SETU Carlow

Implementing Runtime Security Monitoring for AWS Container Clusters

David Williams

Cybersecurity and IT Security

SETU - South East Technological University


4th year

Project Overview

Detailed Analysis and Visuals

This project investigates providing security monitoring for containers in AWS using external security tools e.g., open source Falco, Calico.

Secure AWS Container Clusters
Visual representation of AWS Container Security


AWS, ECS, Security Monitoring, CloudWatch, CloudTrail, Lambda, Falco, VMware, Ubuntu

Project Description

Securing containers requires using cloud-compatible intrusion detection and prevention tools. AWS provides its own services like AWS Firelens integrated with third-party tools supporting customizable policy rules. Falco provides security monitoring for containers in AWS. It is an open-source tool that can be integrated with AWS ECS and EKS. It can be used to monitor container activities and detect security threats in real-time. This project aims to implement Falco for security monitoring in AWS container clusters. It will involve setting up Falco on AWS ECS and EKS clusters, configuring Falco rules, and monitoring container activities using Falco alerts.