Analyze any Kubernetes service account that has a projected SA token with sts.amazonaws.com audience

DataDog / managed-kubernetes-auditing-toolkit

All-in-one auditing toolkit for identifying common security issues in managed Kubernetes environments. Currently supports Amazon EKS.

Apache License 2.0

319 stars 18 forks source link

Closed christophetd closed 1 year ago

christophetd commented 1 year ago

We should not necessarily only be looking at service accounts that have the EKS annotation.

christophetd commented 1 year ago

Also need to take into account if the trust policy doesn't check for the sts audience