Securing Kubecost access with Amazon Cognito
Blog
This article explains how to secure Kubecost dashboard access using Amazon Cognito authentication on Amazon EKS.
- Kubecost provides real-time cost visibility and insights for Kubernetes workloads
- Default NGINX basic authentication is replaced with Amazon Cognito for production security
- Solution uses Application Load Balancer (ALB) to expose Kubecost dashboard externally
- Amazon Cognito authenticates and authorizes users via email domain allow-listing
- Pre sign-up Lambda trigger validates user email domains before account creation
- Deployment uses EKS Blueprints CDK pattern with Route 53, ACM certificates, and TLS
- Includes Kubernetes add-ons: Metrics Server, Cluster Autoscaler, AWS Load Balancer Controller
- Users sign up with allowed email domains and verify via email confirmation code
- Can integrate existing OIDC or SAML 2.0 identity providers with Cognito
This solution enables secure, externally-accessible Kubecost dashboards for finance teams without requiring cluster access.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.