Appropriate built-in roles are used to restrict access. The reference implementation uses service-assigned managed identity of the AKS agent pool ("Kubelet identity") to access the global Azure Container Registry and stamp's Azure Key Vault. Using managed identities is preferred if the Azure service supports that capability.
To improve the security of a mission-critical workload, where possible, avoid using service-based secrets, such as connection strings or API keys. The AKS Kubelet identity has only the AcrPull permission to access the global Container Registry.The service principal for AKS agent pool has only Get and List permissions for Secrets in Key Vault, no more.That access level ensures that every pod has only the minimum access required to fulfill its function. Each application component that works with Event Hubs uses a connection string with either Listen ( BackgroundProcessor), or Send ( CatalogService) permissions.Those decisions depend on the workload and each component's functionality should be reflected when deciding the access level that should be assigned.Įxamples from the Azure Mission-critical reference implementation: Frontend APIs don't usually get messages from the message broker and backend workers don't necessarily send new messages to the broker. Kubernetes clusters don't push container images into a registry, but GitHub workflows might. Developers typically don't need access to the production infrastructure, but the deployment pipeline needs full access. Least privilege accessĬonfigure access policies such that users and applications get the minimal level of access needed to fulfill their function. Some strategies include, using managed identity providers, avoiding custom identity management, using passwordless authentication whenever possible, and so on. If your application requires user authentication and account management, follow the principles outlined in Microsoft Well-Architected Framework. Advanced scenarios such as user authentication and user roles are beyond the scope of the baseline architecture. Identity and access managementĪt the application level, this architecture uses a simple authentication scheme based on API keys for some restricted operations, such as creating catalog items or deleting comments. We highly recommend that you extend the controls in your implementation as per the guidance provided in Misson-critical guidance in Well-Architected Framework: Security. Your business requirements might call for more security measures.
0 kommentar(er)
