Cloud Conformity Real-Time Threat Monitoring and Analysis (RTMA) engine has detected configuration changes performed at the AWS EKS service level, in your AWS account.
Amazon Elastic Container Service for Kubernetes (Amazon EKS) is a managed service provided by Amazon Web Services that simplifies the use of Kubernetes on AWS cloud without the need to install and operate your own Kubernetes control plane (i.e. the main controlling unit of the Kubernetes cluster). With Amazon EKS you can deploy, manage and scale containerized applications using Kubernetes in AWS cloud. Kubernetes is a popular open-source container-orchestration software designed for automating deployment, scaling and management of containerized applications. Kubernetes groups containers together for management and discoverability, then launches them onto clusters of EC2 instances. With Kubernetes you can run containerized applications including microservices, batch processing workers and Platforms as a Service (PaaS) using the same toolset on premises and in the cloud. Its main purpose is to provide better ways of managing related, distributed components and services across varied infrastructure. AWS EKS service works by provisioning and managing the Kubernetes control plane for you. Kubernetes consists of two major components: a cluster of worker nodes that run your containers and a control plane that manages when and where containers are provisioning on your cluster, and monitors their status. Without AWS EKS, you have to run and manage both the Kubernetes control plane and the cluster of worker nodes by yourself. With Amazon EKS - Managed Kubernetes Service, you provision your cluster of worker nodes using the provided AMI and the predefined CloudFormation template, and AWS handles the rest – i.e. provisioning, scaling and managing the Kubernetes control plane within a secure, highly available configuration. EKS removes the most important operational responsibilities for running Kubernetes in order to allow you to focus on building your applications instead of managing AWS cloud infrastructure. To offer the best scalability and security for your cloud applications, the EKS service integrates with many other AWS services such as Elastic Load Balancing for load distribution, IAM for authentication and authorization, AWS VPC for network isolation, AWS PrivateLink for private network access and AWS CloudTrail for logging.
As an AWS security best practice, you have to know about each configuration changes made at the Amazon EKS service level. The operational activity detected by this RTMA rule can be any root/IAM user request initiated through AWS Management Console or any AWS API request initiated programmatically using AWS CLI or SDKs, that triggers Amazon EKS service actions such as:
According to Shared Responsibility Model, Amazon Web Services is responsible for Kubernetes control plane, which includes the control plane instances and the etcd database. On the other hand, your responsibilities include, among others, the security configuration of the data plan, which contains the configuration of the security groups that allow traffic to pass from the AWS EKS control plane into your VPC network, the configuration of the worker instances (nodes) and the containers themselves. Therefore, using Cloud Conformity RTMA feature to detect Amazon Elastic Container Service for Kubernetes (EKS) configuration changes will help you prevent any accidental or intentional modifications that may lead to unauthorized access to your data, unexpected costs on your AWS bill or other security issues that can heavily impact your applications.