AWS Best Practices

  1. Manage identity and access using the principles of least privilege

    1. Authenticate via single sign-on (SSO) & enable MFA within the SSO provider.

      • If not using SSO & MFA, set complex local passwords.

    2. Separate admin accounts from normal user accounts.

    3. Limit cluster creation rights/permissions.

    4. Store and use Personal Access Tokens (PAT) securely.

    5. Cross-account IAM role configuration.

  2. Protect data in-transit

    • Use AWS Private Link

  3. Secure your EKS cluster & network

    1. Use enable external ingress to Clusters only for required users/IPs

    2. Use EKS Authorized Networks to provide EKS management API access only to e6data IPs.

    3. Implement network exfiltration protections.

    4. Apply EKS service controls.

    5. Use VPC endpoint policies.

    6. Configure PrivateLink

  4. Use EKS best practices when deploying workspaces

    • Add tags for cost monitoring

Last updated

#930: Cross account hive GCP

Change request updated