Protecting containers integrity is a vital part of ensuring their security when we utilize them in our infrastructure.
We already showed how to use CoreOS Clair and AWS Fargate to scan containers for vulnerabilities in a previous blogpost. However, container security needs to be integrated and continuous and vulnerability scanning is just one of the pieces of a complex solution which we call Docker Image Factory.
Image Factory is a tool that can be used as a part of a CI/CD process and its aim is to deliver a custom docker images which can then be used to spin up docker containers in Amazon Elastic Container Service (ECS).
It uses official Docker images from DockerHub or Amazon Marketplace, which are then additionally CIS-hardened and scanned for vulnerabilities with Clair.
The whole solution is written and deployed with Terraform and relies on core AWS services like:
If needed, Factory-produced images could be easily distributed across regions and other accounts in a secure manner.
Docker Image Factory was presented by Nikolay Bunev, Cloud Infrastructure Consultant at HeleCloud, during the 16thAWS Bulgaria User Group .
If you are willing to learn more about the solution you can take a peek at Nikolay Bunev’s presentation by following this link.
If you want to strengthen up your container security and have this solution incorporated into your infrastructure, do not hesitate to contact us.