Description The Amazon CloudWatch Agent Operator FIPS container provides a FIPS-compliant implementation for managing and operating CloudWatch agents in Kubernetes environments. It automates the deployment, configuration, and lifecycle management of CloudWatch agents across clusters while maintaining FIPS 140-2 compliance for enhanced security in regulated environments.
Key Features Core capabilities and strengths of this container
FIPS 140-2 compliant implementation Automated CloudWatch agent management Kubernetes-native operator patterns Secure metrics and logs collection Common Use Cases Typical scenarios where this container excels
Government and regulated industry deployments Enterprise Kubernetes monitoring Compliance-focused observability Secure cloud-native operations Pull Latest Image Download the container image from the registry
docker pull clnstrt-images.cleanstart.com/$ORGANIZATION/amazon-cloudwatch-agent-operator-fips:latestdocker pull clnstrt-images.cleanstart.com/$ORGANIZATION/amazon-cloudwatch-agent-operator-fips:latest-devBasic Run Run the container with basic configuration
bash docker run -it --name cloudwatch-operator clnstrt-images.cleanstart.com/$ORGANIZATION/amazon-cloudwatch-agent-operator-fips:latestProduction Deployment Deploy with production security settings
bash docker run -d --name cloudwatch-operator-prod \
--read-only \
--security-opt=no-new-privileges \
--user 1000:1000 \
-v /var/run/kubernetes:/var/run/kubernetes \
clnstrt-images.cleanstart.com/$ORGANIZATION/amazon-cloudwatch-agent-operator-fips:latestVolume Mount Mount local directory for persistent data
bash docker run -v $(pwd)/config:/etc/cloudwatch-agent/config clnstrt-images.cleanstart.com/$ORGANIZATION/amazon-cloudwatch-agent-operator-fips:latestPort Forwarding Run with custom port mappings
bash docker run -p 8080:8080 clnstrt-images.cleanstart.com/$ORGANIZATION/amazon-cloudwatch-agent-operator-fips:latestEnvironment Variables Configuration options available through environment variables
AWS_REGION AWS region for CloudWatch us-east-1OPERATOR_NAME Name of the operator deployment cloudwatch-agent-operatorLOG_LEVEL Logging level configuration infoMETRICS_PORT Metrics endpoint port 8080Security Best Practices Recommended security configurations and practices
Verify FIPS mode is enabled and properly configured Use IAM roles for authentication Implement proper RBAC policies Regular security patch updates Monitor operator logs for security events Use secure communication channels Implement network policies Regular security audits Kubernetes Security Context Recommended security context for Kubernetes deployments
yaml securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefaultDocumentation Resources Essential links and resources for further information