AWS Network Firewall now supports container attribute-based inspection for Amazon EKS and Amazon ECS
AWS Network Firewall introduces container attribute-based rules for Amazon EKS and ECS, simplifying security for containerized workloads by using native container constructs instead of IP-based rules.
AWS announces container attribute-based rules for AWS Network Firewall, simplifying security for containerized workloads on Amazon EKS and Amazon ECS. Users can now define firewall policies using native container constructs such as Namespace, Cluster Name, and Labels for EKS, and Cluster Name and Container Instance Attributes for ECS, eliminating the need to manage complex IP-based rules that break when pods scale or restart. As organizations adopt generative AI on EKS and ECS, this feature provides enterprise-grade network security controls for dynamic environments. Container attribute-based rules support TLS decryption for deep packet inspection, FQDN-based filtering, URL category filtering, and GeoIP filtering-all automatically adapting as containers scale. The native integration between AWS Network Firewall, EKS, and ECS enables centralized, multi-cluster security, helping meet compliance requirements. This feature is available at no additional cost as part of AWS Network Firewall. For a full list of supported regions, visit the AWS Capabilities by Region page.