SlideShare ist ein Scribd-Unternehmen logo

Runtime Security across Kubernetes and AWS Fargate (CON317-R1) - AWS re:Invent 2018

Amazon Web Services
Amazon Web Services

Kubernetes enables you to run containerized workloads at scale on a cluster of virtual machines, while AWS Fargate offers a flexible way to run containers without having to manage servers. What are the best ways to protect these workloads against attacks? In this demo-rich chalk talk, including a live exploit, we explore how techniques like image scanning and runtime protection tools can provide innovative ways to control and secure your containerized applications, even when there is no way to directly access the hosts that they are running on.

1 von 16
Downloaden Sie, um offline zu lesen
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Runtime Security across Kubernetes and AWS Fargate Liz Rice Technology Evangelist, Aqua Security @lizrice C O N 3 1 7
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda Avoiding vulnerabilities in container images Beyond vulnerabilities to zero-days Building enforcement into a container wherever it runs
Known vulnerabilities in dependencies are the most common route to compromise and exploitation
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Scan container images for vulnerabilities
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Scanning as part of the build FROM wordpress:demo COPY microscanner /microscanner ARG token RUN /microscanner --html ${token} > /ms-out.html docker build -f Dockerfile.wp --build-arg=token=$TOKEN .
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Stop unexpected behavior at runtime
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Container deployment options
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Enforcement built into the image FROM wordpress COPY microenforcer /microenforcer COPY wp-policy.json /etc/aquasec/policy/policy.json ENTRYPOINT ["/microenforcer", "apache2-foreground"] docker build -f Dockerfile.wp .
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Enforcement as part of the task definition / pod Application container Sidecar container Task Definition
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
A full-day Summit focused on enterprise-level Kubernetes deployment with demanding security requirements. aquasec.com/kubesec2018
Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Liz Rice Aqua Security @lizrice
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Empfohlen

Mythical Mysfits: Monolith to Microservice with Docker and AWS Fargate (CON21...
Mythical Mysfits: Monolith to Microservice with Docker and AWS Fargate (CON21...Mythical Mysfits: Monolith to Microservice with Docker and AWS Fargate (CON21...
Mythical Mysfits: Monolith to Microservice with Docker and AWS Fargate (CON21...Amazon Web Services
 
Application Portability with Kubernetes (CMP310-S) - AWS re:Invent 2018
Application Portability with Kubernetes (CMP310-S) - AWS re:Invent 2018Application Portability with Kubernetes (CMP310-S) - AWS re:Invent 2018
Application Portability with Kubernetes (CMP310-S) - AWS re:Invent 2018Amazon Web Services
 
Running Kubernetes Across Multiple AWS Accounts (CON409) - AWS re:Invent 2018
Running Kubernetes Across Multiple AWS Accounts (CON409) - AWS re:Invent 2018Running Kubernetes Across Multiple AWS Accounts (CON409) - AWS re:Invent 2018
Running Kubernetes Across Multiple AWS Accounts (CON409) - AWS re:Invent 2018Amazon Web Services
 
Container Power Hour with Jess, Clare, and Abby (CON362) - AWS re:Invent 2018
Container Power Hour with Jess, Clare, and Abby (CON362) - AWS re:Invent 2018Container Power Hour with Jess, Clare, and Abby (CON362) - AWS re:Invent 2018
Container Power Hour with Jess, Clare, and Abby (CON362) - AWS re:Invent 2018Amazon Web Services
 
Kubernetes Clusters Security with Amazon EKS (CON338-R1) - AWS re:Invent 2018
Kubernetes Clusters Security with Amazon EKS (CON338-R1) - AWS re:Invent 2018Kubernetes Clusters Security with Amazon EKS (CON338-R1) - AWS re:Invent 2018
Kubernetes Clusters Security with Amazon EKS (CON338-R1) - AWS re:Invent 2018Amazon Web Services
 
Adding the Sec to Your DevOps Pipelines (SEC332-R1) - AWS re:Invent 2018
Adding the Sec to Your DevOps Pipelines (SEC332-R1) - AWS re:Invent 2018Adding the Sec to Your DevOps Pipelines (SEC332-R1) - AWS re:Invent 2018
Adding the Sec to Your DevOps Pipelines (SEC332-R1) - AWS re:Invent 2018Amazon Web Services
 
