Aqua Blog

Securing Flexible Amazon ECS Anywhere Deployments with Aqua

Securing Flexible Amazon ECS Anywhere Deployments with Aqua

Today, AWS announced the general availability of ECS Anywhere; a simple but powerful extension of AWS Elastic Container Service (ECS) to manage containers wherever they run – Aqua has been working closely with AWS to deliver a unified security experience for ECS Anywhere so enterprises can embrace the cloud native deployment models that make the most sense for them – while enforcing a consistent set of security and compliance models and maintaining consolidated visibility across diversified workloads.

Amazon ECS has been a popular service for deploying and managing containers at scale since 2014. As a longstanding AWS partner, Aqua has been working with ECS customers to secure, protect and mitigate the risks of utilizing container build and run time environments at scale – for both EC2 instances and AWS Fargate containers as a service.

In tandem with the release of ECS Anywhere, Aqua has extended support to enable customers to securely benefit from the flexibility that ECS Anywhere delivers. Customers may have multiple reasons for why this flexibility is important for adopting cloud native technologies: whether compliance requirements in regulated markets, emerging data privacy regulations, existing investments in data centers and on-premises infrastructure or the need to support legacy applications.

Now with Aqua’s support for ECS Anywhere, customers can take advantage of our complete suite of security capabilities to formulate a coherent security strategy as they embrace new deployment models, operate in heterogenous environments, and run diversified workloads.

Distributed Cloud Model

According to the Gartner 2021 Strategic Roadmap report, “Edge computing is entering the mainstream as organizations look to extend cloud to on premises and to take advantage of IoT and transformational digital business applications.”

ECS Anywhere can play a pivotal role in enabling a distributed cloud model that decouples cloud services and relinquishes control of the geographical location of the services over to the enterprises.

These cloud-tethered offerings can now be deployed at the edge, or on-premises, close to the devices generating data, or to the users consuming it. Moving computing power close to the data source has a ton of benefits like reduced latency, improving performance for autonomous operations and meeting data sovereignty or privacy compliance requirements.

Employing consistent security across these heterogeneous environments made up of different entities – both cloud and on-premises — spanning across global sites becomes the next challenge.

Consistent Security Experience

Aqua has pioneered cloud native security. In response to new technologies, customer needs and emerging threats, the Aqua portfolio has matured to support complex workloads no matter in which environments they run, delivering best-in-class security with a single-pane-of-glass experience. Recently, we also added support for securing containers running ARM Neoverse technology, which powers the next generation of IoT and embedded devices, including the AWS Graviton2 processor.

Organizations can now secure all ECS workloads across different platforms, while taking advantage of the flexibility provided by ECS Anywhere environments, whether they are on-premises or in the cloud.

The Aqua Enforcer family provides a uniform set of security controls that can be applied to any types of workloads:

The Aqua Enforcer family provides a uniform set of security controls that can be applied to any types of workloads:


Gartner predicts, “Industry surveys show internet-connected devices on enterprise networks can be hacked in as little as three minutes and breaches may take six months or more to discover.” The Aqua Enforcer control deployed as part of the ECS workload provides real-time, contextual data and event logs of container activity which are especially useful for maintaining visibility into potential threats for short-lived applications.



With the proliferation of IoT devices and other edge computing workloads that ECS Anywhere potentially enables, these workloads could become a target of attacks like any other IT system, with a larger attack surface, potentially making them the weakest link to gain access to your network. Aqua’s micro-segmentation feature can limit the blast radius and block the cyberattack from gaining access to the enterprise network and causing severe damage.

Risk Explorer

Aqua’s single-pane-of-glass solution ensures visibility into the security posture of your heterogenous environment. The console provides an overview across ECS Anywhere workloads running, their risk assessment score as well as the network connectivity between them. This allows teams to make sure that security policies and compliance requirements are consistently enforced.

Closing Thoughts

With Aqua’s broad platform support spanning across a wide range of operating systems, CPU architectures and native support for Amazon ECS, we can offer a unified strategy for hybrid deployments as well as edge topologies with IoT workloads. Now customers can manage the security posture of their applications using the same policies and view the collective findings in the Aqua console.

Aqua Team
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and accelerate their digital transformations. The Aqua Platform is the leading Cloud Native Application Protection Platform (CNAPP) and provides prevention, detection, and response automation across the entire application lifecycle to secure the supply chain, secure cloud infrastructure and secure running workloads wherever they are deployed. Aqua customers are among the world’s largest enterprises in financial services, software, media, manufacturing and retail, with implementations across a broad range of cloud providers and modern technology stacks spanning containers, serverless functions and cloud VMs.