Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft Defender for Containers extends enterprise-grade security to your Amazon Elastic Kubernetes Service (EKS) clusters. It provides comprehensive protection through vulnerability scanning, runtime threat detection, software supply chain capabilities, and security posture management—all managed through Microsoft Defender for Cloud.
What is Defender for Containers?
Defender for Containers is a cloud-native security solution that protects your Kubernetes clusters wherever they run. For AWS environments, it provides comprehensive threat protection by combining vulnerability scanning, runtime threat detection, and security posture management into a unified platform managed through Microsoft Defender for Cloud.
Tip
For a comprehensive overview of Defender for Containers capabilities across all environments, see Overview of Microsoft Defender for Containers.
The solution helps security and DevOps teams identify vulnerabilities before deployment, detect and respond to runtime threats, and maintain security compliance across their container infrastructure.
How it works with AWS
Defender for Containers integrates with AWS services through a secure connector that bridges your AWS account with Microsoft Defender for Cloud. Once connected, the solution:
- Automatically discovers all EKS clusters in your AWS account
- Deploys lightweight security sensors to monitor runtime behavior
- Connects to Amazon ECR to scan container images for vulnerabilities
- Provides security recommendations based on AWS best practices
- Generates alerts for suspicious activities specific to EKS environments
This integration requires minimal configuration and works with existing AWS security tools. It complements services like AWS GuardDuty and AWS Security Hub.
Key capabilities
Defender for Containers provides comprehensive security coverage through four core protection areas:
| Capability | Description | Key Features |
|---|---|---|
| Vulnerability assessment | Continuously scans container images in Amazon ECR | • Scan on push and periodic rescanning • CVSS scoring and prioritization • Detailed remediation guidance • Integration with CI/CD pipelines |
| Runtime threat detection | Monitors EKS clusters in real-time for malicious activities | • Kubernetes audit log analysis • Container behavior monitoring • Network anomaly detection • Automated threat response |
| Security posture management | Evaluates cluster configurations against best practices | • CIS Kubernetes Benchmark • AWS security best practices • Custom compliance policies • Actionable recommendations |
| Gated deployment | Prevents vulnerable or misconfigured workloads from reaching production | • Block deployments based on vulnerability severity • Enforce security baselines for configurations • Integration with Azure Policy and admission controllers • DevOps pipeline gates |
Architecture overview
The Defender for Containers architecture on AWS includes several integrated components:
AWS Connector: Connects your AWS account to Microsoft Defender for Cloud by using IAM roles with minimal required permissions.
Defender Sensor: Runs as a DaemonSet on each EKS cluster. It collects runtime telemetry and security events without affecting application performance.
Azure Arc for Kubernetes: Enables Azure services on your EKS clusters by creating a secure, outbound connection to Azure.
Azure Policy Extension: Checks cluster configurations and workload settings to generate security recommendations.
These components work together to provide continuous security monitoring without needing inbound connections to your clusters or storing sensitive data outside your control.
Deployment options
Defender for Containers supports flexible deployment approaches to match your operational preferences:
- Azure portal deployment - Guided, visual experience that's ideal for initial setup and smaller environments.
- Infrastructure as Code - Use Azure CLI for repeatable, automated deployments.
- Command-line tools - Azure CLI and AWS CLI for scripting and CI/CD pipeline integration.
- REST APIs - Custom integrations and programmatic management at scale.
- Helm - Kubernetes package manager for sensor deployment.
Choose the approach that best fits your organization's deployment standards and automation requirements.
Prerequisites
Before deploying Defender for Containers on EKS, ensure you meet these requirements:
- Microsoft Defender for Cloud with appropriate permissions
- AWS account with IAM permissions to create roles
- EKS clusters running Kubernetes 1.19 or later
- Network connectivity from EKS to Azure endpoints (outbound HTTPS)
Note
For detailed prerequisites and setup instructions, see the deployment guides:
Pricing
For detailed pricing information and cost optimization strategies, see Microsoft Defender for Cloud pricing.
Next steps
Ready to secure your EKS clusters? Choose your deployment approach:
- Enable all components via portal - Recommended for initial setup with step-by-step guidance
- Deploy programmatically - For automation and infrastructure as code scenarios