Containers

Tag: security

Building STIG-compliant AMIs for Amazon EKS

Building STIG-compliant AMIs for Amazon EKS

As more organizations required to run hardened virtual machines to increase security to meet the internal compliance adopt Kubernetes, there is a need for hardened Amazon Machine Images (AMIs) that work with Amazon Elastic Kubernetes Service (Amazon EKS). There are multiple options to choose from. One solution is to use Bottlerocket, a special-purpose OS from […]

Protect Kubernetes workloads from Apache Log4j vulnerabilities

Log4j is among the most popular and highly used logging frameworks in Java-based applications. On December 9, 2021, the world became aware of zero-day vulnerabilities CVE-2021-44228 and CVE-2021-45105 affecting the popular Apache package. Any attacker who can control log messages or log message parameters can execute arbitrary code loaded from malicious LDAP servers when message […]

Container scanning updates in Amazon ECR private registries using Amazon Inspector

We announced a new Amazon Inspector last week at re:Invent 2021 with improved vulnerability management for cloud workloads. Amazon Inspector is a service used by organizations of all sizes to automate security assessment and management at scale. For Amazon Elastic Container Registry (Amazon ECR) private registry customers, this announcement brings updates, enhancements, and integrations to […]

Enabling mTLS in AWS App Mesh using SPIFFE/SPIRE in a multi-account Amazon EKS environment

NOTICE: October 04, 2024 – This post no longer reflects the best guidance for configuring a service mesh with Amazon ECS and Amazon EKS, and its examples no longer work as shown. For workloads running on Amazon ECS, please refer to newer content on Amazon ECS Service Connect, and for workloads running on Amazon EKS, […]

Introducing OIDC identity provider authentication for Amazon EKS

Today, we introduced user authentication for Amazon EKS clusters from an OpenID Connect (OIDC) Identity Provider (IDP). This feature allows customers to integrate an OIDC identity provider with a new or existing Amazon EKS cluster running Kubernetes version 1.16 or later. The OIDC IDP can be used as an alternative to, or along with AWS […]

Architecture of the solution "Using Windows Authentication with Linux Containers on Amazon ECS"

Using Windows Authentication with Linux Containers on Amazon ECS

This post shows how to configure a Linux container running on Amazon Elastic Container Service (Amazon ECS) to connect to a SQL Server database using Windows (or Integrated) Authentication. Windows Authentication is the recommended mechanism to connect to SQL Server databases, but using it can be challenging when running containerized workloads.

Results of the 2020 AWS Container Security Survey

In 2019 we carried out the first AWS Container Security Survey and now we have the results of this year’s survey for you available. As in 2019, we conducted an anonymous survey throughout 2020 amongst container users on AWS. From the 655 people who visited the survey, 295 started it and 156 completed it (completion […]

Implementing Runtime security in Amazon EKS using CNCF Falco

Many organisations are in the process of migrating their applications to containers. Containers provide application-level dependency management, speedy launches, and support immutability. This can help reduce costs, increase velocity, and improve on efficiency. For securely managing the container lifecycle, container image hardening, and end-to-end security checks are critical factors. Containers need to be secured by […]

Designing a secure container image registry

As organizations move to containers, there can be a sense that they are losing control or visibility of the software that is deployed to their environments. Historically, once a server is in production, a scanning tool runs on a regular basis to detect vulnerabilities on the operating system. Once a vulnerability is detected, an operations […]

Using Gatekeeper as a drop-in Pod Security Policy replacement in Amazon EKS

Jason Umiker If you are managing a Kubernetes cluster or you are a security professional responsible for one then you likely have heard that you should be implementing Kubernetes Pod Security Policies (PSPs) on the cluster in order to improve your security posture. Using PSPs can help to block pods from being disruptive to their […]