Container Security for AWS ECS

Aqua Secures The Entire Container Lifecycle on The AWS Cloud

Amazon EC2 Container Service (ECS) is a highly scalable, high performance container management service that supports Docker containers and allows you to easily run applications on a managed cluster of Amazon EC2 instances.

Aqua provides highly-integrated security controls for developing and running containers on AWS, supporting managed container services, like Amazon ECS for container orchestration and Amazon ECR for storing, managing, and deploying Docker container images.

Image Vulnerability Scanning & Assurance

Prevent unauthorized images from running in your AWS environment. Continuously scan images stored in Amazon ECR to ensure that DevOps teams do not introduce vulnerabilities, bad configurations, or secrets into container images. Get actionable recommendations for remediation of security issues. 

Protect Applications in Runtime

Prevent unvetted containers from running in your Amazon ECS environment. Automatically create security policies based on container behavior and ensure that containers only do what they are supposed to do in the application context. Detects and prevent activities that violate policy, and defend against container-specific attack vectors.

Container-Level RBAC

Apply highly granular access control policies to containers at runtime via integration with AWS IAM roles. Define user access privileges according to role, allowing or preventing specific Docker actions such as view, run, stop, view logs, and more.

Secrets Management

Leverage AWS KMS (key management store) to securely deploy secrets – such as passwords, keys and tokens – into containers at runtime. Aqua makes it easy to manage, rotate, and revoke secrets in containers with no downtime, running only in memory without persistence on disk.