1. Cloud Incident Response Wiki
  2. AWS Forensics and Incident Response

EKS security

 

Amazon Elastic Kubernetes Service (EKS) is a managed Kubernetes service that makes it easy to deploy, manage, and scale containerized applications on AWS. EKS provides a secure environment for running your applications, but it is important to understand the shared responsibility model between AWS and the customer.

 

We've built a platform for Cloud Detection & Response in AWS including EKS, Azure, and GCP you can grab a demo here. You can also download free playbooks we've written on how to respond to security incidents in AWS, Azure, and GCP.

 

Shared responsibility model

 

AWS is responsible for the security of the cloud infrastructure that EKS runs on. This includes the physical security of the data centers, the network infrastructure, and the Kubernetes control plane. The customer is responsible for the security of their applications and data running on EKS. This includes securing the pods, nodes, and containers in their cluster.

 

Customer responsibilities

 

Pod security: Customers are responsible for securing their pods. This includes using pod security policies to restrict what pods can do in the cluster, and using security contexts to define the security profile of each pod.

 

IAM: Customers are responsible for managing IAM roles for service accounts. These roles are used to grant pods access to AWS resources.

 

Network security: Customers are responsible for securing the network traffic in their cluster. This includes using VPCs and security groups to control access to the cluster.

 

Runtime security: Customers are responsible for securing the runtime environment of their applications. This includes keeping the operating system and container images up to date with the latest security patches.

 

Best practices

 

Use IAM roles for service accounts: This is the most secure way to grant pods access to AWS resources.

 

Use pod security policies: Pod security policies can be used to restrict what pods can do in the cluster, such as limiting the resources they can use or the network traffic they can generate.

 

Use Amazon EKS Pod Identity: Amazon EKS Pod Identity allows pods to automatically assume an IAM role when they are launched. This can simplify the process of managing IAM roles for service accounts.

 

Keep your operating system and container images up to date: This will help to ensure that your applications are not vulnerable to known security vulnerabilities.

 

Monitor your cluster for security events: You can use Amazon CloudWatch to monitor your EKS cluster for security events, such as unauthorized access attempts or pod terminations.

 

EKS is a secure platform for running containerized applications, but it is important to understand the shared responsibility model and follow best practices to secure your applications and data. By following these recommendations, you can help to ensure that your EKS clusters are secure and compliant with your security requirements.