Containers
ECR
Amazon Elastic Container Registry(ECR)는 개발자가 Docker 컨테이너 이미지를 손쉽게 저장, 관리 및 배포할 수 있게 해주는 완전관리형 Docker 컨테이너 레지스트리입니다. ECR의 보안관련 기능들은 아래와 같습니다.
Bookmark
- Amazon Elastic Container Registry의 보안
- GIT - Clair : static analysis tool for container
- GIT - Anchore - 이미지에 대한 취약점 스캐닝 및 SW BOM 생성
- GIT - truffleHog - 이미지 상의 Secret 패턴 탐색
- GIT - hadolint
- GIT - dockerfile-lint
- GIT - Containers Roadmap
- Blog - Setting up AWS PrivateLink for Amazon ECS, and Amazon ECR
- Blog - AWS PrivateLink ECR cross account Fargate deployment
- Blog - Samsung Builds a Secure Developer Portal with Fargate and ECR
- Blog - How to build a CI/CD pipeline for container vulnerability scanning with Trivy and AWS Security Hub
- Blog - Native Container Image Scanning in Amazon ECR
- Blog - Automating image compliance for Amazon EKS using Amazon Elastic Container Registry and AWS Security Hub
- Blog - Introducing cross-account Amazon ECR access for AWS Lambda
ECS
Amazon Elastic Container Service(ECS)는 확장성이 뛰어난 고성능 컨테이너 오케스트레이션 서비스로서, Docker 컨테이너를 지원하며 AWS에서 컨테이너식 애플리케이션을 쉽게 실행하고 확장 및 축소할 수 있습니다. ECS의 보안관련 기능들은 아래와 같습니다.
Bookmark
- Amazon Elastic Container Service의 보안
- Fargate의 보안
- Using Bottlerocket with Amazon ECS
- GIT - Docker Bench for Security
- GIT - clair - static analysis of vulnerability in docker
- GIT - LUNAR - CIS 기준으로 Linux, Docker 등을 보안 점검하는 스크립트
- GIT - secret-sidecar - ECS Secret들을 Secret Manager에 안전하게 보관/관리하는 샘플
- GIT - Pumba: Chaos testing tool for Docker
- GIT - Fargate IR - Fargate환경에 대한 IR구성 템플릿, PoC 레벨임
- GIT - Containers Roadmap
- GIT - secret-sidecar - Secret Manager와 ECS 연계
- GIT - AWS Bottlerocket OS
- GIT - Using a Bottlerocket AMI with Amazon ECS
- GIT - Bottlerocket - Security Guidance
- GIT - Bottlerocket - Security Features
- GIT - Bottlerocket - Roadmaps
- Ext. - Docker and SELinux
- Ext. - Using OpenSCAP with Docker
- Ext. - How to protect a Windows 2016 Docker engine with TLS
- 가이드 - Access container applications privately on Amazon ECS by using AWS Fargate, AWS PrivateLink, and a Network Load Balancer
- 가이드 - Access container applications privately on Amazon ECS by using AWS PrivateLink and a Network Load Balancer
- 가이드 - Rotate credentials without restarting containers
- Blog - Managing Secrets for Amazon ECS Applications Using Parameter Store and IAM Roles for Tasks
- Blog - Maintaining Transport Layer Security All the Way to Your Container: Using the Network Load Balancer with Amazon ECS
- Blog - Maintaining Transport Layer Security all the way to your container part 2: Using AWS Certificate Manager Private Certificate Authority
- Blog - Centralized Container Logs with Amazon ECS and Amazon CloudWatch Logs
- Blog - Introducing atomic scan – Container vulnerability detection
- Blog - Detect vulnerabilities in the Docker images in your applications
- Blog - Anatomy of CVE-2019-5736: A runc container escape!
