HashiCorp and AWS Make it Easier to Secure Workloads in EKS with Vault
HashiCorp has partnered with AWS to enhance security on Amazon Elastic Kubernetes Service with Vault.
HashiCorp has partnered with Amazon Web Services (AWS) to make it easier to utilize HashiCorp Vault, our enterprise secrets management solution. Today’s launch with AWS allows you to enable and start up Vault instances in EKS. AWS has announced a new open source project called EKS Blueprints that aims to make it easier and faster for customers to adopt Amazon Elastic Kubernetes Service (EKS).
EKS Blueprints is an infrastructure as code framework that allows customers to easily configure and deploy consistent EKS clusters across accounts and regions. Customers have asked for the ability to leverage HashiCorp Terraform to help manage the lifecycle of EKS clusters, operational software that runs in each cluster, and the configuration for teams that need to run workloads in each cluster. EKS Blueprints was built to address this customer need.
» HashiCorp Vault Add-On for Amazon EKS
Kubernetes is a powerful and extensible container orchestration technology that allows developers to deploy and manage containerized applications at scale. Kubernetes also enables developers to leverage a wide range of popular open source tools, commonly referred to as Kubernetes add-ons. EKS add-ons allow you to configure, deploy, and update the operational software, or add-ons, that provide key functionality to support your Kubernetes applications.
HashiCorp has partnered with AWS to make it easier to manage and protect secrets (and sensitive data in general) in an EKS workflow. As part of the EKS Blueprints launch, AWS and HashiCorp have partnered to build an add-on repository that lets you enable and start up Vault instances in Kubernetes. The add-on also makes it faster and easier to start the Vault instance inside EKS; you can access Vault in EKS with one command. It’s as easy as enabling Vault in your workflow, as shown here:
module "eks_addons" {
source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons"
eks_cluster_id = module.eks_blueprints.eks_cluster_id
enable_vault = true
}
» About HashiCorp Vault
HashiCorp Vault provides the foundation for modern multi-cloud security. Vault was purpose-built in the cloud era to authenticate and access different clouds, systems, and endpoints, and to centrally store, access, and deploy secrets (API keys, credentials, etc.). It also provides a simple workflow to encrypt data in flight and at rest. Vault centrally manages and enforces access to secrets and systems based on trusted sources of application and user identity. Once the Vault add-on has been applied within EKS, you will need to set up Vault. New users can get up to speed by referencing the Getting Started Guide for Vault.
» Vault Add-on Repository Benefits
The Vault add-on for EKS makes it easier for customers to manage their secrets. Secrets management — a critical component when working with Kubernetes clusters — is a method for managing digital authentication credentials (secrets), including passwords, keys, APIs, and tokens for use in applications, services, privileged accounts, and other sensitive parts of an IT ecosystem. With the Vault add-on for EKS, secrets management can quickly be enabled in an EKS workflow with one command.
» Getting Started
EKS Blueprints for Terraform is a framework designed to help deploy and operate secure multi-account, multi-region EKS environments. EKS Blueprints are implemented in HashiCorp Terraform. To learn more, please visit the Guide for setting up your first EKS environment using EKS Blueprints. You can find the HashiCorp Vault add-on repository for AWS EKS on GitHub or in the HashiCorp Terraform Registry.
Call for collaboration: We’re looking for community members to provide feedback on the Vault add-on and to share interest in a potential HashiCorp Consul add-on for EKS. Please share feedback via these forms:
Sign up for the latest HashiCorp news
More blog posts like this one
Vault integrations with MongoDB, Private Machines, and walt.id strengthen customer security
Three new HashiCorp Vault ecosystem integrations extend security use cases for customers.
New Terraform integrations with Crowdstrike, Datadog, JFrog, Red Hat, and more
12 new Terraform integrations from 9 partners provide more options to automate and secure cloud infrastructure management.
Terraform delivers launch-day support for Amazon S3 Tables, EKS Hybrid Nodes, and more at re:Invent
The Terraform provider for AWS now enables users to manage a variety of new services just announced at re:Invent.