aws-cloudwatch-metrics
v0.0.11
1 Service Accounts
1 Workloads
13 Bindings
1 Critical
12 Low
Description
A Helm chart to deploy aws-cloudwatch-metrics project
Overview
| Identity | Namespace | Automount | Secrets | Permissions | Workloads | Risk |
|---|---|---|---|---|---|---|
aws-cloudwatch-metrics | default | ❌ | — | 13 | 1 | Critical |
Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.
Identities
🤖 aws-cloudwatch-metrics
Namespace: default | Automount: ❌
🔑 Permissions (13)
| Role | Resource | Verbs | Risk | Tags |
|---|---|---|---|---|
ClusterRole aws-cloudwatch-metrics | core/nodes/proxy | get | Critical | ClusterAdminAccess CodeExecution ElevationOfPrivilege LateralMovement (+1 more) |
ClusterRole aws-cloudwatch-metrics | core/configmaps | create | Low | |
ClusterRole aws-cloudwatch-metrics | apps/daemonsets | list · watch | Low | |
ClusterRole aws-cloudwatch-metrics | apps/deployments | list · watch | Low | |
ClusterRole aws-cloudwatch-metrics | core/endpoints | list · watch | Low | |
ClusterRole aws-cloudwatch-metrics | core/events | create | Low | |
ClusterRole aws-cloudwatch-metrics | batch/jobs | list · watch | Low | |
ClusterRole aws-cloudwatch-metrics | core/nodes | list · watch | Low | |
ClusterRole aws-cloudwatch-metrics | core/nodes/stats | create | Low | |
ClusterRole aws-cloudwatch-metrics | core/pods | list · watch | Low | |
ClusterRole aws-cloudwatch-metrics | apps/replicasets | list · watch | Low | |
ClusterRole aws-cloudwatch-metrics | apps/statefulsets | list · watch | Low | |
ClusterRole aws-cloudwatch-metrics | core/configmaps (restricted to: cwagent-clusterleader) | get · update | Low | ResourceNameRestricted |
⚠️ Potential Abuse (2)
The following security risks were found based on the above permissions:
📦 Workloads (1)
| Kind | Name | Container | Image |
|---|---|---|---|
| DaemonSet | aws-cloudwatch-metrics | aws-cloudwatch-metrics | amazon/cloudwatch-agent:1.300032.2b361 |