The objective was to highly secure the containerized workloads running on an Amazon EKS ( Elastic Kubernetes Service) Cluster.
First I would like to draw a strategy like I need to make the Amazon EKS Cluster endpoint private. Then would figure out the AWS Native services that can be used to secure the EKS Cluster like Amazon Guard Duty and Amazon Detective. I would like to use the Amazon Guard Duty Malware Protection feature on the Amazon EKS Cluster. By default, the API Server endpoint is public to the internet and access to the API Sever is secured using a combination of AWS IAM (Identity Access Management) and native Kubernetes RBAC (Role-based access control).I will implement RBAC, Namespaces and Quotas to secure the EKS Cluster.