A Serverless Journey: AWS Lambda Under the Hood (SRV409-R1) - AWS re:Invent 2018
A Serverless Journey: AWS Lambda Under the Hood (SRV409-R1) - AWS re:Invent 2018A Serverless Journey: AWS Lambda Under the Hood (SRV409-R1) - AWS re:Invent 2018
A Serverless Journey: AWS Lambda Under the Hood (SRV409-R1) - AWS re:Invent 2018Amazon Web Services
 
Instrumenting Applications for Observability Using AWS X-Ray (DEV402-R2) - AW...
Instrumenting Applications for Observability Using AWS X-Ray (DEV402-R2) - AW...Instrumenting Applications for Observability Using AWS X-Ray (DEV402-R2) - AW...
Instrumenting Applications for Observability Using AWS X-Ray (DEV402-R2) - AW...Amazon Web Services
 

Empfohlen

Mythical Mysfits: Monolith to Microservice with Docker and AWS Fargate (CON21...
Mythical Mysfits: Monolith to Microservice with Docker and AWS Fargate (CON21...Mythical Mysfits: Monolith to Microservice with Docker and AWS Fargate (CON21...
Mythical Mysfits: Monolith to Microservice with Docker and AWS Fargate (CON21...Amazon Web Services
 
Application Portability with Kubernetes (CMP310-S) - AWS re:Invent 2018
Application Portability with Kubernetes (CMP310-S) - AWS re:Invent 2018Application Portability with Kubernetes (CMP310-S) - AWS re:Invent 2018
Application Portability with Kubernetes (CMP310-S) - AWS re:Invent 2018Amazon Web Services
 
Running Kubernetes Across Multiple AWS Accounts (CON409) - AWS re:Invent 2018
Running Kubernetes Across Multiple AWS Accounts (CON409) - AWS re:Invent 2018Running Kubernetes Across Multiple AWS Accounts (CON409) - AWS re:Invent 2018
Running Kubernetes Across Multiple AWS Accounts (CON409) - AWS re:Invent 2018Amazon Web Services
 
Container Power Hour with Jess, Clare, and Abby (CON362) - AWS re:Invent 2018
Container Power Hour with Jess, Clare, and Abby (CON362) - AWS re:Invent 2018Container Power Hour with Jess, Clare, and Abby (CON362) - AWS re:Invent 2018
Container Power Hour with Jess, Clare, and Abby (CON362) - AWS re:Invent 2018Amazon Web Services
 
Kubernetes Clusters Security with Amazon EKS (CON338-R1) - AWS re:Invent 2018
Kubernetes Clusters Security with Amazon EKS (CON338-R1) - AWS re:Invent 2018Kubernetes Clusters Security with Amazon EKS (CON338-R1) - AWS re:Invent 2018
Kubernetes Clusters Security with Amazon EKS (CON338-R1) - AWS re:Invent 2018Amazon Web Services
 
Adding the Sec to Your DevOps Pipelines (SEC332-R1) - AWS re:Invent 2018
Adding the Sec to Your DevOps Pipelines (SEC332-R1) - AWS re:Invent 2018Adding the Sec to Your DevOps Pipelines (SEC332-R1) - AWS re:Invent 2018
Adding the Sec to Your DevOps Pipelines (SEC332-R1) - AWS re:Invent 2018Amazon Web Services
 
A Serverless Journey: AWS Lambda Under the Hood (SRV409-R1) - AWS re:Invent 2018
A Serverless Journey: AWS Lambda Under the Hood (SRV409-R1) - AWS re:Invent 2018A Serverless Journey: AWS Lambda Under the Hood (SRV409-R1) - AWS re:Invent 2018
A Serverless Journey: AWS Lambda Under the Hood (SRV409-R1) - AWS re:Invent 2018Amazon Web Services
 
Instrumenting Applications for Observability Using AWS X-Ray (DEV402-R2) - AW...
Instrumenting Applications for Observability Using AWS X-Ray (DEV402-R2) - AW...Instrumenting Applications for Observability Using AWS X-Ray (DEV402-R2) - AW...
Instrumenting Applications for Observability Using AWS X-Ray (DEV402-R2) - AW...Amazon Web Services
 
Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...
Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...
Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...Amazon Web Services
 
Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018
Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018
Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018Amazon Web Services
 
Deploying Serverless .NET Applications (WIN323) - AWS re:Invent 2018
Deploying Serverless .NET Applications (WIN323) - AWS re:Invent 2018Deploying Serverless .NET Applications (WIN323) - AWS re:Invent 2018
Deploying Serverless .NET Applications (WIN323) - AWS re:Invent 2018Amazon Web Services
 
Use HPC on AWS for Physics-Based Simulation, ML, and Statistics in CAE (CMP32...
Use HPC on AWS for Physics-Based Simulation, ML, and Statistics in CAE (CMP32...Use HPC on AWS for Physics-Based Simulation, ML, and Statistics in CAE (CMP32...
Use HPC on AWS for Physics-Based Simulation, ML, and Statistics in CAE (CMP32...Amazon Web Services
 
Building BMW Group's Customer Engagement Platform on AWS (AMT305) - AWS re:In...
Building BMW Group's Customer Engagement Platform on AWS (AMT305) - AWS re:In...Building BMW Group's Customer Engagement Platform on AWS (AMT305) - AWS re:In...
Building BMW Group's Customer Engagement Platform on AWS (AMT305) - AWS re:In...Amazon Web Services
 
Keeping Secrets: Securing Your Data with AWS Cryptography (SEC353-R1) - AWS r...
Keeping Secrets: Securing Your Data with AWS Cryptography (SEC353-R1) - AWS r...Keeping Secrets: Securing Your Data with AWS Cryptography (SEC353-R1) - AWS r...
Keeping Secrets: Securing Your Data with AWS Cryptography (SEC353-R1) - AWS r...Amazon Web Services
 
Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...
Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...
Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...Amazon Web Services
 
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018Running Serverless at The Edge (CTD302) - AWS re:Invent 2018
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018Amazon Web Services
 
Protecting Game Servers Against DDoS Attacks (SEC420-R1) - AWS re:Invent 2018
Protecting Game Servers Against DDoS Attacks (SEC420-R1) - AWS re:Invent 2018Protecting Game Servers Against DDoS Attacks (SEC420-R1) - AWS re:Invent 2018
Protecting Game Servers Against DDoS Attacks (SEC420-R1) - AWS re:Invent 2018Amazon Web Services
 
CI/CD using AWS developer tools
CI/CD using AWS developer toolsCI/CD using AWS developer tools
CI/CD using AWS developer toolsAWS User Group Bengaluru
 
Update Your Developer Workflow for Cloud-Enabled Mobile Apps (MOB315-R1) - AW...
Update Your Developer Workflow for Cloud-Enabled Mobile Apps (MOB315-R1) - AW...Update Your Developer Workflow for Cloud-Enabled Mobile Apps (MOB315-R1) - AW...
Update Your Developer Workflow for Cloud-Enabled Mobile Apps (MOB315-R1) - AW...Amazon Web Services
 
Building Microservices with the Twelve Factor App Pattern on AWS
Building Microservices with the Twelve Factor App Pattern on AWSBuilding Microservices with the Twelve Factor App Pattern on AWS
Building Microservices with the Twelve Factor App Pattern on AWSAmazon Web Services
 
Run Kubernetes with Amazon EKS
Run Kubernetes with Amazon EKSRun Kubernetes with Amazon EKS
Run Kubernetes with Amazon EKSAmazon Web Services
 
Visualize and Monitor Live OTT Media Services on AWS (CTD402) - AWS re:Invent...
Visualize and Monitor Live OTT Media Services on AWS (CTD402) - AWS re:Invent...Visualize and Monitor Live OTT Media Services on AWS (CTD402) - AWS re:Invent...
Visualize and Monitor Live OTT Media Services on AWS (CTD402) - AWS re:Invent...Amazon Web Services
 
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018Amazon Web Services
 
Migrating to AWS Fargate (CON311-R1) - AWS re:Invent 2018
Migrating to AWS Fargate (CON311-R1) - AWS re:Invent 2018Migrating to AWS Fargate (CON311-R1) - AWS re:Invent 2018
Migrating to AWS Fargate (CON311-R1) - AWS re:Invent 2018Amazon Web Services
 
