homepage
Open menu
Talk with an expert

Cloud Flight Simulator Part 4: Least Privileged Pods with Kubernetes Workloads

  • Thursday, 15 Feb 2024 10:00AM EST (15 Feb 2024 15:00 UTC)
  • Speaker: Eric Johnson

In the final part of the Cloud Security Flight Simulator series, join SEC540 lead author and instructor Eric Johnson to learn how to enable workload identity for AWS Elastic Kubernetes Service (EKS) and Azure Kubernetes Service (AKS). 

Rather than issuing long-lived credentials to individual pods or inheriting excessive permissions from the node, Kubernetes service accounts can use an internal OpenID Connect (OIDC) provider to obtain a signed identity token (JWT). Then, cloud administrators can configure their identity services (IAM, Entra ID) to trust the Kubernetes cluster's OpenID Connect provider and grant the service account to obtain temporary, least privilege credentials.

Explore the rest of the Cloud Flight Simulator Series:

Login to Register

Related Content

Blog
CLD_-_Aviata_Cloud_Solo_Flight_Challenge_-_General_-_Workshop_340_x_340.jpg
Cloud Security
Aviata Cloud Solo Flight Challenge
Master cloud security by tackling this free series of workshops.
Cloud_Ace_Final.png
SANS Cloud Security
read more
Blog
WhySANS_CloudWebcast_Batch3_340x340_003.jpg
Cloud Security
Cloud Security Strategy: First Principles and Future Opportunities (Part 3 of 5), Modernizing Identity: Navigating Challenges and Embracing Cloud Solutions
Legacy systems pose significant challenges in today’s cloud landscape.
Cloud_Ace_Final.png
SANS Cloud Security
read more
Blog
WhySANS_CloudWebcast_Batch3_340x340_002b.jpg
Cloud Security
Cloud Security Strategy: First Principles and Future Opportunities (Part 2 of 5), Secure by Design: Elevating Security Beyond Defaults
The Secure by Design approach benefits organizations by building long-term security and sustainability into their systems.
Cloud_Ace_Final.png
SANS Cloud Security
read more