Skip to content

Commit

Permalink
add eks:node-manager to allowed_k8s_users list
Browse files Browse the repository at this point in the history 
eks:node-manager  is an Amazon EKS internal service role that performs specific operations for managed node groups and Fargate.
Reference: https://github.com/awsdocs/amazon-eks-user-guide/blob/master/doc_source/logging-monitoring.md
Related falco log

```
{"output":"10:56:31.181308928: Warning K8s Operation performed by user not in allowed list of users
 (user=eks:node-manager target=aws-auth/configmaps verb=get uri=/api/v1/namespaces/kube-system/configmaps/aws-auth?timeout=19s resp=200)","priority":"Warning","rule":"Disallowed K8s User","time":"2021-01-26T10:56:31.181308928Z", "output_fields":
{"jevt.time":"10:56:31.181308928","ka.response.code":"200","ka.target.name":"aws-auth","ka.target.resource":"configmaps","ka.uri":"/api/v1/namespaces/kube-system/configmaps/aws-auth?timeout=19s","ka.user.name":"eks:node-manager","ka.verb":"get"}}
```

Signed-off-by: ismailyenigul <ismailyenigul@gmail.com>
  • Loading branch information
@ismailyenigul @poiana
ismailyenigul authored and poiana committed Feb 4, 2021
1 parent 19fe724 commit 959811a
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion rules/k8s_audit_rules.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,8 @@
vertical_pod_autoscaler_users,
cluster-autoscaler,
"system:addon-manager",
"cloud-controller-manager"
"cloud-controller-manager",
"eks:node-manager"
]

- rule: Disallowed K8s User
Expand Down

0 comments on commit 959811a

Please sign in to comment.