Best Practices: Building Private Serverless Microservices in your VPC (SRV349...
Best Practices: Building Private Serverless Microservices in your VPC (SRV349...Best Practices: Building Private Serverless Microservices in your VPC (SRV349...
Best Practices: Building Private Serverless Microservices in your VPC (SRV349...Amazon Web Services
 
Operations for Containerized Applications (CON334-R1) - AWS re:Invent 2018
Operations for Containerized Applications (CON334-R1) - AWS re:Invent 2018Operations for Containerized Applications (CON334-R1) - AWS re:Invent 2018
Operations for Containerized Applications (CON334-R1) - AWS re:Invent 2018Amazon Web Services
 
Deploying Your ONNX Deep Learning with Apache MXNet Model Server (AIM413) - A...
Deploying Your ONNX Deep Learning with Apache MXNet Model Server (AIM413) - A...Deploying Your ONNX Deep Learning with Apache MXNet Model Server (AIM413) - A...
Deploying Your ONNX Deep Learning with Apache MXNet Model Server (AIM413) - A...Amazon Web Services
 
Another Day in the Life of a Cloud Network Engineer at Netflix (NET312) - AWS...
Another Day in the Life of a Cloud Network Engineer at Netflix (NET312) - AWS...Another Day in the Life of a Cloud Network Engineer at Netflix (NET312) - AWS...
Another Day in the Life of a Cloud Network Engineer at Netflix (NET312) - AWS...Amazon Web Services
 
Breaking Containers: Chaos Engineering for Modern Applications on AWS (CON310...
Breaking Containers: Chaos Engineering for Modern Applications on AWS (CON310...Breaking Containers: Chaos Engineering for Modern Applications on AWS (CON310...
Breaking Containers: Chaos Engineering for Modern Applications on AWS (CON310...Amazon Web Services
 
From Code to a Running Container | AWS Floor28
From Code to a Running Container | AWS Floor28From Code to a Running Container | AWS Floor28
From Code to a Running Container | AWS Floor28Amazon Web Services
 

Weitere ähnliche Inhalte

Was ist angesagt?

Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...
Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...
Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...Amazon Web Services
 
Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018
Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018
Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018Amazon Web Services
 
Deploying Serverless .NET Applications (WIN323) - AWS re:Invent 2018
Deploying Serverless .NET Applications (WIN323) - AWS re:Invent 2018Deploying Serverless .NET Applications (WIN323) - AWS re:Invent 2018
Deploying Serverless .NET Applications (WIN323) - AWS re:Invent 2018Amazon Web Services
 
Use HPC on AWS for Physics-Based Simulation, ML, and Statistics in CAE (CMP32...
Use HPC on AWS for Physics-Based Simulation, ML, and Statistics in CAE (CMP32...Use HPC on AWS for Physics-Based Simulation, ML, and Statistics in CAE (CMP32...
Use HPC on AWS for Physics-Based Simulation, ML, and Statistics in CAE (CMP32...Amazon Web Services
 
Building BMW Group's Customer Engagement Platform on AWS (AMT305) - AWS re:In...
Building BMW Group's Customer Engagement Platform on AWS (AMT305) - AWS re:In...Building BMW Group's Customer Engagement Platform on AWS (AMT305) - AWS re:In...
Building BMW Group's Customer Engagement Platform on AWS (AMT305) - AWS re:In...Amazon Web Services
 
Keeping Secrets: Securing Your Data with AWS Cryptography (SEC353-R1) - AWS r...
Keeping Secrets: Securing Your Data with AWS Cryptography (SEC353-R1) - AWS r...Keeping Secrets: Securing Your Data with AWS Cryptography (SEC353-R1) - AWS r...
Keeping Secrets: Securing Your Data with AWS Cryptography (SEC353-R1) - AWS r...Amazon Web Services
 
Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...
Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...
Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...Amazon Web Services
 
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018Running Serverless at The Edge (CTD302) - AWS re:Invent 2018
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018Amazon Web Services
 
Protecting Game Servers Against DDoS Attacks (SEC420-R1) - AWS re:Invent 2018
Protecting Game Servers Against DDoS Attacks (SEC420-R1) - AWS re:Invent 2018Protecting Game Servers Against DDoS Attacks (SEC420-R1) - AWS re:Invent 2018
Protecting Game Servers Against DDoS Attacks (SEC420-R1) - AWS re:Invent 2018Amazon Web Services
 
