Containers

Category: Security, Identity, & Compliance

Protecting your Amazon EKS web apps with AWS WAF

Protecting your Amazon EKS web apps with AWS WAF

Analyze the traffic patterns on any public-facing website or web app, and you’ll notice connection requests from all over the world. Apart from the intended traffic, a typical web application responds to requests from bots, health checks, and various attempts to circumvent security and gain unauthorized access. In addition to impacting your customer’s experience, these […]

Use private certificates to enable a container repository in Amazon EKS

Introduction Containerization has gained popularity as a method for deploying and managing applications with Kubernetes, which is a leading container orchestration platform. Many customers choose Amazon Elastic Kubernetes Service (Amazon EKS) for its performance, scalability, availability, and integration with other AWS services and security. Enterprises across the industry opt for private container repositories, such as […]

Use shared VPC subnets in Amazon EKS

Introduction In the ever-changing landscape of cloud computing, organizations continue to face the challenge of effectively managing their virtual network environments. To address this challenge, many organizations have embraced shared Amazon virtual private clouds (VPCs) as a means to streamline network administration, and reduce costs. Shared VPCs not only provide these advantages but also enable […]

Measure cluster performance impact of Amazon GuardDuty EKS Agent

Introduction Amazon GuardDuty is a threat detection service that continuously monitors your AWS environment for malicious activity and anomalous behavior. Since its launch in 2017, Amazon GuardDuty has expanded its visibility and threat detection coverage. Amazon GuardDuty is capable of analyzing tens of billions of events per minute across multiple AWS data sources such as […]

Multi-account infrastructure provisioning with AWS Control Tower and AWS Proton

Introduction The majority of the enterprise customers tend to establish centralize control and well-architected organization-wide policies when it comes to distribution of cloud resources in multiple teams. These teams are primarily divided into three categories: IT operations, Enterprise Security, and Application (App)-development. While delivery of business value from application standpoint falls under the purview of […]

Announcing additional Linux controls for Amazon ECS tasks on AWS Fargate

Introduction An Amazon Elastic Container Service (Amazon ECS) task is a number of co-located containers that are scheduled on to AWS Fargate or an Amazon EC2 container instance. Containers use Linux namespaces to provide workload isolation—and with namespaces—even though containers are scheduled together in an Amazon ECS task, they’re still isolated from each other and […]

Shift left to secure your container supply chain

Introduction When we talk about securing container solutions, most of the focus is on securing the orchestrator or the infrastructure that the orchestrator runs on. However, at the heart of your container solutions are the containers themselves. In this post, we show you how we ensured that before we even push a container into our […]

Securing Kubecost access with Amazon Cognito

Introduction Kubecost provides real-time cost visibility and insights for teams using Kubernetes. It has an intuitive dashboard to help you understand and analyze the costs of running your workloads in a Kubernetes cluster. Kubecost is built on OpenCost, which was recently accepted as a Cloud Native Computing Foundation (CNCF) Sandbox project, and is actively supported […]

AWS App Runner now integrates with AWS Secrets Manager and AWS Systems Manager Parameter Store

AWS App Runner makes it easy to run web applications and APIs at production scale. It enables you to build, deploy, run, and observe web applications without the burden associated with infrastructure management. Many such applications externalize the storage of URLs, API keys, usernames, database secrets, and configuration parameters. Starting today, App Runner allows you to […]

Blue/Green or Canary Amazon EKS clusters migration for stateless ArgoCD workloads

Edit: 02 JUN 2023: The sample has been updated according to the EKS Blueprint V5 Migration Edit 06 October 2023: Upgrade the blog and sample to use gitops-bridge-argocd-bootstrap integration Introduction Organizations use modern application development approaches, such as microservices, to increase innovation, performance, security, and reliability. However, when working with legacy deployment systems, it can […]