AWS Open Source Blog

Category: Security, Identity, & Compliance

Introducing Fine-Grained IAM Roles for Service Accounts

Here at AWS we focus first and foremost on customer needs. In the context of access control in Amazon EKS, you asked in issue #23 of our public container roadmap for fine-grained IAM roles in EKS. To address this need, the community came up with a number of open source solutions, such as kube2iam, kiam, […]

Read More

Deploying the AWS IAM Authenticator to kops

This post is an updated version of Deploying the Heptio Authenticator to kops. Heptio Authenticator has since been donated to the Kubernetes Special Interest Group (SIG) AWS, allowing the project to be collaboratively worked on. Now, instead of needing to manually configure the Authenticator, you can use kops primitives to deploy automatically when a cluster […]

Read More
Security Hub Cloud Custodian logo

Announcing Cloud Custodian Integration with AWS Security Hub

中文版 One of the popular options for automated security, compliance, and cost management solutions in the cloud is Cloud Custodian, an open source project sponsored by Capital One. Cloud Custodian is a flexible rules engine with policies written in simple YAML configuration files, with support for over 144 AWS resource types. However, because Cloud Custodian […]

Read More
Falco diagram

Securing Amazon EKS Using Lambda and Falco

中文版 Intrusion and abnormality detection are important tools for stronger run-time security in applications deployed in containers on Amazon EKS clusters. In this post, Michael Ducy of Sysdig explains how Falco, a CNCF Sandbox Project, generates an alert when an abnormal application behavior is detected. AWS Lambda functions can then be configured to pass those […]

Read More
Deploying the Heptio Authenticator to kops

Deploying the Heptio Authenticator to kops

This post has been updated – Deploying the AWS IAM Authenticator to kops 中文版   The Kubernetes 1.10 release has included alpha support for the client-go package to process external ExecCredential providers. This is being used to power the authentication against Amazon Elastic Container Service for Kubernetes (EKS) clusters while still following one of the […]

Read More

Better Random Number Generation for OpenSSL, libc, and Linux Mainline

中文版 In 2015, AWS introduced s2n, a new open source implementation of the TLS/SSL protocols that protect the privacy and integrity of data moving over a network. s2n was designed to be secure, simple, small, and fast. The project is thriving, and we use it extensively. In February, our CISO Stephen Schmidt shared that “we […]

Read More