Amazon EKS now supports assigning EC2 security groups to Kubernetes pods

Amazon EKS now supports assigning EC2 security groups to Kubernetes pods

  • September 22, 2020
Table of Contents

Amazon EKS now supports assigning EC2 security groups to Kubernetes pods

Amazon Elastic Kubernetes Service (EKS) customers can now leverage EC2 security groups to secure applications with varying network security requirements on shared cluster compute resources. Previously, all pods on a node shared the same security groups. While IAM roles for service accounts solves the pod level security challenge at the authentication layer, many organization’s compliance requirements also mandate network segmentation as an additional defense in depth step.

Kubernetes network policies provide an option for controlling network traffic within the cluster, but do not support controlling access to AWS resources outside the cluster. Now, network security rules that span pod to pod and pod to external AWS service traffic can be defined in a single place with EC2 security groups, and applied to individual pods and applications with Kubernetes native APIs. This makes it easy to achieve network security compliance in clusters that are shared across multiple teams and applications.

Source: amazon.com

Tags :
Share :
comments powered by Disqus

Related Posts

Ingress for Anthos—Multi-cluster Ingress and Global Service Load Balancing

Ingress for Anthos—Multi-cluster Ingress and Global Service Load Balancing

Ingress for Anthos is a Google cloud-hosted multi-cluster ingress controller for Anthos GKE clusters. Ingress for Anthos supports deploying shared load balancing resources across clusters and across regions enabling users to use a same load balancer with an anycast IP for applications running in a multi-cluster and multi-region topology. In simpler terms this allows users to place multiple GKE clusters located in different regions under one LoadBalancer.

Read More
Blog: Kubernetes 1.16: Custom Resources, Overhauled Metrics, and Volume Extensions

Blog: Kubernetes 1.16: Custom Resources, Overhauled Metrics, and Volume Extensions

Read More
B-21 stealth bomber running Kubernetes for better SDLC experience

B-21 stealth bomber running Kubernetes for better SDLC experience

The new stealth U.S. Air Force B-21 bomber has taken yet another key technological step toward being ready for war, through integrated computer automation designed to streamline information, improve targeting and offer pilots organized warzone information in real-time. Air Force and Northrop Grumman developers recently completedan essential software-empowered process intended to bring greater levels of information processing, data management and new measures of computerized autonomy,according to published statements from Air Force Acquisition Executive Dr. William Roper. Through virtualization and software-hardware synergy, B-21 sensors, computers and electronics can better scale, deploy and streamline procedural functions such as checking avionics specifics, measuring altitude and speed and integrating otherwise disparate pools sensor information.

Read More