Securing Container Workloads in AWS Hackathon (SECTY-HACK-AWS)

The challenges are connected – building on the previous one. The attendees will be faced with three challenges. They will be given an Elastic Kubernetes Service cluster running a demo application consisting of several microservices developed using Node.js. The challenges are briefly described below. Challenge 1: Who is who in the zoo? Introduction to user authentication and authorization while using Amazon Cognito and Elastic Kubernetes Service will start with the team looking to improve their solution's security. They will have access to Elastic Kubernetes Service running a demo application. The team will have to define and manage users’ level of access to EKS resources, keeping the whole system secured while still enabling every engineer to do what they need to do.

Challenge 2: Hush, hush The team will be introduced to the concept of using secrets in the Kubernetes cluster. They will need a manager for handling their secrets and for that they will use Amazon Secrets Manager. Once they create Amazon Secrets Manager and their secrets, they should edit their deployment templates to consume their newly created secrets and implement a CSI driver in their cluster.

Challenge 3: It’s time to create some order here After the team has implemented a user authentication and authorization strategy and stored the secrets in a secure place, the application in the EKS cluster is much more secure. However, that is nearly not enough to call their system secure. The team should also consider communication protocols between microservices (containers) internally and externally. To achieve that, they will have to add a set of rules for the cluster to abide by.