Amazon EKS monitoring and security with Sysdig

Amazon Elastic Kubernetes Service (Amazon EKS) – formerly known as Elastic Container Service for Kubernetes – provides Kubernetes as a managed service on AWS. EKS makes it easier to deploy, manage, and scale containerized applications using Kubernetes. The Sysdig Secure DevOps Platform – featuring Sysdig Monitor and Sysdig Secure – provide Amazon EKS monitoring and security from a single agent and unified platform. Sysdig helps AWS customers ship cloud apps faster by helping them see more, secure more, and save time in troubleshooting deployed microservices.

Container and orchestration insight for Amazon EKS

Why Sysdig is so effective for monitoring and securing Amazon EKS – and any Kubernetes environment – is our approach to container and orchestration integration.

  • ImageVision™ identifies and prevents images with vulnerabilities or misconfigurations from being shipped.

  • ContainerVision™ gives you request‐level visibility inside your containers and across microservices. It provides the in-depth metrics and events without invasive instrumentation.

  • ServiceVision™ integrates with Kubernetes to automatically enrich all your metrics and events with orchestration metadata.

In essence, these technologies help you pinpoint where in your pipeline or cluster there are security or performance issues that need attention. With the ability to visualize and segment information by Kubernetes logical resources, like namespace, deployment, or pod, you see exactly what services are impacted, and where.

Auto-tagging metrics with cloud and orchestrator metadata

Your Amazon EKS environment includes thousands of labels and tags exposed by your infrastructure, containers, and microservices. Sysdig automatically collects these labels and tags and lets you group and segment your metrics. Therefore, it’s easy to “slice and dice” your environment views. This includes physical (e.g. EC2 instances) and logical (e,g. Kubernetes nodes, pods, etc.) details to see your services in a rich and powerful way.

For Amazon EKS monitoring and security, this means you have at your fingertips in-depth views to give you insight at any level. This includes top-level dashboards to individual metrics and security-event views, all the way down the process level. So, when something happens, say a pod crash and restart loop, or a data exfiltration event, you’re able to dig into the details. In short, Sysdig helps you quickly find the needle in the haystack and fix the problem.

Getting started with Sysdig and Amazon EKS

Getting started with Sysdig on Amazon EKS is simple and straightforward. With a lightweight container-agent installation, shipped as a Docker container and deployed as a DaemonSet, you’re ready to go. Specifically, the DaemonSet installation with Kubernetes ensures that all Nodes run a Pod with Sysdig. It automatically adds the monitoring and security agent as nodes are added to your cluster, significantly reducing management overhead. Plus, in the event of node failure, as workloads spin up elsewhere, so will the Sysdig agent to ensure the availability of your monitoring and security. See how here.

As you deploy services in your environment, as a primary source of container activity, Sysdig monitors system calls at the kernel level. Once in place, it automatically collects deep information from your AWS instances, containers, and EKS. As a result, you get real-time monitoring and security including:

360-degree views of Amazon EKS with Sysdig

Once you’re up and running, with Sysdig provides many ways to explore, view and analyze your Amazon EKS environment.


Sysdig Spotlight gives you a quick overview of what’s been discovered in your environment. This includes application integrations that are running (or not), and the status of your running agents. Spotlight’s job is to help you maintain a healthy environment and see at-a-glance the status of your services on EKS.

EKS Sysdig Spotlight

Sysdig enables you to explore your Amazon EKS environment to see what’s happening at any level. You can view hosts and containers, or apply a Kubernetes grouping, drilling into your environment instead by something like AWS region > cluster > namespace > deployment > pods > containers. This provides an HTOP-like view of metrics like CPU, disk, memory, and network from the entire infrastructure down to the container-level. Color coding shows what’s abnormal for the purpose of helping you spot potential issues quickly. From here you can drill into dashboards and metric views automatically scoped by your selection in the explore tree.

EKS Sysdig Explore

Topology maps:

Automatically, Sysdig will create for you topology maps that you can use to view how your services, containers, and processes communicate, view response times and latency, check network traffic and view CPU utilization. You automatically see your EKS resources by region, availability zone, and cluster and can drill down to see fine-grained details.

EKS Sysdig Topology


With Dashboards, you can view a summary of things like pod health with kube-state-metrics and Kubernetes service health with Golden Signals. These dashboards (and more) are included “out of the box.” However, you can also build your own custom views for any EKS metrics or information that are most important to you.

EKS Sysdig dashboard


Adaptive alerts notify you automatically via email, PagerDuty, Slack, etc. when events occur.  For instance, you can set an alert for a metric that exceeds a threshold such as CPU utilization higher than 90%. What’s more, you can be notified if a violation occurs against your configured security policies. Kubernetes node out of disk? Deployments degraded? Pods crashing? Someone running an unauthorized program in a container? You’ll receive an alert immediately.

EKS Sysdig alerts

Security events:

For your security team, you can get a summary of events for the last hour, or the last week, etc. and drill into policy violations in your EKS deployment. For example, if there is an attempt to read sensitive files (e.g. files containing user/password/authentication information), you’ll be able to identify, block, and further investigate the issue.

EKS Sysdig security event


Finally, Sysdig simplifies security forensics and Kubernetes troubleshooting with system captures. Captures let you analyze system call and environment data and correlate details surrounding any alert or event using integrated open source Sysdig Inspect. Although your containers may be killed or gone, with Sysdig you’ll have the information you need for troubleshooting.

EKS Sysdig forensics troubleshooting

Learn more about Sysdig and Kubernetes

At Sysdig we invest a lot of effort into providing feature-rich support Kubernetes – and now Amazon EKS. In summary, our goal is to provide you with the intelligence you need to be successful. Whether you’re operating completely in the AWS cloud, or using AWS Outposts on prem, Sysdig will help you get results quickly by providing critical performance, health, and security insights.

On the whole, Sysdig solutions simplify your job of ensuring the containerized services you run on Amazon EKS are reliable, secure, and performing at their best. To learn more about what some of the largest companies in the world are doing with Docker, Kubernetes, Amazon, Sysdig Monitor and Sysdig Secure – download and read 6 Real-World Kubernetes Use Cases. Also, check out our related resources below.

Stay up to date

Sign up to receive our newest.

Related Posts

K8s security guide.

ECS, Fargate and EKS (Kubernetes on AWS) compared and explained in a nutshell