Ensure that your Amazon EKS clusters are configured to use an OpenID Connect (OIDC) provider for authenticating Kubernetes API calls.
excellence
Utilizing an OIDC provider to authenticate Kubernetes API calls within Amazon EKS clusters boosts security measures, streamlines integration with external identity providers, empowers precise access control, streamlines user management processes, and aids in meeting compliance standards.
Audit
To determine if your Amazon EKS clusters are using an OIDC provider, perform the following operations:
Remediation / Resolution
To ensure that your Amazon EKS clusters are using an OpenID Connect (OIDC) provider, perform the following operations:
References
- AWS Documentation
- Amazon EKS FAQs
- Amazon EKS clusters
- Creating an IAM OIDC provider for your cluster
- Creating OpenID Connect (OIDC) identity providers
- Obtaining the thumbprint for an OpenID Connect Identity Provider
- AWS Command Line Interface (CLI) Documentation
- list-clusters
- describe-cluster
- list-open-id-connect-providers
- create-open-id-connect-provider
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Use OIDC Provider for Authenticating Kubernetes API Calls
Risk Level: High