In this EKS-focused workshop, you will work with AWS EKS and Calico Cloud to learn how to improve the security posture of a cluster by using Calico Cloud to visualize traffic, use the policy recommender to get a baseline policy to secure workloads, implement zero-trust security for workloads to reduce the attack surface of applications running on EKS and to generate regular compliance reports to get a view of the security posture of the cluster once the policies have been applied.
In K8s, the network architecture is much flatter, IP addresses are ephemeral and thus creates a challenge for the more traditional means of securing workloads. However the need for security does not go away with Kubernetes and remains a critical requirement for cluster-admins, devops and seurity teams to efficiently and effectively secure clusters in the cloud. Any potential security tool must understand the dynamic nature of K8s components and configure on/report data that is relevent and valuable to ensure the correct decisions are made when securing and visualizing the effects of the applied security on Kubernetes clusters. Calico Cloud offers 3 observability tools, Service Graph, FlowViz and Kibana, that we will look at in more detail in this workshop along with network policies and using these tools to check and improve security posture by implementing a zero-trust policy model and to generate reports for the workloads to ensure compliance with security standards.
You will come away from this workshop with an understanding of how others in your industry are securing and observing cloud-native applications in AWS, along with best practices you can implement in your organization.
The estimated time to complete this workshop is 60-90 minutes.
- Cloud Professionals
- DevSecOps Professional
- Site Reliability Engineers (SRE)
- Solutions Architects
- Anyone interested in Calico Cloud :)
This workshop is organized in sequential modules. One module will build up on top of the previous module, so please, follow the order as proposed below.
Module 1 - Getting Started
Module 2 - Deploy an AWS EKS cluster
Module 3 - Connect the AWS EKS cluster to Calico Cloud
Module 4 - Observe traffic flows in Calico Cloud
Module 5 - Secure pod traffic using Calico Policy Recommendations
Module 6 - Zero-trust security for pod traffic
Module 7 - Compliance Reporting in Calico Cloud
Module 8 - Clean up
- Project Calico
- Calico Academy - Get Calico Certified!
- O’REILLY EBOOK: Kubernetes security and observability
- Calico Users - Slack
Follow us on social media
Note: The examples and sample code provided in this workshop are intended to be consumed as instructional content. These will help you understand how Calico Cloud can be configured to build a functional solution. These examples are not intended for use in production environments.