AWS Network Firewall Adds Container Attribute Inspection for EKS/ECS
AWS Network Firewall now supports container attribute-based rules for securing containerized workloads on EKS and ECS. This simplifies network security by allowing rules based on native constructs like namespaces and cluster names, rather than complex IP addresses. This enhancement is particularly beneficial for dynamic environments running generative AI applications, offering adaptive security and compliance.
- →Container attribute-based rules for EKS and ECS workloads
- →Enhanced security for generative AI applications
- →Centralized security and compliance
- →Availability and cost
Features (2) ›
- Container attribute-based rules for EKS and ECS workloads
AWS Network Firewall now allows security policies to be defined using native container constructs such as Namespace, Cluster Name, and Labels for Amazon EKS, and Cluster Name and Container Instance Attributes for Amazon ECS. This replaces the need for managing complex, brittle IP-based rules in dynamic container environments.
- Enhanced security for generative AI applications
This feature simplifies network security for containerized generative AI applications running on Amazon EKS and Amazon ECS. It enables features like TLS decryption for deep packet inspection, FQDN-based filtering, URL category filtering, and GeoIP filtering that adapt to container scaling.
Notes (2) ›
- Centralized security and compliance
The integration between AWS Network Firewall, Amazon EKS, and Amazon ECS facilitates centralized, multi-cluster security management. This helps organizations meet business and regulatory compliance requirements for their containerized environments.
- Availability and cost
Container attribute-based inspection is available at no additional cost as part of AWS Network Firewall. Support varies by AWS region.
https://aws.amazon.com/about-aws/whats-new/2026/06/aws-network-firewall-container-attributes-referencing