Category: Containers

Containerization offers organizations significant benefits such as portability, scalability, and efficient resource utilization. However, managing access control and authorization for containerized workloads across diverse environments—from on-premises to multi-cloud setups—can be challenging. This blog post explores four architectural patterns that use HAQM Verified Permissions for application authorization in Kubernetes environments. Verified Permissions is a scalable permissions management and fine-grained […]

July 16, 2024: We updated the code in this post and some of the CloudFormation parameters. HAQM Elastic Kubernetes Service (HAQM EKS) offers a powerful, Kubernetes-certified service to build, secure, operate, and maintain Kubernetes clusters on HAQM Web Services (AWS). It integrates seamlessly with key AWS services such as HAQM CloudWatch, HAQM EC2 Auto Scaling, […]

In this post, we show you how to apply attribute-based access control (ABAC) while you store and manage your HAQM Elastic Kubernetes Services (HAQM EKS) workload secrets in AWS Secrets Manager, and then retrieve them by integrating Secrets Manager with HAQM EKS using External Secrets Operator to define more fine-grained and dynamic AWS Identity and […]

AWS Signer is a fully managed code-signing service to help ensure the trust and integrity of your code. It helps you verify that the code comes from a trusted source and that an unauthorized party has not accessed it. AWS Signer manages code signing certificates and public and private keys, which can reduce the overhead […]

In this blog post, I demonstrate how to implement service-to-service authorization using OAuth 2.0 access tokens for microservice APIs hosted on HAQM Elastic Kubernetes Service (HAQM EKS). A common use case for OAuth 2.0 access tokens is to facilitate user authorization to a public facing application. Access tokens can also be used to identify and […]