Skip to main content

HashiCorp and AWS Make it Easier to Secure Workloads in EKS with Vault

HashiCorp has partnered with AWS to enhance security on Amazon Elastic Kubernetes Service with Vault.

HashiCorp has partnered with Amazon Web Services (AWS) to make it easier to utilize HashiCorp Vault, our enterprise secrets management solution. Today’s launch with AWS allows you to enable and start up Vault instances in EKS. AWS has announced a new open source project called EKS Blueprints that aims to make it easier and faster for customers to adopt Amazon Elastic Kubernetes Service (EKS).

EKS Blueprints is an infrastructure as code framework that allows customers to easily configure and deploy consistent EKS clusters across accounts and regions. Customers have asked for the ability to leverage HashiCorp Terraform to help manage the lifecycle of EKS clusters, operational software that runs in each cluster, and the configuration for teams that need to run workloads in each cluster. EKS Blueprints was built to address this customer need.

»HashiCorp Vault Add-On for Amazon EKS

Kubernetes is a powerful and extensible container orchestration technology that allows developers to deploy and manage containerized applications at scale. Kubernetes also enables developers to leverage a wide range of popular open source tools, commonly referred to as Kubernetes add-ons. EKS add-ons allow you to configure, deploy, and update the operational software, or add-ons, that provide key functionality to support your Kubernetes applications.

HashiCorp has partnered with AWS to make it easier to manage and protect secrets (and sensitive data in general) in an EKS workflow. As part of the EKS Blueprints launch, AWS and HashiCorp have partnered to build an add-on repository that lets you enable and start up Vault instances in Kubernetes. The add-on also makes it faster and easier to start the Vault instance inside EKS; you can access Vault in EKS with one command. It’s as easy as enabling Vault in your workflow, as shown here:

module "eks_addons" {
  source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons"
 
  eks_cluster_id = module.eks_blueprints.eks_cluster_id
  enable_vault   = true
}

»About HashiCorp Vault

HashiCorp Vault provides the foundation for modern multi-cloud security. Vault was purpose-built in the cloud era to authenticate and access different clouds, systems, and endpoints, and to centrally store, access, and deploy secrets (API keys, credentials, etc.). It also provides a simple workflow to encrypt data in flight and at rest. Vault centrally manages and enforces access to secrets and systems based on trusted sources of application and user identity. Once the Vault add-on has been applied within EKS, you will need to set up Vault. New users can get up to speed by referencing the Getting Started Guide for Vault.

»Vault Add-on Repository Benefits

The Vault add-on for EKS makes it easier for customers to manage their secrets. Secrets management — a critical component when working with Kubernetes clusters — is a method for managing digital authentication credentials (secrets), including passwords, keys, APIs, and tokens for use in applications, services, privileged accounts, and other sensitive parts of an IT ecosystem. With the Vault add-on for EKS, secrets management can quickly be enabled in an EKS workflow with one command.

»Getting Started

EKS Blueprints for Terraform is a framework designed to help deploy and operate secure multi-account, multi-region EKS environments. EKS Blueprints are implemented in HashiCorp Terraform. To learn more, please visit the Guide for setting up your first EKS environment using EKS Blueprints. You can find the HashiCorp Vault add-on repository for AWS EKS on GitHub or in the HashiCorp Terraform Registry.

Call for collaboration: We’re looking for community members to provide feedback on the Vault add-on and to share interest in a potential HashiCorp Consul add-on for EKS. Please share feedback via these forms:

Sign up for the latest HashiCorp news

By submitting this form, you acknowledge and agree that HashiCorp will process your personal information in accordance with the Privacy Policy.