Cloud Infrastructure Automation and Role-Based Access Governance in Azure Kubernetes Services
Main Article Content
Abstract
Cloud solutions are making inroads on the learning curve; the need for automated infrastructure admin and good security admin is nothing new. But to get this scalable, container orchestration service securely and compliant to production and then sustain it will be challenging.Getting access and controlling access to this scalable, container orchestration service shouldn't be too hard – Azure Kubernetes Service (AKS) – and it'll be possible to comply with strict security needs. It explains in detail how in an AKS deployment, cloud RBAC is deployed and configured—with a lot of infrastructure automation, which can greatly facilitate deployment—and why it offers fine-grained access management. The objective of the study is to have the automatic provisioning of AKS clusters, and creation of dynamically generated RBAC policy applying path of Infrastructure as Code (IaC). Consistent environment configuration and least-privilege access along the framework is offered with Azure Resource Manager (ARM) templates, Terraform scripts and Kubernetes infrastructure capabilities called Role Based Access Control (RBAC). The field test has definitely demonstrated its ability to decrease the chances of manual configuration mistakes, shorten deployment cycles and increase the security of unauthorized access. The capabilities of the free version are live pattern auditing and it boosts a whole slew of other patterns such as the Azure identity management pattern, Azure Active Directory (AD). Key learnings were the necessity for a holistic view in the roadmap to operations to automation as it relates to a cloud first approach, and the need for more agility and being more security-effective from operations. In this study, they actually brought a viable idea to the businesses that have the chance to deploy and optimise AKS without having to violate any of their policies and rules for security.
Article Details
Section
How to Cite
References
[1] Microsoft, "Azure Kubernetes Service (AKS) Entra ID Authorization," Microsoft Docs, 2022. [Online]. Available: https://learn.microsoft.com/en-us/azure/aks/entra-id-authorization.
[2] Trend Micro, "Enabling Azure RBAC for Kubernetes Authorization," Trend Micro Knowledge Base, 2021. [Online]. Available: https://trendmicro.com/trendaivisiononecloudriskmanagement/knowledge-base/azure/AKS/enable-azure-rbac.html.
[3] Cloud Native Computing Foundation, "Cloud Native Computing Foundation Overview," 2022. [Online]. Available: https://en.wikipedia.org/wiki/Cloud_Native_Computing_Foundation.
[4] IBM, "What Is Cloud Computing?," IBM, 2021. [Online]. Available: https://www.ibm.com/think/topics/cloud-computing.
[5] Microsoft, “Best practices for Azure Kubernetes Service (AKS),” Microsoft Docs, Aug. 23, 2024. [Online]. Available: https://learn.microsoft.com/en-us/azure/aks/best-practices.
[6] National Institute of Standards and Technology, “Role Based Access Control | CSRC,” NIST, Nov. 21, 2016. [Online]. Available: https://csrc.nist.gov/projects/role-based-access-control.
[7] IBM, “What Is Role Based Access Control (RBAC)?,” IBM, 2022. [Online]. Available: https://www.ibm.com/think/topics/rbac.
[8] Microsoft Q&A, “Authentication and Authorization in AKS Cluster?”, Microsoft Learn Q&A, Sep. 20, 2022. [Online]. Available: https://learn.microsoft.com/en-us/answers/questions/1015449/authentication-and-authorization-in-aks-cluster-be.
[9] Microsoft Tech Community, “Best practices to harden your AKS environment,” Microsoft Blog, Oct. 29, 2022. [Online]. Available: https://techcommunity.microsoft.com/blog/azuredevcommunityblog/best-practices-to-harden-your-aks-environment/3665659.
[10] Cloud Security Alliance, “Kubernetes Security Best Practices: Definitive Guide,” Cloud Security Alliance Blog, Mar. 3, 2022. [Online]. Available: https://cloudsecurityalliance.org/blog/2022/03/03/kubernetes-security-best-practices-definitive-guide