EKS Cluster Access Manager API should be enabled

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

Description

Amazon EKS recommends using the Cluster Access Manager API for managing EKS cluster access, replacing the aws-auth ConfigMap. This new API simplifies Role-Based Access Control (RBAC) and Service Account management by allowing direct control via the EKS API, reducing manual configuration and the risk of errors. It also enhances security by enabling the assignment of predefined AWS-managed Kubernetes permissions to IAM principals, offering improved visibility and auditing capabilities.

Note: EKS Cluster Access Manager API is only available in EKS version 1.23 and above. Clusters running earlier EKS versions will not be assessed by this control.

Remediation

For guidance on configuring EKS cluster access, refer to the Grant IAM users and roles access to Kubernetes APIs section of the Amazon EKS User Guide.