One of the most common mistakes I see in Kubernetes environments is this: A pod needs access to AWS services, so teams simply attach permissions to the EC2 worker node and call it a day. It works. Until one compromised pod suddenly has access to e...