Update Your Developer Workflow for Cloud-Enabled Mobile Apps (MOB315-R1) - AW...
Update Your Developer Workflow for Cloud-Enabled Mobile Apps (MOB315-R1) - AW...Update Your Developer Workflow for Cloud-Enabled Mobile Apps (MOB315-R1) - AW...
Update Your Developer Workflow for Cloud-Enabled Mobile Apps (MOB315-R1) - AW...Amazon Web Services
 
Building Microservices with the Twelve Factor App Pattern on AWS
Building Microservices with the Twelve Factor App Pattern on AWSBuilding Microservices with the Twelve Factor App Pattern on AWS
Building Microservices with the Twelve Factor App Pattern on AWSAmazon Web Services
 
Visualize and Monitor Live OTT Media Services on AWS (CTD402) - AWS re:Invent...
Visualize and Monitor Live OTT Media Services on AWS (CTD402) - AWS re:Invent...Visualize and Monitor Live OTT Media Services on AWS (CTD402) - AWS re:Invent...
Visualize and Monitor Live OTT Media Services on AWS (CTD402) - AWS re:Invent...Amazon Web Services
 
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018Amazon Web Services
 
Migrating to AWS Fargate (CON311-R1) - AWS re:Invent 2018
Migrating to AWS Fargate (CON311-R1) - AWS re:Invent 2018Migrating to AWS Fargate (CON311-R1) - AWS re:Invent 2018
Migrating to AWS Fargate (CON311-R1) - AWS re:Invent 2018Amazon Web Services
 
Best Practices: Building Private Serverless Microservices in your VPC (SRV349...
Best Practices: Building Private Serverless Microservices in your VPC (SRV349...Best Practices: Building Private Serverless Microservices in your VPC (SRV349...
Best Practices: Building Private Serverless Microservices in your VPC (SRV349...Amazon Web Services
 
Operations for Containerized Applications (CON334-R1) - AWS re:Invent 2018
Operations for Containerized Applications (CON334-R1) - AWS re:Invent 2018Operations for Containerized Applications (CON334-R1) - AWS re:Invent 2018
Operations for Containerized Applications (CON334-R1) - AWS re:Invent 2018Amazon Web Services
 
Deploying Your ONNX Deep Learning with Apache MXNet Model Server (AIM413) - A...
Deploying Your ONNX Deep Learning with Apache MXNet Model Server (AIM413) - A...Deploying Your ONNX Deep Learning with Apache MXNet Model Server (AIM413) - A...
Deploying Your ONNX Deep Learning with Apache MXNet Model Server (AIM413) - A...Amazon Web Services
 
Another Day in the Life of a Cloud Network Engineer at Netflix (NET312) - AWS...
Another Day in the Life of a Cloud Network Engineer at Netflix (NET312) - AWS...Another Day in the Life of a Cloud Network Engineer at Netflix (NET312) - AWS...
Another Day in the Life of a Cloud Network Engineer at Netflix (NET312) - AWS...Amazon Web Services
 

Was ist angesagt? (20)

Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...
Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...
Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...
 
Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018
Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018
Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018
 
Deploying Serverless .NET Applications (WIN323) - AWS re:Invent 2018
Deploying Serverless .NET Applications (WIN323) - AWS re:Invent 2018Deploying Serverless .NET Applications (WIN323) - AWS re:Invent 2018
Deploying Serverless .NET Applications (WIN323) - AWS re:Invent 2018
 
Use HPC on AWS for Physics-Based Simulation, ML, and Statistics in CAE (CMP32...
Use HPC on AWS for Physics-Based Simulation, ML, and Statistics in CAE (CMP32...Use HPC on AWS for Physics-Based Simulation, ML, and Statistics in CAE (CMP32...
Use HPC on AWS for Physics-Based Simulation, ML, and Statistics in CAE (CMP32...
 
Building BMW Group's Customer Engagement Platform on AWS (AMT305) - AWS re:In...
Building BMW Group's Customer Engagement Platform on AWS (AMT305) - AWS re:In...Building BMW Group's Customer Engagement Platform on AWS (AMT305) - AWS re:In...
Building BMW Group's Customer Engagement Platform on AWS (AMT305) - AWS re:In...
 
