![]() The following walkthrough is a solution for hardening and validating an Amazon EKS optimized Bottlerocket AMI against Level 2.Īmazon EKS optimized Bottlerocket AMI support for CIS Benchmark A Level 2 profile is intended for environments or use cases where security is paramount, acts as a defense in depth measure, and may negatively inhibit the utility or performance of the technology.A Level 1 profile is intended to be practical and prudent, provide a clear security benefit, and not inhibit the utility of the technology beyond acceptable means. ![]() The CIS Bottlerocket Benchmark defines two profiles for hardening (i.e., Level 1 and Level 2): Amazon EKS optimized Bottlerocket AMI hardening process This post also illustrates how to continuously validate the worker nodes against the Benchmark after deployment to minimize the risk of security configuration drift. This post provides detailed, step-by-step instructions on how customers can bootstrap an Amazon EKS optimized Bottlerocket Amazon Machine Image (AMI) for the requirements of the CIS Bottlerocket Benchmarks. If an organization needs to ensure compliance, the organization must implement the CIS Benchmark for Bottlerocket. Bottlerocket is a Linux-based open-source operating system that is purpose-built by Amazon Web Services for containers. However, many organizations also need to harden the operating system on the worker nodes for security and compliance purposes. For Amazon EKS clusters, it’s strongly recommended to follow the CIS Amazon EKS Benchmark. They define various Benchmarks for the Kubernetes control plane and the data plane. The Center for Internet Security (CIS) Benchmarks are best practices for the secure configuration of a target system. Many Amazon Elastic Kubernetes Service ( Amazon EKS) customers, especially enterprise customers from the Banking and Finance industry, are looking for guidance from AWS on hardening Amazon EKS. These workloads have a stringent requirement to adhere to various security and compliance controls. Security is one of the primary design criteria for many workloads, especially those dealing with sensitive data such as financial data processing. As Kubernetes adoption grows, many organizations are choosing it as their platform to build and host their modern and secure applications.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |