Securing Your AWS Container Workloads with Microsoft Defender for Containers
Securing Your AWS Container Workloads with Microsoft Defender for Containers
Microsoft Defender for Containers is a powerful cloud-native solution that helps you improve, monitor, and maintain the security of your container-based applications, regardless of where they run. In this comprehensive guide, we’ll walk through the steps to enable Defender for Containers for your Amazon Web Services (AWS) container workloads, ensuring your clusters, containers, and applications are protected.
Prerequisites
Before getting started, make sure you have the following in place:
- Azure Subscription: You’ll need an active Microsoft Azure subscription. If you don’t have one, you can sign up for a free Azure account.
- Defender for Cloud Enabled: Ensure you have enabled Microsoft Defender for Cloud on your Azure subscription.
- AWS Account Connected: Connect your AWS account to Microsoft Defender for Cloud to enable protection for your AWS resources.
- Kubernetes Network Requirements: Verify that your Kubernetes nodes can access the source repositories of your package manager, and ensure the Azure Arc-enabled Kubernetes network requirements are met.
Enabling Defender for Containers for Your AWS Account
To protect your Amazon Elastic Kubernetes Service (EKS) clusters, you need to enable the Defender for Containers plan on the relevant AWS account connector. Follow these steps:
- Sign in to the Azure portal and navigate to Microsoft Defender for Cloud.
- In the Defender for Cloud menu, select Environment settings.
- Select the AWS account you want to enable Defender for Containers for.
- Set the toggle for the Containers plan to On.
- (Optional) Customize the plan’s settings:
- Kubernetes Audit Logs: Enable this setting to provide runtime threat protection for your Kubernetes clusters.
- Agentless Discovery for Kubernetes: Enable this setting to leverage the Agentless discovery for Kubernetes feature.
- Agentless Container Vulnerability Assessment: Enable this setting to take advantage of the Agentless Container Vulnerability Assessment capabilities.
- Review the changes and select Update to apply the configuration.
Deploying the Defender Sensor in EKS Clusters
To ensure comprehensive protection for your EKS clusters, you need to install the Azure Arc-enabled Kubernetes, Defender sensor, and Azure Policy for Kubernetes extensions. Defender for Cloud provides a dedicated recommendation to help you with this process:
- In the Defender for Cloud portal, navigate to the Recommendations page and search for the recommendation titled ‘EKS clusters should have Microsoft Defender’s extension for Azure Arc installed’.
- Select an unhealthy cluster (remember to select the row, not the hyperlinked name).
- Click Fix to generate the necessary script.
- Choose the appropriate script (Bash for Linux, PowerShell for Windows) and download the remediation logic.
- Run the downloaded script on your EKS cluster to deploy the required extensions.
By following these steps, you’ve successfully enabled Defender for Containers for your AWS container workloads, ensuring comprehensive security for your applications.
For more advanced Defender for Containers configuration options, refer to the Enable Microsoft Defender for Containers documentation. Additionally, you can review the Overview of Microsoft Defender for Containers to learn more about the solution’s capabilities.
Source: Protect your Amazon Web Service (AWS) accounts containers with Defender for Containers