Are there Security Best Practices for AWS EKS Infrastructure?
search cancel

Are there Security Best Practices for AWS EKS Infrastructure?

book

Article ID: 284391

calendar_today

Updated On:

Products

CloudHealth

Issue/Introduction

There are several security best practice areas that are pertinent when using a managed Kubernetes service like EKS:

  • Identity and Access Management
  • Pod Security
  • Runtime Security
  • Network Security
  • Multi-tenancy
  • Detective Controls
  • Infrastructure Security
  • Data Encryption and Secrets Management
  • Regulatory Compliance
  • Incident Response and Forensics
  • Image Security

As part of designing any system, we need to think about its security implications and the practices that can affect your security posture.  For example, you need to control who can perform actions against a set of resources.  We also need the ability to quickly identify security incidents, protect your systems and services from unauthorized access, and maintain the confidentiality and integrity of data through data protection.  Having a well-defined and rehearsed set of processes for responding to security incidents will improve your security posture too.  These tools and techniques are important because they support objectives such as preventing financial loss or complying with regulatory obligations.

AWS helps organizations achieve their security and compliance goals by offering a rich set of security services that have evolved based on feedback from a broad set of security conscious customers.  By offering a highly secure foundation, customers can spend less time on “undifferentiated heavy lifting” and more time on achieving their business objectives.

Note : We currently do not have a specific benchmark for EKS in CloudHealth at this time but for CHSS customers SecureState includes the ‘CIS Amazon EKS Benchmark’ as an option.

https://www.cisecurity.org/benchmark/amazon_web_services
CIS
CIS Amazon Web Services Benchmarks
Download our step-by-step checklist to secure your platform: An objective, consensus-driven security guideline for Amazon Web Services.

We recommend to have look at ‘CIS Amazon Elastic Kubernetes Service (EKS) Benchmark’ within secure state
https://aws.amazon.com/blogs/containers/introducing-cis-amazon-eks-benchmark/

One can navigate it through  Governance > Compliance in CHSS

Powered by Wolken Software