Keeping Secrets: Securing Your Data with AWS Cryptography (SEC353-R1) - AWS r...
Keeping Secrets: Securing Your Data with AWS Cryptography (SEC353-R1) - AWS r...Keeping Secrets: Securing Your Data with AWS Cryptography (SEC353-R1) - AWS r...
Keeping Secrets: Securing Your Data with AWS Cryptography (SEC353-R1) - AWS r...
 
Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...
Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...
Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...
 
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018Running Serverless at The Edge (CTD302) - AWS re:Invent 2018
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018
 
Protecting Game Servers Against DDoS Attacks (SEC420-R1) - AWS re:Invent 2018
Protecting Game Servers Against DDoS Attacks (SEC420-R1) - AWS re:Invent 2018Protecting Game Servers Against DDoS Attacks (SEC420-R1) - AWS re:Invent 2018
Protecting Game Servers Against DDoS Attacks (SEC420-R1) - AWS re:Invent 2018
 
CI/CD using AWS developer tools
CI/CD using AWS developer toolsCI/CD using AWS developer tools
CI/CD using AWS developer tools
 
Update Your Developer Workflow for Cloud-Enabled Mobile Apps (MOB315-R1) - AW...
Update Your Developer Workflow for Cloud-Enabled Mobile Apps (MOB315-R1) - AW...Update Your Developer Workflow for Cloud-Enabled Mobile Apps (MOB315-R1) - AW...
Update Your Developer Workflow for Cloud-Enabled Mobile Apps (MOB315-R1) - AW...
 
Building Microservices with the Twelve Factor App Pattern on AWS
Building Microservices with the Twelve Factor App Pattern on AWSBuilding Microservices with the Twelve Factor App Pattern on AWS
Building Microservices with the Twelve Factor App Pattern on AWS
 
Run Kubernetes with Amazon EKS
Run Kubernetes with Amazon EKSRun Kubernetes with Amazon EKS
Run Kubernetes with Amazon EKS
 
Visualize and Monitor Live OTT Media Services on AWS (CTD402) - AWS re:Invent...
Visualize and Monitor Live OTT Media Services on AWS (CTD402) - AWS re:Invent...Visualize and Monitor Live OTT Media Services on AWS (CTD402) - AWS re:Invent...
Visualize and Monitor Live OTT Media Services on AWS (CTD402) - AWS re:Invent...
 
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018
 
Migrating to AWS Fargate (CON311-R1) - AWS re:Invent 2018
Migrating to AWS Fargate (CON311-R1) - AWS re:Invent 2018Migrating to AWS Fargate (CON311-R1) - AWS re:Invent 2018
Migrating to AWS Fargate (CON311-R1) - AWS re:Invent 2018
 
Best Practices: Building Private Serverless Microservices in your VPC (SRV349...
Best Practices: Building Private Serverless Microservices in your VPC (SRV349...Best Practices: Building Private Serverless Microservices in your VPC (SRV349...
Best Practices: Building Private Serverless Microservices in your VPC (SRV349...
 
Operations for Containerized Applications (CON334-R1) - AWS re:Invent 2018
Operations for Containerized Applications (CON334-R1) - AWS re:Invent 2018Operations for Containerized Applications (CON334-R1) - AWS re:Invent 2018
Operations for Containerized Applications (CON334-R1) - AWS re:Invent 2018
 
Deploying Your ONNX Deep Learning with Apache MXNet Model Server (AIM413) - A...
Deploying Your ONNX Deep Learning with Apache MXNet Model Server (AIM413) - A...Deploying Your ONNX Deep Learning with Apache MXNet Model Server (AIM413) - A...
Deploying Your ONNX Deep Learning with Apache MXNet Model Server (AIM413) - A...
 
Another Day in the Life of a Cloud Network Engineer at Netflix (NET312) - AWS...
Another Day in the Life of a Cloud Network Engineer at Netflix (NET312) - AWS...Another Day in the Life of a Cloud Network Engineer at Netflix (NET312) - AWS...
Another Day in the Life of a Cloud Network Engineer at Netflix (NET312) - AWS...
 

