Lateral movement

Aws IAM role connected to K8s Role with the ability to read secrets

Platform(s)

  • N/A

Description

Amazon EKS uses IAM to provide authentication to your Kubernetes cluster, but it still relies on native Kubernetes Role Based Access Control (RBAC) for authorization. This means that an AWS IAM entity can get authorized to communicate with the API server. Orca has detected that the IAM role {AwsIamRole} is connected to the K8s role {AwsIamRole.K8sRoles} that allows reading secrets in {AwsIamRole.K8sRoles.Namespace} namespace. An attacker with access to the AWS IAM role can extract the service account tokens of other service accounts in the cluster and impersonate them as well as having access to sensitive data stored in secrets in {AwsIamRole.K8sRoles.K8sCluster} cluster.
Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.