Views:

Define Container Security policies to ensure protection and vulnerability detection for your containers during deployment and run time.

Container Security allows you to define cluster-wide policy rules and more granular, prioritized namespace rules to ensure that you can configure optimal protection to all of your Kubernetes containers during deployment and run time. Create and assign rulesets to both your Kubernetes and Amazon ECS clusters to ensure run time protection for all your containers.
The following table outlines the available policy actions.
Options
Description
Create a policy
Create a new policy (New) or copy the rules from an existing policy (Duplicate) as the basis for a new policy
In your policy rule settings, the policy action field defines what happens if the workload fails evaluation against the set policy. Two action types are supported:
  • Log: The violation is logged and an event with evaluation details is sent to TrendAI Vision One™ and can be viewed on the LogDeployment/Continuous tab. The workload is allowed to run in the cluster.
  • Block: The workload will be blocked from running in the cluster and an event with evaluation details is sent to TrendAI Vision One™ and can be viewed on the LogDeployment/Continuous tab.
    Note
    Note
    Because Amazon ECS admission control is slightly reactive and is triggered immediately when a workload is launched, block behaves more like terminate and behaves differently based on the workload type. For more information, see Managing Amazon ECS policies.
Modify a policy
Select any existing policy in the list to modify the policy settings
Delete a policy
Hover over the unneeded policy in the list and click the trash can icon that appears next to the policy name
Important
Important
You cannot delete active policies. You must remove the policy from all clusters before you can delete it from the list.
Related information