Container Security for AWS ECS, EKS and Fargate

Aqua Secures The Entire Container Lifecycle on The AWS Cloud

Amazon Elastic Container Service (Amazon ECS) is a highly scalable, high-performance container orchestration service that supports Docker containers and allows you to easily run and scale containerized applications on AWS. Amazon ECS eliminates the need for you to install and operate your own container orchestration software, manage and scale a cluster of virtual machines, or schedule containers on those virtual machines.

Aqua provides highly-integrated security controls for developing and running containers on AWS, supporting managed container services, like Amazon ECS for container orchestration, Amazon EKS for Kubernetes-based deployments, AWS Fargate for on-demand container scaling and Amazon ECR for storing, managing, and deploying Docker container images.

Image Vulnerability Scanning & Assurance

Prevent unauthorized images from running in your AWS environment. Continuously scan images stored in Amazon ECR to ensure that DevOps teams do not introduce vulnerabilities, bad configurations, or secrets into container images. Get actionable recommendations for remediation of security issues. 

Protect Applications in Runtime

Prevent unvetted containers from running in your Amazon ECS, EKS and Fargate environments. Automatically create security policies based on container behavior and ensure that containers only do what they are supposed to do in the application context. Detects and prevent activities that violate policy, and defend against container-specific attack vectors.

Container-Level RBAC

Apply highly granular access control policies to containers at runtime via integration with AWS IAM roles. Define user access privileges according to role, allowing or preventing specific Docker actions such as view, run, stop, view logs, and more.

Secrets Management

Leverage AWS KMS (key management store) to securely deploy secrets – such as passwords, keys and tokens – into containers at runtime. Aqua makes it easy to manage, rotate, and revoke secrets in containers with no downtime, running only in memory without persistence on disk.