Aqua Blog

Securing Container Workloads on AWS Bottlerocket

Securing Container Workloads on AWS Bottlerocket

We’ve been working with Amazon Web Services (AWS) to extend the Aqua cloud native security platform to support AWS Bottlerocket — a purpose-built, Linux-based, open source OS for running containers on virtual machines or bare metal hosts — which is now GA. This combined effort ensures that AWS customers who use this new OS will have complete access to Aqua’s capabilities.

This provides users with total freedom to use Bottlerocket for their containerized applications (including orchestrated environments like Amazon EKS) while gaining best-in-market protection with advanced security and runtime controls.

AWS Bottlerocket

The Aqua solution provides security controls for heterogeneous workloads, including a wide range of operating systems. Our cloud native platform complements the sleek Bottlerocket operating system with a low-resource footprint providing minimal operational overhead, without compromising on security controls, to secure a diverse range of containerized workloads. These controls span from blocking non-compliant images, file and package blocking, preventing mounting of restricted volumes, file integrity monitoring (FIM) and protection, monitoring and forensics of system calls, as well as network monitoring and segmentation capabilities.

Aqua is pleased to support the new AWS Bottlerocket OS. Securing cloud infrastructure and application workloads at runtime is more critical than ever. We see the combination of Bottlerocket and Aqua as an opportunity for customers to reduce their attack surface by using a minimal OS, prevent attacks that leverage configuration errors, and protect applications from malware by enforcing security policies in real time.” says Amir Jerbi, Co-founder & CTO at Aqua Security

Aqua adds advanced runtime protection to AWS Bottlerocket-based container workloads. This new AWS OS has improved resource utilization by using only essential components to create a reduced attack surface. Aqua’s additional security controls for the host OS, containerized applications, and orchestration layer reduces risk without increasing the attack surface or adding performance overhead. Aqua also delivers a layer of security with firewalling and workload segmentation that is fully supported on AWS Bottlerocket — while further restricting the potential damage of non-compliant workloads or malicious behavior.

Learn more about securing containerized workloads running on Bottlerocket using Aqua


Aqua Team
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and accelerate their digital transformations. The Aqua Platform is the leading Cloud Native Application Protection Platform (CNAPP) and provides prevention, detection, and response automation across the entire application lifecycle to secure the supply chain, secure cloud infrastructure and secure running workloads wherever they are deployed. Aqua customers are among the world’s largest enterprises in financial services, software, media, manufacturing and retail, with implementations across a broad range of cloud providers and modern technology stacks spanning containers, serverless functions and cloud VMs.