Securing Your Amazon Web Service (AWS) Containers with Microsoft Defender for Containers

Microsoft Defender for Containers is a cloud-native solution that helps you improve, monitor, and maintain the security of your Kubernetes clusters, containers, and their applications across multi-cloud and hybrid environments.

Prerequisites

Before you can enable Defender for Containers on your AWS account, make sure you have:

  1. A Microsoft Azure subscription. If you don’t have one, you can sign up for a free Azure subscription.
  2. Enabled Microsoft Defender for Cloud on your Azure subscription.
  3. Connected your AWS account to Microsoft Defender for Cloud.
  4. Verified that your Kubernetes nodes can access the source repositories of your package manager. See the Network requirements for more details.
  5. Ensured that the Azure Arc-enabled Kubernetes network requirements are met.

Enable Defender for Containers on Your AWS Account

To protect your Amazon EKS (Elastic Kubernetes Service) clusters, you need to enable the Defender for Containers plan on the relevant AWS account connector. Here’s how:

  1. Sign in to the Azure portal.
  2. Search for and select Microsoft Defender for Cloud.
  3. In the Defender for Cloud menu, select Environment settings.
  4. Select the AWS account you want to enable Defender for Containers on.
  5. Set the toggle for the Containers plan to On.

You can also configure optional settings for Defender for Containers, such as:

  • Enabling control plane audit logs for runtime threat protection.
  • Enabling agentless discovery for Kubernetes to discover your clusters.
  • Enabling agentless container vulnerability assessment for ECR images and EKS clusters.

Deploy the Defender Sensor in EKS Clusters

To secure your EKS clusters, you need to install Azure Arc-enabled Kubernetes, the Defender sensor, and Azure Policy for Kubernetes. Defender for Cloud provides a dedicated recommendation to help you with this:

  1. In the Defender for Cloud Recommendations page, search for the recommendation “EKS clusters should have Microsoft Defender’s extension for Azure Arc installed”.
  2. Select an unhealthy cluster (do not select the cluster by its hyperlinked name).
  3. Click Fix to generate a script in either Bash or PowerShell.
  4. Download the remediation logic and run the generated script on your cluster.

By following these steps, you’ll have Defender for Containers enabled and the required extensions installed on your EKS clusters, providing comprehensive security for your container workloads.

Next Steps

Source: Protect your Amazon Web Service (AWS) accounts containers with Defender for Containers