Posted On: Jun 2, 2021

Amazon Elastic Kubernetes Service (EKS) now allows you to specify custom Amazon Elastic Compute Cloud (Amazon EC2) security groups for pods running on AWS Fargate, enabling fine grained control over incoming and outgoing network traffic.

AWS Fargate runs each Kubernetes pod in a VM-isolated environment without sharing resources with other pods. With custom security groups, you can add additional defense in depth by specifying fine grained rules that allow inbound and outbound network traffic to and from pods that you deploy on Fargate. Security group policies for Fargate pods can be applied using the same Kubernetes native workflow that is already supported for pods running on Amazon EC2 worker nodes.

Support for assigning security groups to Fargate pods is available for EKS clusters running Kubernetes version 1.18 and above. To get started, visit the Amazon EKS documentation.