Cloudanix home page

Community
Login
Login

AWS Introduction

Security of your AWS Account

AWS Pricing

AWS Services which determine your cost

AWS Threats

Getting Started with AWS Realtime Events

AWS Misconfigurations

Getting Started with AWS Audit
Permissions required for Misconfigurations Detection
API Gateway Audit
Cloudformation Audit
CloudFront Audit
CloudTrail Audit
Cloudwatch Audit
DynamoDB Audit
EC2 Audit
Elastic Search Audit
ELB Audit
IAM Audit
KMS Audit
Kubernetes Audit
Lambda Audit
RDS Audit
Redshift Audit
Route53 Audit
S3 Audit
Security Groups Audit
SES Audit
SNS Audit
IAM Deep Dive
App Sync Audit
Code Build Audit
Open Search Audit
Shield Audit
SQS Audit

On this page

Checks Performed

Kubernetes Misconfig for AWS

Checks Performed

Apply Security Context to Your Pods and Containers
Consider External Secret Storage
Consider Fargate Running Untrusted Workloads
Create Administrative Boundaries Between Resources Using Namespaces
Default Namespace Should Not Be Used
Enable Audit Logs
Encrypt Traffic HTTPS Load Balancers with TLS Certificates
Ensure All Namespaces Have Network Policies Defined
Ensure Authorization Mode Argument is Not Always Allow
Ensure Client CA File Argument is Set as Appropriate
Ensure Cluster Admin Role Only Used Where Required
Ensure Clusters are Created Private Nodes
Ensure Clusters Private Endpoint Enabled and Public Access Disabled
Ensure Default Service Accounts are Not Actively Used
Ensure EventRecordQPS Argument Set 0 Level Which Ensures Appropriate Event Capture
Ensure Hostname Override Argument is Not Set
Ensure Image Vulnerability Scanning Enabled ECR or Third Party
Ensure Kubeconfig File Permissions are Restrictive
Ensure Kubelet Configuration File Has Permissions Restrictive
Ensure Kubelet Configuration File Ownership Set Root
Ensure Kubelet Kubeconfig File Ownership Set Root
Ensure Kubernetes Secrets Encrypted Customer Master AWS KMS
Ensure Latest CNI Version is Used
Ensure Make IPTables Util Chains Argument is Enabled
Ensure Network Policy is Enabled Appropriate
Ensure Protect Kernel Defaults Argument is Enabled
Ensure Read Only Port is Secured
Ensure Rotate Certificates Argument is Not Disabled
Ensure Rotate Kubelet Server Certificate Argument is Enabled
Ensure Service Account Tokens Mounted Where Necessary
Ensure Streaming Connection Idle Timeout Argument Not Set to 0
Ensure That the Anonymous Auth Argument Set Disabled
Manage Kubernetes RBAC Users with AWS IAM Authenticator Kubernetes
Minimize Access Create Pods
Minimize Access Secrets
Minimize Admission Containers Wishing Share Host IPC Namespace
Minimize Admission Containers Wishing Share Host Network Namespace
Minimize Admission Containers Wishing Share Host Process ID Namespace
Minimize Admission Privileged Containers
Minimize Cluster Access Read Only Amazon ECR
Minimize Container Registries Only Those Approved
Minimize the Admission Containers with Added Capabilities
Minimize the Admission Containers with Allow Privilege Escalation
Minimize the Admission Containers with Capabilities Assigned
Minimize the Admission Containers with Net Raw Capability
Minimize the Admission Root Containers
Minimize User Access Amazon ECR
Minimize Wildcard Roles Cluster Roles
Prefer Container Optimize OS When Possible
Prefer Using Managed Identities Workloads
Prefer Using Secrets Files Over Secrets Environment Variables
Restrict Access to Control Plane Endpoint

Powered by Mintlify

Assistant

Responses are generated using AI and may contain mistakes.