Ensures that AKS clusters and workloads are not granted excessive permissions.
AKS clusters often use managed identities to interact with Azure resources. Over-privileged identities can lead to privilege escalation or lateral movement within the cluster or the Azure environment. Following the principle of least privilege helps minimize potential attack surfaces.
Review and minimize Azure AD permissions granted to AKS managed identities and workload identities. Use Azure RBAC and Kubernetes RBAC best practices to ensure only required access is permitted.