Amazon Web Services integration

Kubescape CLI integration

Setup

Kubescape AWS integration is based on the official AWS SDK for Go and it supports the default authentication methods based on the local execution context of the CLI:

  • In case of EC2 instance using the IAM of EC2 or
  • AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables or
  • ~/.aws/config file

Make sure that one of them is defined properly in the execution context of Kubescape.

Troubleshooting

Make sure that this command works

aws eks describe-cluster --name <cluster-name>

Kubescape in-cluster integration

Kubescape in-cluster components can be authorized to access AWS-ECR (for container vulnerability scanning) and AWS-EKS (for Kubernetes risk assessment). Both authorizations are supported using IAM roles for service accounts.

We have prepared a ready to use recipe for setting this up, see it here