site-logo

JAWS PANKRATION 2024

site-logo
HomeNewsTimetableCfPCommitteePromotionFollow UpPrivacy Policy

Demystifying Kubernetes Security using AWS EKS

Lv300

Lv300

8/24/2024 10:40 (UTC)

Session Info

The session aims to provide a comprehensive guide to securing Kubernetes workloads on EKS

It covers fundamental aspects of EKS architecture and the shared responsibility model, best practices for VPC and network security, integrating AWS IAM with Kubernetes RBAC and addresses monitoring and incident response through AWS CloudTrail, CloudWatch.

Additionally, it highlights the importance of compliance with industry standards and regular security audits using AWS Config and AWS Security Hub, empowering attendees to build secure, resilient, and compliant containerized applications in the cloud.

Ankit Shriram Rao

Ankit Shriram Rao

- AWS Community Builders -



Session Category
Container
Security
Identity and compliance


AWS Services
EKS
ECR
Security Hub
IAM
Inspector

Session Materials


Session Summary (by Amazon Bedrock)
    The presentation discusses securing AWS Elastic Kubernetes Service (EKS). EKS is a managed Kubernetes service that removes the need to manage the control plane, leaving users to manage worker nodes and application deployment. Cloud security is a shared responsibility model between AWS and the user. Areas to secure in EKS include: 1. Network 2. Control plane access 3. Worker nodes 4. Identity and access management 5. Application security 6. Data protection 7. Logging and monitoring Security implementation involves: 1. Secure configurations 2. Using AWS controllers 3. Security integrations 4. Logging and monitoring Network security best practices include: - Defining networks as per requirements - Enabling VPC flow logs - Using private subnets for worker nodes - Implementing restrictive security group rules Control plane security measures: - Using the latest Kubernetes version - Configuring RBAC for access control - Implementing envelope encryption for secrets The Amazon Controller for Kubernetes (ACK) can be used to manage AWS services with limited permissions, reducing the risk of privilege misuse. Security integrations like AWS Inspector can automatically discover workloads and scan for vulnerabilities. AWS Security Hub provides best practice checks and can help ensure proper configuration. Logging and monitoring can be implemented using various tools to track metrics, raise notifications, and create dashboards for a central view of cluster and application status. The presentation concludes by emphasizing that these are just some of the ways to enhance EKS security, and there are many more options available.

©JAWS-UG (AWS User Group - Japan). All rights reserved.