Containers

Category: Security, Identity, & Compliance

Managing access to Amazon Elastic Kubernetes Service clusters with X.509 certificates

Managing access to Amazon Elastic Kubernetes Service clusters with X.509 certificates

Introduction Currently, customers are given two main options for end users to access Amazon Elastic Kubernetes Service (Amazon EKS) clusters when using utilities like kubectl – AWS Identity and Access Management (AWS IAM), or OpenID Connect (OIDC). However, some customers leverage X.509 certificates to authenticate their end-users for access to Amazon EKS clusters, especially those […]

Amazon ECR in Multi-Account and Multi-Region Architectures

Amazon ECR in Multi-Account and Multi-Region Architectures

Introduction Amazon Elastic Container Registry (Amazon ECR) is a fully managed container registry offering high-performance hosting, so you can reliably deploy application images and artifacts anywhere. It stores container images and artifacts that deploy application workloads across AWS services as well as non-AWS environments. Amazon ECR is a regional service, where each Region in each […]

Read our blog post on securing Amazon Elastic Container Service applications using Application Load Balancer and Amazon Cognito.

Securing Amazon Elastic Container Service applications using Application Load Balancer and Amazon Cognito

Introduction Designing and maintaining secure user management, authentication and other related features for applications is not an easy task. Amazon Cognito takes care of this work, which allows developers to focus on building the core business logic of the application. Amazon Cognito provides user management, authentication, and authorization for applications where users can log in […]

Building STIG-compliant AMIs for Amazon EKS

Building STIG-compliant AMIs for Amazon EKS

As more organizations required to run hardened virtual machines to increase security to meet the internal compliance adopt Kubernetes, there is a need for hardened Amazon Machine Images (AMIs) that work with Amazon Elastic Kubernetes Service (Amazon EKS). There are multiple options to choose from. One solution is to use Bottlerocket, a special-purpose OS from […]

Title: A quick path to EKS SSO using AWS SSO

A quick path to Amazon EKS single sign-on using AWS SSO

With the rapid growth of software as a service (SaaS) and cloud adoption, identity is the new security perimeter. AWS Identity and Access Management (IAM) and Kubernetes role-based access control (RBAC) provide the tools to build a strong least-privilege security posture. Single sign-on (SSO) uses federation with a central identity provider (IdP) to improve security by allowing […]

A title image for the blog reading Using IAM database authentication with workloads running on Amazon EKS

Using IAM database authentication with workloads running on Amazon EKS

Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service that you can use to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane or nodes. When running containerized workloads on Amazon EKS, it is common to store the stateful parts of the application outside of the Kubernetes […]

Container scanning updates in Amazon ECR private registries using Amazon Inspector

We announced a new Amazon Inspector last week at re:Invent 2021 with improved vulnerability management for cloud workloads. Amazon Inspector is a service used by organizations of all sizes to automate security assessment and management at scale. For Amazon Elastic Container Registry (Amazon ECR) private registry customers, this announcement brings updates, enhancements, and integrations to […]

How to use Application Load Balancer and Amazon Cognito to authenticate users for your Kubernetes web apps

This post describes how to use Amazon Cognito to authenticate users for web apps running in an Amazon Elastic Kubernetes Services (Amazon EKS) cluster.  Behind any identity management system resides a complex network of systems meant to keep data and services secure. These systems handle functions such as directory services, access management, identity authentication, and […]

ROSA sign in screen when enabled

Managing ROSA subscriptions at scale

One aspect of operating applications at scale is managing software in a manner that provides control as well as caters for self service and agility. As the modernization of applications and overall business processes takes place, agility requirements drive the need for teams to have access to the tools they require. How does a large-scale […]

Automating image compliance for Amazon ECS and Amazon EKS using Amazon Elastic Container Registry (ECR) and AWS Security Hub

Introduction As containers move to cloud native production environments, DevOps and security teams increasingly look to deploy DevSecOps pipelines that provide automated real-time visibility into container activity, restrict container access to host and network resources and detect and prevent exploits and attacks on running containers. In this blog post, we implement a solution that demonstrates […]