site-logo

JAWS PANKRATION 2024

site-logo
HomeNewsTimetableCfPCommitteePromotionFollow UpPrivacy Policy

Multi-Cluster Security with Network Firewall: Consistent Protection for Distributed EKS

Lv200

Lv200

2024/8/25 09:00 (JST)
セッション情報

This talk dives into the challenge of securing distributed EKS deployments.

Discover how AWS Network Firewall acts as your central security shield, enforcing consistent protection across all your containerized applications.

Explore powerful features like firewall policies, automated enforcement, and centralized visibility.

Learn how Network Firewall empowers you to easily manage multi-cluster security, freeing you to focus on innovation.

Ananda Dwi Rahmawati

Ananda Dwi Rahmawati

- AWS Heroes -

セッションカテゴリ
Computing
Container
関連AWSサービス
Amazon EKS
AWS Network Firewall
セッション資料
    セッションアーカイブ
    セッションサマリ(by Amazon Bedrock)
      The presentation discusses multicluster security using Network Firewall for distributed Kubernetes environments on Amazon EKS. The speaker, Ananda, outlines the challenges of standalone Kubernetes clusters and the benefits of multicluster deployments. Key points: 1. Challenges of standalone clusters include scalability, flexibility, availability, resource utilization, workload isolation, and security compliance. 2. Multicluster deployments offer benefits such as improved scalability, fault tolerance, and flexibility across environments. 3. Challenges in multicluster environments include complexity management, limited visibility, increased management overhead, and inconsistent policy enforcement. 4. Network Firewall provides stateful inspection, IDS/IPS, filtering of incoming and outgoing traffic at the VPC level, and granular control with custom security policies. 5. Three deployment models for Network Firewall in multicluster Kubernetes: - Distributed (East-West traffic not currently supported) - Centralized - Combined (for North-South internet traffic) 6. Prerequisites for deployment include VPC attachments and configuration considerations for each model. 7. Security approaches include network implementation filtering, subnet filtering, application-level filtering, and SNI-based allow lists. The presentation emphasizes the importance of considering multicluster architectures from the beginning when designing Kubernetes deployments on Amazon EKS. It highlights the need for consistent security policies across clusters and centralized management to address the challenges of multicluster environments. The speaker also touches on the flexibility and scalability benefits of multicluster deployments, as well as the various deployment models and security approaches available with Network Firewall.

    戻る

    ©JAWS-UG (AWS User Group - Japan). All rights reserved.