Ähnlich wie Runtime Security across Kubernetes and AWS Fargate (CON317-R1) - AWS re:Invent 2018

Breaking Containers: Chaos Engineering for Modern Applications on AWS (CON310...
Breaking Containers: Chaos Engineering for Modern Applications on AWS (CON310...Breaking Containers: Chaos Engineering for Modern Applications on AWS (CON310...
Breaking Containers: Chaos Engineering for Modern Applications on AWS (CON310...Amazon Web Services
 
From Code to a Running Container | AWS Floor28
From Code to a Running Container | AWS Floor28From Code to a Running Container | AWS Floor28
From Code to a Running Container | AWS Floor28Amazon Web Services
 
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019AWS Summits
 
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019Amazon Web Services
 
Building Secure Services using Containers
Building Secure Services using ContainersBuilding Secure Services using Containers
Building Secure Services using ContainersAmazon Web Services
 
Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018
Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018
Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018Amazon Web Services
 
Come Out From Behind Your Firewall
Come Out From Behind Your FirewallCome Out From Behind Your Firewall
Come Out From Behind Your FirewallAmazon Web Services
 
Mastering Kubernetes on AWS - Tel Aviv Summit
Mastering Kubernetes on AWS - Tel Aviv SummitMastering Kubernetes on AWS - Tel Aviv Summit
Mastering Kubernetes on AWS - Tel Aviv SummitArun Gupta
 
CON410 - Deep Dive into Container Networking (re:Invent 2018)
CON410 - Deep Dive into Container Networking (re:Invent 2018)CON410 - Deep Dive into Container Networking (re:Invent 2018)
CON410 - Deep Dive into Container Networking (re:Invent 2018)aniait
 
Secure and Fast microVM for Serverless Computing using Firecracker
Secure and Fast microVM for Serverless Computing using FirecrackerSecure and Fast microVM for Serverless Computing using Firecracker
Secure and Fast microVM for Serverless Computing using FirecrackerArun Gupta
 
Building Microservices with the Twelve-Factor App Pattern - SRV346 - Chicago ...
Building Microservices with the Twelve-Factor App Pattern - SRV346 - Chicago ...Building Microservices with the Twelve-Factor App Pattern - SRV346 - Chicago ...
Building Microservices with the Twelve-Factor App Pattern - SRV346 - Chicago ...Amazon Web Services
 
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...Amazon Web Services
 
Amazon Elastic Container Service for Kubernetes (Amazon EKS) I AWS Dev Day 2018
Amazon Elastic Container Service for Kubernetes (Amazon EKS) I AWS Dev Day 2018Amazon Elastic Container Service for Kubernetes (Amazon EKS) I AWS Dev Day 2018
Amazon Elastic Container Service for Kubernetes (Amazon EKS) I AWS Dev Day 2018AWS Germany
 
Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...
Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...
Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...Amazon Web Services
 
More Containers Less Operations
More Containers Less OperationsMore Containers Less Operations
More Containers Less OperationsDonnie Prakoso
 
Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...Amazon Web Services
 
Build Models for Aerial Images Using Amazon SageMaker (AIM334) - AWS re:Inven...
Build Models for Aerial Images Using Amazon SageMaker (AIM334) - AWS re:Inven...Build Models for Aerial Images Using Amazon SageMaker (AIM334) - AWS re:Inven...
Build Models for Aerial Images Using Amazon SageMaker (AIM334) - AWS re:Inven...Amazon Web Services
 
Introduction To Containers - Builders Day Israel
Introduction To Containers - Builders Day IsraelIntroduction To Containers - Builders Day Israel
Introduction To Containers - Builders Day IsraelAmazon Web Services
 

Ähnlich wie Runtime Security across Kubernetes and AWS Fargate (CON317-R1) - AWS re:Invent 2018 (20)

Breaking Containers: Chaos Engineering for Modern Applications on AWS (CON310...
Breaking Containers: Chaos Engineering for Modern Applications on AWS (CON310...Breaking Containers: Chaos Engineering for Modern Applications on AWS (CON310...
Breaking Containers: Chaos Engineering for Modern Applications on AWS (CON310...
 
