GKE using Legacy Authorization (ABAC) - Complete Cloud Security in Minutes - Orca Security

Vendor services misconfigurations

GKE using Legacy Authorization (ABAC)

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

GKE CIS

Description

Legacy Authorization, also known as Attribute-Based Access Control (ABAC) has been superseded by Role-Based Access Control (RBAC) and is not under active development. RBAC is the recommended way to manage permissions in Kubernetes. It was detected that {GcpGkeCluster} uses ABAC instead of RBAC.

Recommended Mitigation

It is recommended to disable Legacy Authorization on {GcpGkeCluster}. For more info: https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control, https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#leave_abac_disabled_default_for_110

See Orca in action

See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.