- Blog - Access Private applications on AWS Fargate using Amazon API Gateway PrivateLink
- Blog - Setting up AWS PrivateLink for Amazon ECS, and Amazon ECR
- Blog - Securing credentials using AWS Secrets Manager with AWS Fargate
- Blog - Samsung Builds a Secure Developer Portal with Fargate and ECR
- Blog - How to Run ECS Windows Task with group Managed Service Account (gMSA)
- Blog - Using Amazon ECS Exec to access your containers on AWS Fargate and Amazon EC2
- Blog - Security features of Bottlerocket, an open source Linux-based operating system
- Blog - Bottlerocket, A Year in the Life
- Blog - Control access to Amazon Elastic Container Service resources by using ABAC policies
- Blog - Announcing NVIDIA GPU support for Bottlerocket on Amazon ECS
- Blog - Securing Amazon Elastic Container Service applications using Application Load Balancer and Amazon Cognito
- Blog - Providing controlled internet access through centralised proxy servers using AWS Fargate and PrivateLink
EKS
Amazon Elastic Kubernetes Service(EKS)를 사용하면 AWS에서 Kubernetes를 사용하여 컨테이너식 애플리케이션을 손쉽게 배포, 관리 및 확장할 수 있습니다. EKS의 보안관련 기능들은 아래와 같습니다.
Bookmark
- Amazon EKS의 보안
- Deep Learning Containers
- 백서 - The definitive Guide to Securing Kubenetes
- 백서 - Amazon EKS Best Practices Guide for Security
- 외부 백서 - O'Reilly - Kubenetes Security
- 외부 백서 - Kubernetes Security White Papaer
- 백서 - Amazon EKS Best Practices Guide for Security
- GIT - Kubernetes Security on AWS
- GIT - public roadmap for AWS container services (ECS, ECR, Fargate, and EKS)
- GIT - Kubernetes Security - Best Practice Guide
- GIT - AWS IAM Authenticator for Kubernetes
- GIT - kube-monkey : randomly deletes Kubernetes (k8s) pods
- GIT - kube-bench - Kube worker node 보안 점검
- GIT - Containers Roadmap
- GIT - secret-sidecar - Secret Manager와 EKS 연계
- GIT - AWS EKS Secrets injector - Secret Manager와 EKS 연계
- GIT - Native Secrets - Secret Manager와 EKS 연계
- GIT - AWS Bottlerocket OS
- GIT - Using a Bottlerocket AMI with Amazon EKS
- GIT - Bottlerocket - Security Guidance
- GIT - Bottlerocket - Security Features
- GIT - Bottlerocket - Roadmaps
- GIT - Simulator
- GIT - aws-privateca-issuer
- QuickStart - HashiCorp Vault on Amazon EKS
- QuickStart - Federated Kubernetes Clusters Using Amazon EKS and KubeFed
- Ext. - Cloud Native Security Tutorial at KubeCon EU 2020 by Liz Rice & Michael Hausenblas
- Ext. -Using AWS KMS for application secrets in Kubernetes
- Ext. - On Securing the Kubernetes Dashboard
- Ext. - 11 Ways (Not) to Get Hacked
- Ext. - Securing the Base Infrastructure of a Kubernetes Cluster
- Ext. - Securing the Configuration of Kubernetes Cluster Components
- Ext. -Single Sign-On for Kubernetes: Dashboard Experience
- Ext. - Provider agnostic authentication and authorization in Kubernetes
- Support - How do I terminate HTTPS traffic on Amazon EKS workloads with ACM?
