Kubescape AWS integration is based on the official AWS SDK for Go and it supports the default authentication methods based on the local execution context of the CLI:
- In case of EC2 instance using the IAM of EC2 or
- AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables or
- ~/.aws/config file
Make sure that one of them is defined properly in the execution context of Kubescape.
Make sure that this command works
aws eks describe-cluster --name <cluster-name>
Kubescape in-cluster components can be authorized to access AWS-ECR (for container vulnerability scanning) and AWS-EKS (for Kubernetes risk assessment). Both authorizations are supported using IAM roles for service accounts.
We have prepared a ready to use recipe for setting this up, see it here
Updated about 1 year ago