Amazon Web Services integration
Kubescape CLI integration
Setup
Kubescape AWS integration is based on the official AWS SDK for Go and it supports the default authentication methods based on the local execution context of the CLI:
- In case of EC2 instance using the IAM of EC2 or
- AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables or
- ~/.aws/config file
Make sure that one of them is defined properly in the execution context of Kubescape.
Troubleshooting
Make sure that this command works
aws eks describe-cluster --name <cluster-name>
Kubescape in-cluster integration
Kubescape in-cluster components can be authorized to access AWS-ECR (for container vulnerability scanning) and AWS-EKS (for Kubernetes risk assessment). Both authorizations are supported using IAM roles for service accounts.
We have prepared a ready to use recipe for setting this up, see it here
Updated over 1 year ago