Protect your Amazon Web Service (AWS) containers with Defender for Containers

Defender for Containers in Microsoft Defender for Cloud is the cloud-native solution that is used to secure your containers so you can improve, monitor, and maintain the security of your clusters, containers, and their applications.

Learn more about Overview of Microsoft Defender for Containers.

You can learn more about Defender for Container's pricing on the pricing page.


Enable the Defender for Containers plan on your AWS account

To protect your EKS clusters, you need to enable the Containers plan on the relevant AWS account connector.

To enable the Defender for Containers plan on your AWS account:

  1. Sign in to the Azure portal.

  2. Search for and select Microsoft Defender for Cloud.

  3. In the Defender for Cloud menu, select Environment settings.

  4. Select the relevant AWS account.

    Screenshot of Defender for Cloud's environment settings page showing an AWS connector.

  5. Set the toggle for the Containers plan to On.

    Screenshot of enabling Defender for Containers for an AWS connector.

  6. To change optional configurations for the plan, select Settings.

    Screenshot of Defender for Cloud's environment settings page showing the settings for the Containers plan.

    • Defender for Containers requires control plane audit logs to provide runtime threat protection. To send Kubernetes audit logs to Microsoft Defender, toggle the setting to On. To change the retention period for your audit logs, enter the required time frame.


      If you disable this configuration, then the Threat detection (control plane) feature will be disabled. Learn more about features availability.

    • Agentless discovery for Kubernetes provides API-based discovery of your Kubernetes clusters. To enable the Agentless discovery for Kubernetes feature, toggle the setting to On.

    • The Agentless Container Vulnerability Assessment provides vulnerability management for images stored in ECR and running images on your EKS clusters. To enable the Agentless Container Vulnerability Assessment feature, toggle the setting to On.

  7. Select Next: Review and generate.

  8. Select Update.


To enable or disable individual Defender for Containers capabilities, either globally or for specific resources, see How to enable Microsoft Defender for Containers components.

Deploy the Defender sensor in EKS clusters

Azure Arc-enabled Kubernetes, the Defender sensor, and Azure Policy for Kubernetes should be installed and running on your EKS clusters. There's a dedicated Defender for Cloud recommendation that can be used to install these extensions (and Azure Arc if necessary):

  • EKS clusters should have Microsoft Defender's extension for Azure Arc installed

To deploy the required extensions:

  1. From Defender for Cloud's Recommendations page, search for one of the recommendations by name.

  2. Select an unhealthy cluster.


    You must select the clusters one at a time.

    Don't select the clusters by their hyperlinked names: select anywhere else in the relevant row.

  3. Select Fix.

  4. Defender for Cloud generates a script in the language of your choice:

    • For Linux, select Bash.
    • For Windows, select PowerShell.
  5. Select Download remediation logic.

  6. Run the generated script on your cluster.

    Video of how to use the Defender for Cloud recommendation to generate a script for your EKS clusters that enables the Azure Arc extension.

Next steps