Lateral movement

Aws IAM role with administrator-like permissions in EKS Cluster’s namespace scope

  • N/A


Amazon EKS uses IAM to provide authentication to your Kubernetes cluster, but it still relies on native Kubernetes Role Based Access Control (RBAC) for authorization. This means that an AWS IAM entity can get authorized to communicate with the API server. Orca has detected that the IAM Role {AwsIamRole} connected to {AwsIamRole.K8sRoles} K8s role that has administrative (all verbs on all resources) privileges in the {AwsIamRole.K8sRoles.Namespace} namespace. An attacker with this IAM role can access Kubernetes API and perform any arbitrary actions on it that is scoped to {AwsIamRole.K8sRole.Namespace} namespace.