Vendor services misconfigurations

Minimize cluster access to read-only for Amazon ECR

Platform(s)
Compliance Frameworks
  • Brazilian General Data Protection (LGPD)
  • ,
  • CCPA
  • ,
  • CPRA
  • ,
  • Data Security Posture Management (DSPM) Best Practices
  • ,
  • EKS CIS
  • ,
  • GDPR
  • ,
  • iso_27001_2022
  • ,
  • iso_27002_2022
  • ,
  • Mitre ATT&CK
  • ,
  • PDPA
  • ,
  • UK Cyber Essentials

Description

The EKS Cluster Service Account only requires pull access to containers to deploy onto Amazon EKS. Restricting permissions follows the principles of least privilege and prevents credentials from being abused beyond the required role.