Aqua Blog

Elevating AWS Kubernetes Security and Compliance  

Elevating AWS Kubernetes Security and Compliance  

Amazon Elastic Kubernetes Service (Amazon EKS) streamlines the process of deploying, managing, and scaling Kubernetes clusters on Amazon Web Services (AWS), sparing users the complexities of setting up and maintaining their own Kubernetes control plane. Kubernetes itself is an open-source platform designed to automate the management, scaling, and deployment of applications within containers.   

In today’s dynamic cloud computing environment, the transition of workloads to AWS and the modernization of Kubernetes setups have become pivotal for organizations aiming for innovation, flexibility, and cost-effectiveness. Known for our expertise in securing Cloud Native Applications, particularly containerized workloads, Aqua recently attained the Amazon Elastic Kubernetes (EKS) Ready Specialization. This recognition highlights our adeptness in delivering solutions tailored for operating Kubernetes on AWS, on-premises, and even at the edge, utilizing Amazon EKS and EKS Anywhere. 

The Significance of Modernizing and Migrating to AWS

Modernizing EKS workloads on AWS is a strategic move for organizations aiming to stay competitive by quickly delivering their innovation to the end user. This shift allows businesses to harness the benefits of cloud-native technologies, enabling them to scale rapidly, enhance agility, and achieve cost savings. Aqua Security empowers operational expertise and ensures exceptional cost performance through its comprehensive container security platform. By seamlessly integrating with Amazon EKS, Aqua Security addresses the need of securing workloads  as they shift between environments and provide a holistic approach to vulnerability scanning, real-time runtime protection, access controls, and threat intelligence feeds. Most importantly, the Aqua platform embeds security practices into the Software Devlopment Life Cycle vs.  creating blockers and guardrails  

Aqua Security’s Amazon EKS Ready Specialization 

Aqua Security’s achievement of the Amazon EKS Ready Specialization signifies a milestone in providing customers with a trusted security solution for Kubernetes environments. Container orchestration through Kubernetes offers the ability to deploy and manage containerized applications with unmatched speed, scalability, and operational resilience. Aqua Security’s integration with EKS ensures a seamless application of compliance and security policies, preventing unapproved images, enforcing runtime controls, and ensuring proper configuration against industry benchmarks. 

Ensuring Security in EKS Deployments 

For organizations utilizing EKS, Aqua Security offers a comprehensive approach to securing Kubernetes clusters allowing organizations to gain visibility into the entire deployment. Aqua’s Image Assurance policies enable the prevention of unapproved images from running, utilizing CVSS score thresholds to assess vulnerabilities. Moreover, Aqua’s runtime policies, such as Drift Prevention, ensure the immutability of the environment by blocking unauthorized changes to containers compared to their originating images. 


Operational Excellence and Cost-Effectiveness 

Aqua Security goes beyond traditional security measures. It empowers operational excellence by proactively identifying and mitigating potential threats. By leveraging vulnerability scanning and real-time runtime protection, Aqua Security minimizes the risk of security breaches and downtime, ensuring that organizations can confidently scale their applications on AWS. The platform’s access controls, and threat intelligence feeds contribute to maintaining the highest level of security and compliance, crucial for organizations navigating the complexities of the Kubernetes ecosystem on AWS. 

Why Aqua Security for AWS Container Security?  

Aqua provides the most complete security across the application lifecycle, from development to production, protecting all cloud native applications running on AWS including, Amazon ECS for container orchestration, Amazon EKS for Kubernetes-based deployments, AWS Fargate for on-demand container scaling, AWS Lambda for serverless functions, and Amazon ECR for storing and managing container images. 

If you are running cloud native workloads on AWS, Aqua can help with: 

  • Image vulnerability scanning & assurance
    Preventing unauthorized images from running in the AWS environment Aqua Continuously scan images stored in Amazon ECR to ensure that no vulnerabilities, bad configurations, or secrets are introduced into container images. 
  • Securing applications on AWS Fargate
    Aqua deploys an agent into your containers to ensure that workloads are only performing their intended function, while detecting vulnerable or compromised containers. 
  • Protecting AWS Lambda Functions
    Discovering over-provisioned permissions and roles, vulnerabilities, and embedded credentials and keys. Monitoring functions at runtime, preventing code injection and malicious activity. 
  • Cloud VM Security and Compliance
    Protect workloads running on Amazon EC2 instances and ensure they are properly hardened. Scan for vulnerabilities and malware, apply File Integrity Monitoring (FIM), check configuration against the CIS Benchmark for Linux, and monitor user access and activity. Create command-level audit trail for compliance and forensics. 
  • Drift prevention
    Drift prevention helps ensure that containerized environments remain compliant with security policies and operational standards by continuously monitoring and comparing the current state of containers against a known, desired state. If any drifts from a known state is detected, such as unauthorized package installations, configuration changes, or file execution, the Aqua platform will alert on the violation. 
  • Aqua vShield
    vShield, a core feature of the Aqua platform, aids organizations in managing and remediating vulnerabilities. It generates tailored policies that specifically block attackers from exploiting identified vulnerabilities, thereby enhancing the security of the linked assets. 
  • Dynamic Threat Analysis
    Dynamic Threat Analysis facilitates the ability to run a container in a controlled Sandbox environment before being deployed into production. This allows for a deep inspection of the container but more importantly monitors for behavioral patterns and Indicators of Compromise. The strength of this feature is to identify and stop in-memory attacks, such as malware, while the container is in operation 

In conclusion, Aqua Security’s Amazon EKS Ready Specialization solidifies its commitment to delivering cutting-edge container security solutions for AWS customers. As organizations continue their journey of modernization and migration to AWS, Aqua Security stands as a trusted partner, ensuring the secure, compliant, and cost-effective deployment of containerized applications on Amazon EKS. 

Visit Aqua’s website or AWS Marketplace listing to learn more.   


Itamar Evgey
Itamar Evgey is a technical lead on the business development and strategy team at Aqua. Itamar comes to Aqua from SHI Stratascale where he led various teams focused on implementing security architecture at large scale environments of global enterprises spanning from cloud services to industrial control systems. Formally head of cloud security architects for checkpoint he spearheaded the Cloud Guard portfolio and driving technical sales enablement. Itamar enjoys the open waters and traveling to new destinations.