ec2-user
as the allowed target user. Through the BastionZero command logs, the administrator can then identify which SSO user entered what command as the ec2-user
on a particular target.postgres
as the allowed target user.stdout
. However, the administrator has the option to also record stdin
.kubectl
actions, including shell exec
, against the cluster. An SSO user may assume a particular cluster role, based on policy. This role can be defined as a particular target user or target group depending on whether a user or group was specified when the k8s
role binding was made. BastionZero is very flexible in this regard, and the k8s
command logs will again disambiguate which SSO user executed which kubectl
command within a particular user or group to role binding.X-API-KEY
header for any application, such as Postman, curl, or your own business logic.Deny
. Registration keys can be associated to an application, an end user, or an administrator in multiple ways within BastionZero.