Implementing zero-trust workload security on Amazon EKS with Calico

Whether you’re migrating to the cloud via lift-and-shift deployments, or re-architecting to a cloud-native architecture, the migration itself and adopting a microservices architecture is no easy feat. To accelerate their cloud-native journey, many organizations opt for a managed Kubernetes service, as the skill and resources required to run a container orchestration system at scale are demanding.

Fully integrated with core Amazon Web Services (AWS) technologies, easy-to-use, and most importantly, scalable, Amazon Elastic Kubernetes Service (EKS) is one of the most popular managed Kubernetes services for organizations running containerized applications in cloud.

The next immediate challenge after migrating to the cloud is security and compliance. As an AWS Competency Partner, Tigera’s suite of solutions, including Calico Cloud, Calico Enterprise, and Calico Open Source, are built to solve these challenges. These solutions are created with EKS security in mind, enabling users to implement zero-trust workload access controls along with microsegmentation to apply workload isolation during runtime.

In a new joint blog post with the AWS Partner Network, AWS Solutions Architect, Andrew Park, and Tigera’s Director of Solution and Partner Marketing, Dhiraj Sehgal, guides users through the journey of implementing zero-trust workload access controls and identity-aware microsegmentation for multi-tenant workloads in Amazon EKS. Learn how you can combine Calico Cloud and Amazon EKS to generate compliance reports and meet regulatory compliance requirements.

Blog highlights

Besides providing a detailed walkthrough on how you can enforce zero-trust workload access and microsegmentation for your EKS workloads, this blog is also written with Tigera’s AWS DevDays workshop in mind—meaning applicable examples and scenarios are included so you can follow along. Key highlights:

  • Enabling secure connections to external services outside of the cluster
  • The importance of zero-trust workload access controls and microsegmentation
  • Demo application with Online Boutique (previously known as Hipster Shop)
  • Zero-trust workload access controls scenarios for RecommendationService
  • Microsegmentation exercise using ProductCatalogService and RedisCart

Why read the blog?

First, cloud-native workloads are ephemeral, distributed, and dynamic—often without a fixed network address. As a result, conventional methods that rely on fixed network addresses cannot specify granular access controls at the workload level for Kubernetes and containers. Without granular, zero-trust workload-level access controls, containers can be exploited by vulnerabilities and bad actors.

Second, microsegmentation is used to control communication between microservices running in the cluster. Traditional security tools deployed at the network edge (primarily the firewall) can only screen north-south traffic between the network and external traffic sources and are unable to secure east-west traffic and traffic within data centers and distributed systems. Identity-aware microsegmentation creates secure “islands” within a distributed infrastructure, allowing administrators to control user-to-workload and workload-to-workload access from various locations. Zero trust security strategies success would not be possible without addressing these key areas.

Calico provides active, zero-trust security for cloud-native applications running on containerized workloads and in Kubernetes, making it available to cloud users in AWS and Amazon EKS. As a Cloud-Native Application Protection Platform (CNAPP), Calico helps prevent, detect, and remediate security issues throughout the build, deployment, and runtime stages.

There’s no better way to learn something than to apply it and see it in action—and this workshop-based blog is the perfect way to get started.

Read the blog now to start leveraging Calico Cloud and Amazon EKS together.

Join our mailing list

Get updates on blog posts, workshops, certification programs, new releases, and more!