Ensure that your Azure Kubernetes Service (AKS) clusters are integrated with Microsoft Entra ID in order to provide granular access to EKS resources.
excellence
Interacting with the API server is essential for managing an Elastic Kubernetes Service (EKS) cluster. It is crucial to secure access to the API server and restrict it to authorized users only. Integrating Microsoft Entra ID with an EKS cluster streamlines identity and access management by leveraging AAD's centralized authentication and RBAC capabilities. This type of integration enhances security, simplifies user management, and allows for consistent identity controls across both platforms, improving overall operational efficiency and reducing the complexity of managing access to the EKS cluster.
Audit
To determine if Microsoft Entra ID integration is enabled for your AKS clusters, perform the following operations:
Remediation / Resolution
To enable Microsoft Entra ID integration for your Azure Kubernetes Service (AKS) clusters, perform the following operations:
References
- Azure Official Documentation
- Access an Azure Kubernetes Service (AKS) API server
- AKS-managed Microsoft Entra ID integration
- Baseline architecture for an Azure Kubernetes Service (AKS) cluster
- Azure PowerShell Documentation
- az aks list
- az aks show
- az aks update
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Use Microsoft Entra ID Integration for AKS Clusters
Risk Level: High