{"data":{"id":"fc96d55f-4532-408f-a5b1-0545393d7064","title":"Secure Amazon container workloads using container attribute-based rules in AWS Network Firewall","summary":"AWS Network Firewall now supports container attribute-based rules that let you write firewall rules for Kubernetes pods using their attributes (like namespace and pod name) instead of their IP addresses, which constantly change as containers restart or scale. This solves the problem of maintaining static firewall rules in dynamic container environments, and it enriches security logs with container context so security teams can trace blocked traffic back to its source workload.","solution":"The source describes the feature itself as the solution rather than a separate mitigation. It states: 'When you create a container association and link it to your EKS cluster, Network Firewall automatically discovers and tracks the pods that match your defined attributes (namespace, labels, cluster name) and resolves them to their current IP addresses. As pods scale up or restart, the firewall dynamically updates the IP-to-attribute mapping in near real-time and no manual rule updates are required.' The feature is included in the base tier of Network Firewall at no additional charge. Example rules are provided using Suricata rule syntax with container attribute aliases (e.g., @ecommerce_pods) to define Layer 7 application rules and pod group rules.","labels":["security"],"sourceUrl":"https://aws.amazon.com/blogs/security/secure-amazon-container-workloads-using-container-attribute-based-rules-in-aws-network-firewall/","publishedAt":"2026-07-01T19:40:22.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"info","attackType":[],"issueType":"news","affectedPackages":null,"affectedVendors":["Amazon"],"affectedVendorsRaw":["Amazon","AWS","Amazon EKS","Amazon ECS"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-07-01T19:40:22.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.8,"researchCategory":null,"atlasIds":null}}