From Code to a Running Container | AWS Floor28
From Code to a Running Container | AWS Floor28From Code to a Running Container | AWS Floor28
From Code to a Running Container | AWS Floor28
 
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
 
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
 
Building Secure Services using Containers
Building Secure Services using ContainersBuilding Secure Services using Containers
Building Secure Services using Containers
 
EKS Workshop
EKS Workshop EKS Workshop
EKS Workshop
 
Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018
Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018
Day Two Operations of Kubernetes on AWS (GPSTEC309) - AWS re:Invent 2018
 
Come Out From Behind Your Firewall
Come Out From Behind Your FirewallCome Out From Behind Your Firewall
Come Out From Behind Your Firewall
 
Mastering Kubernetes on AWS - Tel Aviv Summit
Mastering Kubernetes on AWS - Tel Aviv SummitMastering Kubernetes on AWS - Tel Aviv Summit
Mastering Kubernetes on AWS - Tel Aviv Summit
 
CON410 - Deep Dive into Container Networking (re:Invent 2018)
CON410 - Deep Dive into Container Networking (re:Invent 2018)CON410 - Deep Dive into Container Networking (re:Invent 2018)
CON410 - Deep Dive into Container Networking (re:Invent 2018)
 
Secure and Fast microVM for Serverless Computing using Firecracker
Secure and Fast microVM for Serverless Computing using FirecrackerSecure and Fast microVM for Serverless Computing using Firecracker
Secure and Fast microVM for Serverless Computing using Firecracker
 
Building Microservices with the Twelve-Factor App Pattern - SRV346 - Chicago ...
Building Microservices with the Twelve-Factor App Pattern - SRV346 - Chicago ...Building Microservices with the Twelve-Factor App Pattern - SRV346 - Chicago ...
Building Microservices with the Twelve-Factor App Pattern - SRV346 - Chicago ...
 
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
 
Amazon Elastic Container Service for Kubernetes (Amazon EKS) I AWS Dev Day 2018
Amazon Elastic Container Service for Kubernetes (Amazon EKS) I AWS Dev Day 2018Amazon Elastic Container Service for Kubernetes (Amazon EKS) I AWS Dev Day 2018
Amazon Elastic Container Service for Kubernetes (Amazon EKS) I AWS Dev Day 2018
 
Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...
Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...
Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...
 
More Containers Less Operations
More Containers Less OperationsMore Containers Less Operations
More Containers Less Operations
 
Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...
 
Build Models for Aerial Images Using Amazon SageMaker (AIM334) - AWS re:Inven...
Build Models for Aerial Images Using Amazon SageMaker (AIM334) - AWS re:Inven...Build Models for Aerial Images Using Amazon SageMaker (AIM334) - AWS re:Inven...
Build Models for Aerial Images Using Amazon SageMaker (AIM334) - AWS re:Inven...
 
Introduction To Containers - Builders Day Israel
Introduction To Containers - Builders Day IsraelIntroduction To Containers - Builders Day Israel
Introduction To Containers - Builders Day Israel
 
Running Kubernetes on AWS.pdf
Running Kubernetes on AWS.pdfRunning Kubernetes on AWS.pdf
Running Kubernetes on AWS.pdf
 

Mehr von Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mehr von Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Runtime Security across Kubernetes and AWS Fargate (CON317-R1) - AWS re:Invent 2018

  • 1.
  • 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Runtime Security across Kubernetes and AWS Fargate Liz Rice Technology Evangelist, Aqua Security @lizrice C O N 3 1 7
  • 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda Avoiding vulnerabilities in container images Beyond vulnerabilities to zero-days Building enforcement into a container wherever it runs
  • 4. Known vulnerabilities in dependencies are the most common route to compromise and exploitation
  • 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Scan container images for vulnerabilities
  • 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Scanning as part of the build FROM wordpress:demo COPY microscanner /microscanner ARG token RUN /microscanner --html ${token} > /ms-out.html docker build -f Dockerfile.wp --build-arg=token=$TOKEN .
  • 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Stop unexpected behavior at runtime
  • 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Container deployment options
  • 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Enforcement built into the image FROM wordpress COPY microenforcer /microenforcer COPY wp-policy.json /etc/aquasec/policy/policy.json ENTRYPOINT ["/microenforcer", "apache2-foreground"] docker build -f Dockerfile.wp .
  • 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Enforcement as part of the task definition / pod Application container Sidecar container Task Definition
  • 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 14. A full-day Summit focused on enterprise-level Kubernetes deployment with demanding security requirements. aquasec.com/kubesec2018
  • 15. Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Liz Rice Aqua Security @lizrice
  • 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.