- 가이드 - Access container applications privately on Amazon EKS using AWS PrivateLink and a Network Load Balancer
- 가이드 - Configure mutual TLS authentication for applications running on Amazon EKS
- 가이드 - Rotate credentials without restarting containers
- Blog - Using Pod Security Policies with Amazon EKS Clusters
- Blog - Driving Continuous Security and Configuration Checks for Amazon EKS with Alcide Advisor
- Blog - How to rotate a WordPress MySQL database secret using AWS Secrets Manager in Amazon EKS
- Blog - Secure a Kubernetes Cluster with Pod Security Policies
- Blog - Securing Amazon EKS Using Lambda and Falco
- Blog - Introducing fine-grained IAM roles for service accounts
- Blog - GoDaddy - Kubernetes External Secrets - EKS Secret들을 Secret Manager에 저장,관리하는 방법에 대한 GoDaddy 블로그
- Blog - Keep your Kubernetes secrets in git with Kubesec - Kubernetes Secret들을 안전하게 저장, 관리하는 KubeSec에 대한 소개 블로그
- Blog - Using Gatekeeper as a drop-in Pod Security Policy replacement in Amazon EKS
- Blog - Manage Amazon EKS with Okta SSO
- Blog - Integrating LDAP/AD Users to Kubernetes RBAC with the AWS-IAM-Authenticator Community Project
- Blog - Automating image compliance for Amazon EKS using Amazon Elastic Container Registry and AWS Security Hub
- Blog - Introducing OIDC identity provider authentication for Amazon EKS
- Blog - Using EKS encryption provider support for defense-in-depth
- Blog - Implementing Runtime security in Amazon EKS using CNCF Falco
- Blog - Securing Kubernetes applications with AWS App Mesh and cert-manager
- Blog - How to use AWS Secrets & Configuration Provider with your Kubernetes Secrets Store CSI driver
- Blog - TLS-enabled Kubernetes clusters with ACM Private CA and Amazon EKS
- Blog - How to automate Amazon EKS preventative controls in CI/CD using CDK and OPA/Conftest
- Blog - Protecting your Amazon EKS web apps with AWS WAF
- Blog - Amazon EKS adds native support for Bottlerocket in Managed Node Groups
- Blog - Provisioning and Securing Bottlerocket OS-Based Amazon EKS Clusters Using Nirmata Kubernetes Platform
- Blog - How to use Application Load Balancer and Amazon Cognito to authenticate users for your Kubernetes web apps
- Blog - Secure end-to-end traffic on Amazon EKS using TLS certificate in ACM, ALB, and Istio
- Blog - Bottlerocket support for NVIDIA GPUs
- Blog - Building a multi-tenant Kubeflow environment on Amazon EKS using Amazon Cognito and ADFS
- Blog - Diving into IAM Roles for Service Accounts
- Blog - Implement a central ingress Application Load Balancer supporting private Amazon Elastic Kubernetes Service VPCs
- Blog - A quick path to Amazon EKS single sign-on using AWS SSO
- Blog - How to automate Amazon EKS preventative controls in CI/CD using CDK and OPA/Conftest
- Blog - Leverage AWS secrets stores from EKS Fargate with External Secrets Operator
- Blog - Building STIG-compliant AMIs for Amazon EKS
- Blog - Leveraging CNI custom networking alongside security groups for pods in Amazon EKS
- Blog - Build repeatable, secure, and extensible end-to-end machine learning workflows using Kubeflow on AWS
App Runner
AWS App Runner는 개발자가 사전 인프라 경험 없이도 컨테이너화된 웹 애플리케이션 및 API를 대규모로 빠르게 배포할 수 있도록 지원하는 완전관리형 서비스입니다. App Runner의 보안관련 기능들은 아래와 같습니다.
Bookmark
AWS App2Container
AWS App2Container(A2C)는 .NET과 Java 애플리케이션을 컨테이너화된 애플리케이션으로 현대화하는 명령줄 도구입니다. AWS App2Container의 보안관련 기능들은 아래와 같습니다.
Bookmark
Containers와 관련된 기타 유용한 링크들
- Blog - Advice on mitigating the Apache log4j security issue for EKS, ECS, and Fargate customers
- Blog - Cryptographic Signing for Containers
Remarks
- 이 사이트의 모든 내용은 바뀌거나 수정될 수 있습니다.
- 공식적인 상세한 내용은 http://aws.amazon.com 의 내용을 참조하십시오.
- 제공되는 내용에 이견이 있거나 잘못된 링크를 발견하시면, 관리자(gisunlim@amazon.com)에게 메일을 주시면 대단히 감사하겠습니다.
개인 정보 보호 정책 | 사이트 이용 약관 | © 2020, Amazon Web Services, Inc. 또는 자회사. All rights reserved.