June 9, 2026 · 11 min
`whoami` says `ssm-user`, CloudTrail says you: browser shells into EKS nodes, no SSH
Periscope v1.1.6 opens a terminal onto an EKS node's EC2 host from the dashboard, with no SSH key, no bastion, and no inbound ports. The session runs under the operator's own short-lived AWS credentials, minted from their OIDC id_token, so the Periscope pod holds zero SSM permissions and CloudTrail attributes every session to a human. Notes on the transport, the spike that proved it, and the three IAM gotchas that nearly sank it.
by @gnana997




