Containers
Tag: Compliance
Signing and Validating OCI Artifacts with AWS Signer
This post is an extension of our Container Image Signing blog series. In our first post, we discussed the motivations and fundamental concepts behind cryptographic signing for containers. Introduction Organizations today are adding additional security measures to their software development lifecycles (SDLC) due to compliance, governance, or executive requirements. For containerized applications, one such security […]
How to establish private connectivity for ECS Anywhere
Introduction In 2014, AWS announced Amazon Elastic Container Service (Amazon ECS), a fully managed service that helps you orchestrate, deploy, and scale containerized applications. Although Amazon ECS serves a wide variety of customers from different segments, sizes, and verticals, there are cases where the applications need to run locally. For example, this often occurs in […]
Compliance as Code for Amazon ECS using Open Policy Agent, Amazon EventBridge, and AWS Lambda
Customers are looking for ways to implement best practices/policies that enforce security and ongoing compliance. These best practices apply to workloads running on Amazon Elastic Container Service (Amazon ECS). Nowadays, policies can be expressed as code and evaluated before workloads are deployed. This enables you to consistently enforce best practices and prevent workloads that violate […]
Introducing OIDC identity provider authentication for Amazon EKS
Today, we introduced user authentication for Amazon EKS clusters from an OpenID Connect (OIDC) Identity Provider (IDP). This feature allows customers to integrate an OIDC identity provider with a new or existing Amazon EKS cluster running Kubernetes version 1.16 or later. The OIDC IDP can be used as an alternative to, or along with AWS […]
Introducing Amazon ECR server-side encryption using AWS Key Management System
Today, we introduced Amazon Elastic Container Registry (Amazon ECR) server-side encryption at rest using AWS managed and customer managed keys stored in AWS Key Management System (AWS KMS). This feature allows you to select the appropriate key management configuration to meet your security and compliance requirements, and meet the level of control required for your […]
Introducing The CIS Amazon EKS Benchmark
Today, we’re announcing a new Center for Internet Security (CIS) benchmark for Amazon Elastic Kubernetes Service (EKS). This new benchmark is optimized to help you accurately assess the security configuration of Amazon EKS clusters, including security assessments for nodes to help meet security and compliance requirements. Security is a critical consideration when configuring and maintaining […]
Introducing server-side encryption of ephemeral storage using AWS Fargate-managed keys in AWS Fargate platform version 1.4
This post was contributed by Yuling Zhou, Eduardo Lopez Biagi, and Paavan Mistry. Today, we introduced server-side encryption of ephemeral storage in AWS Fargate platform version 1.4. The ephemeral task storage is automatically encrypted with industry-standard AES-256 encryption algorithm using AWS Fargate-managed keys for the updated platform version. This feature requires no additional configuration from […]