Containers

Tag: security

Container DevSecOps with AWS CodePipeline using Hadolint and Anchore Engine

Many organizations are or are considering migrating their applications and/or software to containers over traditional virtual machines given that they are incredibly fast, easy to maintain, have simpler deployment lifecycles, and are much easier to spin up and down. This can greatly reduce the cost and increase efficiency. For a secure container life cycle management, […]

Introducing Amazon ECR server-side encryption using AWS Key Management System

Today, we introduced Amazon Elastic Container Registry (Amazon ECR) server-side encryption at rest using AWS managed and customer managed keys stored in AWS Key Management System (AWS KMS). This feature allows you to select the appropriate key management configuration to meet your security and compliance requirements, and meet the level of control required for your […]

Introducing The CIS Amazon EKS Benchmark

Today, we’re announcing a new Center for Internet Security (CIS) benchmark for Amazon Elastic Kubernetes Service (EKS). This new benchmark is optimized to help you accurately assess the security configuration of Amazon EKS clusters, including security assessments for nodes to help meet security and compliance requirements. Security is a critical consideration when configuring and maintaining […]

Maintaining Transport Layer Security all the way to your container: using the Application Load Balancer with Amazon ECS and Envoy

This post is contributed by Sri Mallu, Re Alvarez-Parmar, and Sahil Thapar Application Load Balancer has been an instrumental element when it comes to building highly available, scalable, and secure applications. AWS customers can rely on ALB to perform functions that have been traditionally implemented in application’s code. Let’s take connection security as an example, […]

Introducing server-side encryption of ephemeral storage using AWS Fargate-managed keys in AWS Fargate platform version 1.4

This post was contributed by Yuling Zhou, Eduardo Lopez Biagi, and Paavan Mistry. Today, we introduced server-side encryption of ephemeral storage in AWS Fargate platform version 1.4. The ephemeral task storage is automatically encrypted with industry-standard AES-256 encryption algorithm using AWS Fargate-managed keys for the updated platform version. This feature requires no additional configuration from […]

Enable traffic encryption between services in AWS App Mesh using AWS Certificate Manager or customer-provided certificates

Today, we announce the general availability of an AWS App Mesh feature that enables traffic encryption between services using AWS Certificate Manager (ACM) or customer-provided certificates. We sought feedback from our customers last year through the AWS App Mesh roadmap issues #38 and #39 and the features were made available on the AWS App Mesh […]

Results of the 2019 AWS Container Security Survey

Security is a top priority in AWS, and in our service team we naturally focus on container security. In order to better assess where we stand, we conducted an anonymous survey in late 2019 amongst container users on AWS. Overall, we got 68 responses from a variety of roles, from ops folks and SREs to […]

Native Container Image Scanning in Amazon ECR

By Richard Nguyen and Michael Hausenblas Container security comprises a range of activities and tools, involving developers, security operations engineers, and infrastructure admins. One crucial part in the cloud native supply chain is to scan container images for vulnerabilities and being able to get actionable insights from it. We learned in Issue 17 of the […]