EKS Cluster Access Manager API should be enabled

eks
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

Amazon EKS recommends using the Cluster Access Manager API for managing EKS cluster access, replacing the aws-auth ConfigMap. This new API simplifies Role-Based Access Control (RBAC) and Service Account management by allowing direct control via the EKS API, reducing manual configuration and the risk of errors. It also enhances security by enabling the assignment of predefined AWS-managed Kubernetes permissions to IAM principals, offering improved visibility and auditing capabilities.

Note: EKS Cluster Access Manager API is only available in EKS version 1.23 and above. Clusters running earlier EKS versions will not be assessed by this control.

Remediation

For guidance on configuring EKS cluster access, refer to the Grant IAM users and roles access to Kubernetes APIs section of the Amazon EKS User Guide.