Implementing zero-trust workload security on Amazon EKS with Calico

Whether you’re migrating to the cloud via lift-and-shift deployments, or re-architecting to a cloud-native architecture, the migration itself and adopting a microservices architecture is no easy feat. To accelerate their cloud-native journey, many organizations opt for a managed Kubernetes service, as the skill and resources required to run a container orchestration system at scale are demanding. Amazon Elastic Kubernetes Service (EKS) is one of the most popular managed Kubernetes services for organizations running containerized applications in cloud.

In a new joint blog post with the AWS Partner Network, AWS Solutions Architect, Andrew Park, and Tigera’s Director of Solution and Partner Marketing, Dhiraj Sehgal, guides users through the journey of implementing zero-trust workload access controls and identity-aware microsegmentation for multi-tenant workloads in Amazon EKS. Learn how you can combine Calico Cloud and Amazon EKS to generate compliance reports and meet regulatory compliance requirements.

Blog highlights

Besides providing a detailed walkthrough on how you can enforce zero-trust workload access and microsegmentation for your EKS workloads, this blog is also written with Tigera’s AWS DevDays workshop in mind—meaning applicable examples and scenarios are included so you can follow along. Key highlights:

  • Enabling secure connections to external services outside of the cluster
  • The importance of zero-trust workload access controls and microsegmentation
  • Demo application with Online Boutique (previously known as Hipster Shop)
  • Zero-trust workload access controls scenarios for RecommendationService
  • Microsegmentation exercise using ProductCatalogService and RedisCart

Why read the blog?

First, cloud-native workloads are ephemeral, distributed, and dynamic—often without a fixed network address. As a result, conventional methods that rely on fixed network addresses cannot specify granular access controls at the workload level for Kubernetes and containers. Without granular, zero-trust workload-level access controls, containers can be exploited by vulnerabilities and bad actors.

Second, microsegmentation is used to control communication between microservices running in the cluster. Traditional security tools deployed at the network edge (primarily the firewall) can only screen north-south traffic between the network and external traffic sources and are unable to secure east-west traffic and traffic within data centers and distributed systems. Identity-aware microsegmentation creates secure “islands” within a distributed infrastructure, allowing administrators to control user-to-workload and workload-to-workload access from various locations. Zero trust security strategies success would not be possible without addressing these key areas.

There’s no better way to learn something than to apply it and see it in action—and this workshop-based blog is the perfect way to get started.

Read the blog now to start leveraging Calico Cloud and Amazon EKS together.

Join our mailing list

Get updates on blog posts, workshops, certification programs, new releases, and more!

X