Containers

Tag: security

Results of the 2020 AWS Container Security Survey

In 2019 we carried out the first AWS Container Security Survey and now we have the results of this year’s survey for you available. As in 2019, we conducted an anonymous survey throughout 2020 amongst container users on AWS. From the 655 people who visited the survey, 295 started it and 156 completed it (completion […]

Read More

Implementing Runtime security in Amazon EKS using CNCF Falco

Many organisations are in the process of migrating their applications to containers. Containers provide application-level dependency management, speedy launches, and support immutability. This can help reduce costs, increase velocity, and improve on efficiency. For securely managing the container lifecycle, container image hardening, and end-to-end security checks are critical factors. Containers need to be secured by […]

Read More

Designing a secure container image registry

As organizations move to containers, there can be a sense that they are losing control or visibility of the software that is deployed to their environments. Historically, once a server is in production, a scanning tool runs on a regular basis to detect vulnerabilities on the operating system. Once a vulnerability is detected, an operations […]

Read More

Using Gatekeeper as a drop-in Pod Security Policy replacement in Amazon EKS

Jason Umiker If you are managing a Kubernetes cluster or you are a security professional responsible for one then you likely have heard that you should be implementing Kubernetes Pod Security Policies (PSPs) on the cluster in order to improve your security posture. Using PSPs can help to block pods from being disruptive to their […]

Read More

Container DevSecOps with AWS CodePipeline using Hadolint and Anchore Engine

Many organizations are or are considering migrating their applications and/or software to containers over traditional virtual machines given that they are incredibly fast, easy to maintain, have simpler deployment lifecycles, and are much easier to spin up and down. This can greatly reduce the cost and increase efficiency. For a secure container life cycle management, […]

Read More

Introducing Amazon ECR server-side encryption using AWS Key Management System

Today, we introduced Amazon Elastic Container Registry (Amazon ECR) server-side encryption at rest using AWS managed and customer managed master keys stored in AWS Key Management System (AWS KMS). This feature allows you to select the appropriate key management configuration to meet your security and compliance requirements, and meet the level of control required for […]

Read More

Introducing The CIS Amazon EKS Benchmark

Today, we’re announcing a new Center for Internet Security (CIS) benchmark for Amazon Elastic Kubernetes Service (EKS). This new benchmark is optimized to help you accurately assess the security configuration of Amazon EKS clusters, including security assessments for nodes to help meet security and compliance requirements. Security is a critical consideration when configuring and maintaining […]

Read More
TigerCalicov3.9 Files

Using Calico on Amazon EKS Windows Containers

This post was contributed by Anuj Singh, Software Development Engineer and Steven David, Enterprise Solutions Architect. In this blog post, we are going to walk through a step-by-step process on how to install and use Calico for Windows containers running on Amazon Elastic Kubernetes Service (EKS). Tigera Calico for Windows is a networking and network […]

Read More

Maintaining Transport Layer Security all the way to your container: using the Application Load Balancer with Amazon ECS and Envoy

This post is contributed by Sri Mallu, Re Alvarez-Parmar, and Sahil Thapar Application Load Balancer has been an instrumental element when it comes to building highly available, scalable, and secure applications. AWS customers can rely on ALB to perform functions that have been traditionally implemented in application’s code. Let’s take connection security as an example, […]

Read More

Introducing server-side encryption of ephemeral storage using AWS Fargate-managed keys in AWS Fargate platform version 1.4

This post was contributed by Yuling Zhou, Eduardo Lopez Biagi, and Paavan Mistry. Today, we introduced server-side encryption of ephemeral storage in AWS Fargate platform version 1.4. The ephemeral task storage is automatically encrypted with industry-standard AES-256 encryption algorithm using AWS Fargate-managed keys for the updated platform version. This feature requires no additional configuration from […]

Read More