Runecast Analyzer for AWS and Kubernetes

calendar Mar 25, 2021 (Last modified: Mar 25, 2021)monitoring security kubernetes aws  ·
Share on: linkedin copy

Since I decided to test Runecast in my lab recently I've mainly been looking at the vSphere capabilities.

Now I've also connected Runecast to a Kubernetes cluster and to an AWS account to see what we can get from that. The ability to get informed about security issues and best practices in the context of my environment is great. This saves me lot's of time digging in to AWS documentation as I get the information already digested and presented to me.

Let's take a look

AWS analysis

If you've worked with Runecast before you wouldn't be surprised that just by connecting your instance to an account and run an analysis you get direct value. I admit that the AWS environment I'm working with is very small, but still I get immediate value as Runecast tells me that I have 53 issues, where 32 are major ones.

AWS dashboard

Digging in to my Compute first I have 3 EC2 instances and an EKS cluster running in the environment. The EKS cluster is fine, but all of my EC2 instances have issues

Compute issues

From this I can see my three issues and the number of objects affected by each and can quickly determine if this is something I need to look at.

In this example all of the findings came from Runecast's Best practices analyzer. Let's take a look at the Issues concerning Management.

Management issues

Here we see that we also get some findings from the Center for Internet Security (CIS) profile. This shows that there's not only Runecast digested best practices available, but also profiles built on industry standards.

Kubernetes analysis

Switching focus to Kubernetes now, we'll take a look at a connection I've setup to a Kubernetes cluster running in my lab. The environment is running on Ubuntu VMs on vSphere.

Kubernetes dashboard

The results speaks for themselves, I guess I have some work in front of me to get things sorted..

Let's take a look at an issue

Kubelet certificate issue

We can see a certificate recommendation from the CIS profile, and we get detailed information about the issue and the rationale behind it.

The Best practices view gives us a nice list of recommendations where we can sort and filter based on severity etc

Kubernetes Best Practices

Summary

Hopefully this post have given a quick insight into what Runecast can do with regards to analyzing both AWS and Kubernetes environments and the value we can get from the analysis.

I for one know that it can save me a lot of time as I don't have to dig through lot's of KB articles and documentation to get generic recommendations and then try to fit that to my setup. Runecast delivers recommendations based on my environment which I can apply immediately, and it will continually monitor my setup.

Thanks for reading!

This page was modified on March 25, 2021: Fixed typo

Related Posts