pacu icon indicating copy to clipboard operation
pacu copied to clipboard

Published 20 hours ago verified publisher icon RhinoSecurityLabs

EKS - Permissions

Open random-robbie opened this issue 5 years ago • 2 comments

I would love for this to check to the EKS permissions for managed k8s

Describe the solution you'd like during the checks or a new check to see if there are any k8s associated with the keys. if so this would allow full control and it should be possible to generate the kubectl config and allow full cluster control

AVAILABLE COMMANDS
       o create-cluster

       o delete-cluster

       o describe-cluster

       o help

       o list-clusters

       o update-kubeconfig

Describe alternatives you've considered manually checking eks

random-robbie avatar May 01 '19 05:05 random-robbie

Would there be anything else beyond just identifying those permissions? It would be easy to alert when those permissions are located, but maybe another module would check for them and then try to list clusters, then generate a kubectl config?

SpenGietz avatar May 01 '20 19:05 SpenGietz

That would be ideal listing permissions for eks and listing all clusters and generating the kube-config so you could the decide which one to take control over. It would also help flush out all the secrets from the eks clusters.

random-robbie avatar May 01 '20 20:05 random-robbie

There was a eks__enum module added at some point. Assuming this covers this use case? https://github.com/RhinoSecurityLabs/pacu/blob/master/pacu/modules/eks__enum/main.py

DaveYesland avatar Jan 05 '24 17:01 DaveYesland