Skip to content

Restrict access to etcd


ID: MS-M9024
MITRE mitigation: M1035

Access to etcd should be limited to the Kubernetes control plane only. Depending on your configuration, you should attempt to use etcd over TLS. This mitigation is relevant only to non-managed Kubernetes environment, as access to etcd in cloud managed clusters is already restricted.

Techniques Addressed by Mitigation

ID Name Use
MS-TA9025 List Kubernetes secrets Restrict access to etcd.