS and kubectl authentication, making setup a breeze.
- Visualization Power:
MKAT’s trust relationship analysis can be displayed in a clear table format or even exported as a graph (dot language) for visual exploration. This allows you to easily understand the complex web of connections within your cluster.
How Does MKAT Stand Out?
While other tools offer security assessments for Kubernetes, MKAT focuses specifically on managed Kubernetes environments like EKS. It goes beyond basic in-cluster checks and delves into the critical relationship between your cluster and the cloud provider (AWS in this case).
Ready to Secure Your EKS Cluster?
Head over to the MKAT GitHub repository to learn more and download the tool.
Don’t wait! Take control of your EKS security with MKAT.
Reference to the Article- X