How Snap Inc. secures its services with Amazon EKS
Containers Blog
The article discusses how Snap Inc. secures its microservices deployed on Amazon EKS (Elastic Kubernetes Service) and other AWS services. It explains Snap's approach to building, deploying, and running secure workloads on Kubernetes clusters across AWS and Google Cloud.
Specifically, the article covers:
- Bootstrap: Snap's security bootstrap includes authentication, authorization, and admission control layers for its Kubernetes-based multi-cloud environment, using tools like IAM roles for service accounts and admission controller webhooks.
- Build-time: Snap's Switchboard configuration hub allows service owners to manage Kubernetes clusters, service configurations, and data store access across AWS and GCP.
- Deployment-time: Snap's strategies for cluster access control, resource isolation, network partitioning, and container hardening.
- Run-time: Snap's approach to audit logging, runtime security monitoring using GuardDuty and Falco, and continuous monitoring of container workloads.
- Conclusion: Snap's evolution from monolith to microservices on Kubernetes, and their collaboration with AWS to implement a secure compute and data platform.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Nov 26
2025
2025
Snap Inc. uses Amazon CloudFront Origin Shield to improve download and upload latency
Dec 15
2025
2025
Amazon EKS introduces enhanced network security policies
Dec 29
2025
2025
Implementing assurance pipeline for Amazon EKS Platform
Jan 30
2025
2025
Enhancing Amazon EKS Security with SentinelOne’s Real-Time eBPF Protection on AWS
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.