blog AWS PrivateLink.png

Image Scanning in VPCs with Aqua and AWS PrivateLink

Amazon Web Services announced today at re:Invent an to a recent feature PrivateLink, that enables AWS Virtual Private Cloud customers to consume apps outside their VPCs through service endpoints, using their own private IP addresses and security groups. This is a non-trivial task since VPCs are made to be isolated, so normally, making an external SaaS application accessible inside a VPC would be mission impossible.

PrivateLink solves that issue by creating a secure line of communication between the designated application and the VPC, but the application must be VPC-enabled to support it. At Aqua we recently launched our Pay-Per-Scan solution for scanning container images on the AWS Marketplace. At the same time, our team has been working diligently with the AWS team to make this offering support PrivateLink, and today we're proud to announce that we are one of the first vendors to support it.


Aqua Scanner PrivateLink Architecture

An Amazon VPC customer who wants to use the Aqua Scanner doesn't have to do any manual network configuration or use special credentials. All they need to do is subscribe to the Aqua Scanner on AWS Marketplace, and check a box to indicate a VPC deployment. Everything is provisioned and connected automatically within their VPC.

Forrester Report: Ten Basic Steps to Secure Software Containers. Download Today!

The Age of Flexible Security (or Secure Flexibility?)

While cloud applications strive to fulfill the promise of everything on demand, metered and available at a click of a button, they must satisfy the security requirements of enterprise users. Without that, they only offer flexbility in theory, not in practice. 

Likewise, security solutions must become more flexible -- not by relaxing the stringent controls they apply, but in how they are consumed and deployed. This is what our work to support PrivateLink is about. Amazon VPC customers can get on-demand security scanning for their container images from the AWS Marketplace, but still work strictly within the confines of their VPC. They can apply uniform controls across cloud and on-prem environments, and maintain separation between dev, staging and prod environments. Security and flexibility.

The VPC-enabled Aqua image scanner is available on the AWS Marketplace using a pay-per-scan consumption model. Give it a try!

Picture of Rani Osnat

Rani Osnat

Rani is the VP of Product Marketing and Strategy at Aqua. Rani has worked in enterprise software companies more than 25 years, spanning project management, product management and marketing, including a decade as VP of marketing for innovative startups in the cyber-security and cloud arenas. Previously Rani was also a management consultant in the London office of Booz & Co. He holds an MBA from INSEAD in Fontainebleau, France. Rani is an avid wine geek, and a slightly less avid painter and electronic music composer.

Cloud Operations, AWS Security, Image Vulnerability Scanning, VPC