terraform-aws-eks icon indicating copy to clipboard operation
terraform-aws-eks copied to clipboard

Published 20 hours ago verified publisher icon cookpad

Stop pods from using the node instance profile

Open errm opened this issue 5 years ago • 4 comments

errm avatar Feb 12 '20 09:02 errm

This is relevant https://docs.aws.amazon.com/eks/latest/userguide/restrict-ec2-credential-access.html

errm avatar Feb 18 '20 15:02 errm

I suspect if we did this it would stop the node termination handler accessing the metadata service... could we find a workaround?

errm avatar Feb 26 '20 16:02 errm

https://docs.aws.amazon.com/eks/latest/userguide/best-practices-security.html#restrict-ec2-credential-access

errm avatar Oct 30 '20 22:10 errm

Before we can make this change we have to check that anything not running in the host network that needs IAM permissions, and is currently relying on them.

I think the CNI plugin might ... but we would need to check!

errm avatar Nov 05 '20 16:11 errm