Airbnb: Securing Multi-Tenant Kubernetes Clusters at Scale

Опубликовано 24 февраля 2022, 20:38

Airbnb enables a multi-tenant, fine-grained Security Access Control to their Kubernetes Control Plane architecture. To locks down the security controls, Airbnb runs Kubernetes on Amazon EC2 and leverages AWS Security Token Service (STS) tokens to inject the IAM role into the cluster. Airbnb further refines the access controls with the IAM role to the PODs for least privileged access. For better observatory, Airbnb audits what roles that the pods have by using Amazon CloudTrail that feeds into Amazon ElasticSearch for visualizations and insights. As a result, Airbnb has a better security posture and operational efficiency.

Check out more resources for architecting in the #AWS​​​ cloud:
amzn.to/2ZIbygO

#AWS #AmazonWebServices #CloudComputing #ThisIsMyArchitecture