Tag: security

Paul Vixie, VP/ Distinguished Engineer of Security at AWS, explains why bugs discovered in DNS 14 years ago are still causing problems for software today, despite the existence of a patch.

We are excited to announce that we are making new Open Distro for Elasticsearch security features available on Amazon Elasticsearch Service. Amazon Elasticsearch Service is frequently used for sensitive enterprise workloads, and today’s launch adds multiple capabilities to give you even tighter control over your data. New features include the ability to use roles to […]

Here at AWS we focus first and foremost on customer needs. In the context of access control in Amazon EKS, you asked in issue #23 of our public container roadmap for fine-grained IAM roles in EKS. To address this need, the community came up with a number of open source solutions, such as kube2iam, kiam, […]

You asked for it and with Kubernetes 1.13 we have enabled it:  Amazon Elastic Container Service for Kubernetes (EKS) now supports Pod Security Policies. In this post we will review what PSPs are, how to enable them in the Kubernetes control plane and how to use them, from both the cluster admin and the developer perspective. What is a Pod Security Policy and […]

中文版 – Open Distro for Elasticsearch ships with an advanced security plugin. The plugin comes pre-configured with a number of different users and default passwords for them – of course, you will want to change those defaults! Passwords for some of the preconfigured users—kibanaro, logstash, readall, and snapshotrestore—are available to change in the Security UI in Kibana. […]

中文版 One of the popular options for automated security, compliance, and cost management solutions in the cloud is Cloud Custodian, an open source project sponsored by Capital One. Cloud Custodian is a flexible rules engine with policies written in simple YAML configuration files, with support for over 144 AWS resource types. However, because Cloud Custodian […]

中文版 Intrusion and abnormality detection are important tools for stronger run-time security in applications deployed in containers on Amazon EKS clusters. In this post, Michael Ducy of Sysdig explains how Falco, a CNCF Sandbox Project, generates an alert when an abnormal application behavior is detected. AWS Lambda functions can then be configured to pass those […]

中文版 Amazon Web Services announced today at redisconf that it is open sourcing encryption-in-transit for Redis, the leading in-memory key-value data store. Amazon ElastiCache for Redis added the encryption-in-transit feature last year to help our customers encrypt their Redis data sets and satisfy compliance requirements. We learned from our customers, and designed a solution that […]

中文版 In 2015, AWS introduced s2n, a new open source implementation of the TLS/SSL protocols that protect the privacy and integrity of data moving over a network. s2n was designed to be secure, simple, small, and fast. The project is thriving, and we use it extensively. In February, our CISO Stephen Schmidt shared that “we […]