Riyaz Faizullabhoy

Docker for AWS and Azure: Secure By Default Container Platform

Docker for AWS and Docker for Azure are much more than a simple way to setup Docker in the cloud. In fact they provision by default an infrastructure with security in mind to give you a secure platform to build, ship and run Docker apps in the cloud. Available for free in Community Edition and as a subscription with support and integrated management in Enterprise Edition, Docker for AWS and Docker for Azure allow you to leverage pre-configured security features for your apps today – without having to be a cloud infrastructure expert.

You don’t have to take our word for it – in February 2017, we engaged NCC Group, an independent security firm, to conduct a security assessment of Docker for AWS and Docker for Azure. Included in this assessment is Docker for AWS and Docker for Azure Community Edition and Enterprise Edition Basic. This assessment took place from February 6-17. NCC Group was tasked with assessing whether these Docker Editions not only provisioned secure infrastructure with sensible defaults, but also leveraged and integrated the best security features of each cloud. We’d like to openly share their findings with you today.

NCC Group evaluated our security model and defaults, including:

  • Cloud-specific access control with IAM roles in AWS and Service Principals in Azure to run enterprise workloads in a least-privileged manner
  • Network configuration settings, including newly provisioned load balancers that are dynamically updated as applications are created and updated
  • Underlying host network configuration review to provide minimal network exposure

We encourage you to review their full reports for Docker for AWS and Docker for Azure.

NCC Group does bring up some limitations of Docker for AWS and Azure, for example that access is managed with a single SSH key, which makes it impractical for bigger teams of developers and ops to share access. Docker has additional products:

Additionally, NCC Group has previously covered the Docker Engine’s security features in their whitepaper on hardening Linux Containers. This included evaluating runtime protections such as syscall filtering with seccomp and dropping Linux capabilities by default.

We’ve also worked with NCC Group to validate the cryptography and system security for Notary, our signing and verification framework that ensures Docker images are untampered and always up to date. Read the full report.

Docker is continuing to improve Docker for AWS and Azure (and GCP) to give users an easy-to-use way to configure secure container setups in the cloud. Click here to get started with Docker for AWS and Docker for Azure today.

, , , ,

Riyaz Faizullabhoy

Docker for AWS and Azure: Secure By Default Container Platform


3 Responses to “Docker for AWS and Azure: Secure By Default Container Platform”

  1. David

    Very informative post, thanks for sharing! I'll definitely be taking a closer look at the full reports. Security is extremely important to organizations, especially when considering different cloud vendors.

    Reply
  2. Stanford

    I'm confused. When I visit https://www.docker.com/aws, all the references are to Docker Data Center. How do I find information on Community Edition of Docker on AWS?

    Thanks,
    Stan

    Reply

Leave a Reply to David

Click here to cancel reply.

Get the Latest Docker News by Email

Docker Weekly is a newsletter with the latest content on Docker and the agenda for the upcoming weeks.