- Newest
- Most votes
- Most comments
I'd recommend you always start by following the Security Pilla of the Well-Architected Framework.
https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/welcome.html
This will give you lots of best practices and which services you can use to improve security of your workloads.
The EKS Security Best Practives also will give you a lot of insights: https://aws.github.io/aws-eks-best-practices/security/docs/
Take also a look at Inspector, GuardDuty and Detective also: https://docs.aws.amazon.com/guardduty/latest/ug/kubernetes-protection.html
https://docs.aws.amazon.com/eks/latest/userguide/integration-detective.html
https://docs.aws.amazon.com/inspector/latest/user/scanning-ecr.html
And also, Security Hub to centralize and check your security posture. https://aws.amazon.com/pt/security-hub/
Here you can find a list of security services on AWS. Depending on what you want to protect and the architecture of your application, you will find a service to help you. These services are classified into:
- Identity and access management
- Detection and response
- Network and application protection
- Data protection
- Compliance
Hello.
Since it's easy to get started, I think the best first step is to enable AWS Security Hub.
Although AWS Security Hub is not a service you use to protect your services, it can help you identify configurations that do not follow security best practices for the services you use in your AWS account.
https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html
For example, with EKS, you can check whether it is set to not be accessible to the public.
https://docs.aws.amazon.com/securityhub/latest/userguide/eks-controls.html
Based on these inspection results, you can review your settings and use AWS more securely.
Depends on what your app is trying to achieve, but I d recommend:
- General EKS security posture: https://docs.aws.amazon.com/eks/latest/userguide/security.html
- IAM and security groups: https://aws.amazon.com/blogs/containers/using-iam-database-authentication-with-workloads-running-on-amazon-eks/
Relevant content
- asked 10 months ago
- asked a year ago
- Accepted Answerasked a month ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 20 days ago
- AWS OFFICIALUpdated 2 months ago
@Hernan many thanks for getting back to me. I already found that page. However, I was rather thinking of a more opinionated answer of where I have to set my priorities for making everything secure.