Securing Container Workloads on AWS Bottlerocket

Securing Container Workloads on AWS Bottlerocket

We’ve been working with Amazon Web Services (AWS) to extend the Aqua cloud native security platform to support AWS Bottlerocket — a purpose-built, Linux-based, open source OS for running containers on virtual machines or bare metal hosts — which is now GA. This combined effort ensures that AWS customers who use this new OS will have complete access to Aqua’s capabilities.

This provides users with total freedom to use Bottlerocket for their containerized applications (including orchestrated environments like Amazon EKS) while gaining best-in-market protection with advanced security and runtime controls.

AWS Bottlerocket

The Aqua solution provides security controls for heterogeneous workloads, including a wide range of operating systems. Our cloud native platform complements the sleek Bottlerocket operating system with a low-resource footprint providing minimal operational overhead, without compromising on security controls, to secure a diverse range of containerized workloads. These controls span from blocking non-compliant images, file and package blocking, preventing mounting of restricted volumes, file integrity monitoring (FIM) and protection, monitoring and forensics of system calls, as well as network monitoring and segmentation capabilities.

"Aqua is pleased to support the new AWS Bottlerocket OS. Securing cloud infrastructure and application workloads at runtime is more critical than ever. We see the combination of Bottlerocket and Aqua as an opportunity for customers to reduce their attack surface by using a minimal OS, prevent attacks that leverage configuration errors, and protect applications from malware by enforcing security policies in real time." says Amir Jerbi, Co-founder & CTO at Aqua Security

Aqua adds advanced runtime protection to AWS Bottlerocket-based container workloads. This new AWS OS has improved resource utilization by using only essential components to create a reduced attack surface. Aqua’s additional security controls for the host OS, containerized applications, and orchestration layer reduces risk without increasing the attack surface or adding performance overhead. Aqua also delivers a layer of security with firewalling and workload segmentation that is fully supported on AWS Bottlerocket — while further restricting the potential damage of non-compliant workloads or malicious behavior.

Learn more about securing containerized workloads running on Bottlerocket using Aqua


Deepak Dalvi

Deepak is a Senior Product Manager at Aqua. His work focuses on runtime protection of Containers as well as Server Security. He has a strong Cybersecurity experience and he is M.S. in Information Technology (Cyber Security, Scientific Computing). Beyond work, he is an avid runner and has completed 5 Half Marathons in Boston.