Cloud function with public invoker privileges
GCP cloud function {GcpCloudFunction} was detected running with public invoker privileges, allowing any user on the internet to invoke the...
All articles by Orca Security
RDS database instance has IAM database authentication disabled
The IAM database authentication feature is disabled for the RDS instance {AwsRdsDbInstance}. With the feature enabled, AWS RDS generates a...
Elastic Beanstalk environment managed platform updates is disabled
Elastic Beanstalk (EB) allows you to deploy and manage an application without having to deal with the infrastructure that runs...
GKE Nodepool creating nodes without GKE Metadata Server
Every node stores its metadata on a metadata server. Some of this metadata, such as kubelet credentials and the VM...
GKE using Legacy Authorization (ABAC)
Legacy Authorization, also known as Attribute-Based Access Control (ABAC) has been superseded by Role-Based Access Control (RBAC) and is not...
EKS Cluster with enabled Public Endpoint or disabled Private Endpoint
In a private cluster, the master node has two endpoints, a private and public endpoint. The private endpoint is the...
EKS Node with public IP address
Orca has detected that the EKS node {K8sNode} has a public IP address. Disabling public IP addresses on cluster nodes...
EKS Cluster without Fargate Profiles
Orca has detected that the EKS Cluster {AwsEksCluster} does not utilize Fargate in order to run its tasks. If you...
Minimize cluster access to read-only for Amazon ECR
The EKS Cluster Service Account only requires pull access to containers to deploy onto Amazon EKS. Restricting permissions follows the...
Personalized Demo
See Orca Security in Action
Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.