Securing Your Amazon EKS Cluster - AWS Online Tech Talks

In this tech talk, we'll cover several security best practices for Amazon EKS. You'll learn more about the security features that enable data protection and access controls within your Amazon EKS clusters. You'll also understand configuration options and available tools through demos to help secure your Kubernetes clusters on Amazon EKS. Learning Objectives: *Learn the security features available to you in Amazon EKS *Learn how to secure your clusters with the various configuration options and tools *Learn several security best practices for Amazon EKS ***To learn more about the services featured in this talk, please visit: https://aws.amazon.com/eks 0:52 Agenda 1:59 Amazon EKS Security Primer 4:47 Amazon EKS Security Controls 9:48 Authentication - AWS IAM 12:04 Demo 1 15:01 Authentication - OIDC IDP 17:35 Demo 2 30:52 Audit logs and CloudWatch 31:35 EKS Best Practices for Security 36:06 Resources and links to security content 1. Control plane logging: https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html 2. Endpoint access: https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html 3. Authentication controls: https://docs.aws.amazon.com/eks/latest/userguide/managing-auth.html; https://www.youtube.com/watch?v=SaT5jn2f8Hk 4. ECR image scanning and encryption tech talks: https://www.youtube.com/watch?v=y6NI_K96DRs; https://www.youtube.com/watch?v=Q-76zbnJ_7c 5. IAM roles for services accounts: https://www.youtube.com/watch?v=lyMKskPXbEA; https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/ 6. Secrets Encryption tech talk: https://www.youtube.com/watch?v=d21JrnszG7Y 7. CIS EKS Benchmark overview demo: https://www.youtube.com/watch?v=HNL6Nx48xZI; https://www.youtube.com/watch?v=SxKIz2y8ANE 8. Security Groups for pods: https://www.youtube.com/watch?v=0SnzUrPyEQA 9. OIDC Identity Provider Authentication: https://docs.aws.amazon.com/eks/latest/userguide/authenticate-oidc-identity-provider.html; https://aws.amazon.com/blogs/containers/introducing-oidc-identity-provider-authentication-amazon-eks/ 10. Fargate Runtime Security SYS_PTRACE capability demo: https://www.youtube.com/watch?v=qOMDJyV_PMM 11. OPA admission controller security on EKS demo: https://www.youtube.com/watch?v=Lez1c2K8r1o Subscribe to AWS Online Tech Talks On AWS: https://www.youtube.com/@AWSOnlineTechTalks?sub_confirmation=1 Follow Amazon Web Services: Official Website: https://aws.amazon.com/what-is-aws Twitch: https://twitch.tv/aws Twitter: https://twitter.com/awsdevelopers Facebook: https://facebook.com/amazonwebservices Instagram: https://instagram.com/amazonwebservices ☁️ AWS Online Tech Talks cover a wide range of topics and expertise levels through technical deep dives, demos, customer examples, and live Q&A with AWS experts. Builders can choose from bite-sized 15-minute sessions, insightful fireside chats, immersive virtual workshops, interactive office hours, or watch on-demand tech talks at your own pace. Join us to fuel your learning journey with AWS. #AWS