Securing Cloud Native Workloads on AWS

Aqua provides the most complete security solutions to protect workloads running on Amazon ECS, EKS, AWS Fargate and AWS Lambda - including Graviton2-powered workloads.

How Aqua is deployed to protect AWS containers and serverless functions

Cloud Security Posture Management (CSPM)

Ensure that your AWS accounts and services are configured according to best practices, including the CIS Foundation Benchmarks for AWS and the AWS Well-Architected Framework. The Well-Architected Framework AWS Management & Governance Lens provides prescriptive guidance on key concepts and best practices for optimizing management and governance across AWS environments, working in tandem with Aqua as an integrated partner solution.
The Integrated Partner Solution

Cloud VM Security and Compliance

Protect workloads running on Amazon EC2 instances and ensure they are properly hardened. Scan for vulnerabilities and malware, apply File Integrity Monitoring (FIM), check configuration against the CIS Benchmark for Linux, and monitor user access and activity. Create command-level audit trail for compliance and forensics.

Image Vulnerability
Scanning & Assurance

Prevent unauthorized images from running in your AWS environment. Continuously scan images stored in Amazon ECR to ensure that DevOps teams do not introduce vulnerabilities, bad configurations, or secrets into container images. Get actionable recommendations for remediation of security issues.

Serverless Function Risk assessment
and Mitigation

Continuously scan Lambda functions in AWS accounts to ensure that developers don’t introduce vulnerabilities into function code, leave access keys in environment variables, or create overly permissive roles. Define security policies for AWS Lambda functions and alert or prevent the execution of functions that violate the policies.

Protect Applications in Runtime

Prevent unvetted containers from running in your Amazon ECS, EKS and Fargate environments. Automatically create security policies based on container behavior and ensure that containers only do what they are supposed to do in the application context. Detect and prevent activities that violate policy, and defend against container-specific attack vectors.

Container-Level RBAC

Apply highly granular access control policies into containers at runtime via integration with AWS IAM roles. Define user access privileges according to role, allowing or preventing specific Docker actions, such as view, run, stop, view logs, and more.

Secrets Management

Leverage AWS KMS (key management store) to securely deploy secrets – such as passwords, keys and tokens – into containers at runtime. Aqua makes it easy to manage, rotate, and revoke secrets in containers with no downtime, running only in memory without persistence on disk.
The Ten Riskiest AWS Misconfigurations
This white paper delves into the most riskiest configurations and guides teams to help them pinpoint the potential risks in their own environments. The importance of auto-remediation and select examples on best practices for implementing is also covered.
Get the Whitepaper