suniljames
commented
1 year ago Very supportive of this idea!
Open LukeMwila opened 1 year ago
suniljames
commented
1 year ago Very supportive of this idea!
esweiss
commented
1 year ago Excellent idea!
Community Note
Tell us about your request I would like AWS to have a managed SPIRE service that integrates with compute services like EKS, ECS and Fargate. This would simplify the issuance and validation of SPIFFE identities for workloads and infrastructure, as well as enable mTLS across compute services, platforms and environments.
Which service(s) is this request for? EKS, ECS, Fargate
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard? Most container workloads exist in larger architectures comprising different compute environments in the cloud and on-prem. Establishing secure communication between applications in such convoluted environments is hard without a standard approach to identity issuance and validation. SPIRE enables this by creating a zero-trust foundation for communication across complex environments. However, configuring, deploying and maintaining SPIRE components such as the SPIRE Server and Data Store introduces a new layer of management and complexity. In addition to this, there are number of activities in monitoring the SPIRE lifecycle events such as attestation attempts, identity requests, issuances, and rotations, as well as registrations and de-registrations. This operational overhead is time consuming and requires a lot of planning and plumbing to secure continuously changing and complex environments.
Are you currently working around this issue? Self-management with internal platform teams and partnering with dedicated teams/consultants to run and manage SPIRE.
Additional context None at this time
Attachments If you think you might have additional information that you'd like to include via an attachment, please do - we'll take a look. (Remember to remove any personally-identifiable information.)