* [Blog](https://www2.paloaltonetworks.com/blog)
* [Cloud Security](https://www2.paloaltonetworks.com/blog/cloud-security/)
* [Announcement](https://www2.paloaltonetworks.com/blog/category/announcement/)
* Prisma Cloud Secures Cont...

# Prisma Cloud Secures Containerized Apps on AWS-Optimized Bottlerocket

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fsecure-containerized-app-aws-bottlerocket%2F)  
[](https://twitter.com/share?text=Prisma+Cloud+Secures+Containerized+Apps+on+AWS-Optimized+Bottlerocket&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fsecure-containerized-app-aws-bottlerocket%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fsecure-containerized-app-aws-bottlerocket%2F&title=Prisma+Cloud+Secures+Containerized+Apps+on+AWS-Optimized+Bottlerocket&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/cloud-security/secure-containerized-app-aws-bottlerocket/&ts=markdown)  
\[\](mailto:?subject=Prisma Cloud Secures Containerized Apps on AWS-Optimized Bottlerocket)  
Link copied  
By [Derek Rogerson](https://www.paloaltonetworks.com/blog/author/derek-rogerson/?ts=markdown "Posts by Derek Rogerson")  
Apr 19, 2021  
4 minutes  
[Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown)  
[Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown)  
[Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown)  
[Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown)  
[Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown)  
[Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown)  
[AWS](https://www.paloaltonetworks.com/blog/tag/aws/?ts=markdown)  
[Container Security](https://www.paloaltonetworks.com/blog/tag/container-security/?ts=markdown)  
[Product Announcement](https://www.paloaltonetworks.com/blog/tag/product-announcement/?ts=markdown)

*Prisma Cloud is tested and certified by AWS to monitor and protect containers on Bottlerocket with auto-deployment of Prisma Cloud Defenders for every node, even as clusters scale.*

![Chart showing steady increase of containers being used in production environments](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/04/word-image-28.png)

Enterprises in the cloud are increasingly adopting containers to run and enhance the security of their workloads, as containers are reliable, repeatable and start up much more quickly than virtual machines.

The latest survey from the Cloud Native Computing Foundation (CNCF) stated that [92% of respondents use containers in production](https://www.cncf.io/wp-content/uploads/2020/12/CNCF_Survey_Report_2020.pdf), up from 84% just last year, and up 300% from when it began tracking in 2016. That is amazing growth and it underscores the need for enhanced container security in the cloud. It's why Palo Alto Networks partners with AWS to help secure containerized workloads.

## **Automated Container Security Protection for Modern Cloud Applications**

Palo Alto Networks is an industry-trusted and cloud native vendor with deep security integrations of our Prisma Cloud platform across major cloud providers such as AWS. We are always working for customers to improve their cloud security, operations and scalability. And one of our strengths is empowering security automation for hosts running containers, at any scale.

Prisma Cloud delivers automated container security protections for your clusters by automatically running Defenders using a DaemonSet. A "DaemonSet" is a cluster object that ensures pods run on every eligible and available cluster node. For example, if a new node is added to a cluster, the DaemonSets automatically include appropriate pods to that node. In this way, Prisma Cloud enhances protection of container operations by automatically deploying Defenders through a DaemonSet in Kubernetes^®^ and OpenShift environments.

For example, to protect your cluster with [Prisma Cloud Defenders](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/install/defender_types.html), you generate a YAML file with [twistcli](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-reference-architecture-compute/platform_components/twistcli) and apply that file to your cluster with kubectl. This will create the Prisma Cloud Defender DaemonSet which runs the Defenders. The Defenders automatically connect to your Prisma Cloud Console and continuously scan your containers and images running on the host, as well as the underlying host itself, for vulnerabilities and compliance issues.

Prisma Cloud continues to partner and expand our comprehensive, full lifecycle, and cloud native protections to a newly released OS purpose-built to run containers on AWS Cloud.

## **Monitor and Help Secure Bottlerocket on AWS**

Prisma Cloud has been tested and certified by AWS to monitor and protect containers running on Linux-based [Bottlerocket](https://aws.amazon.com/bottlerocket/) -- a new open-source operating system that is AWS-optimized for running containers on virtual machines or bare metal hosts.

Prisma Cloud Defenders running on Bottlerocket gain visibility into the vulnerabilities and compliance issues of all resources. Defenders also deliver runtime monitoring and firewalling for the host itself and all the containers running on the host.
![Host vulnerability scan results reported by Prisma Cloud Defenders on an EKS cluster with Bottlerocket nodes](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/04/word-image-29.png)
Figure 1: Host vulnerability scan results reported by Prisma Cloud Defenders on an EKS cluster with Bottlerocket nodes

Bottlerocket leverages the container runtime [containerd](https://github.com/bottlerocket-os/bottlerocket#packaging) which implements the Kubernetes container runtime interface (CRI). Prisma Cloud delivers governance and policy control on clusters by integrating with both Docker and runtimes using the Kubernetes CRI.

Prisma Cloud Defenders are architected to be best-in-class and to identify and prevent misconfigurations (for example, using a least-privilege security design that avoids using kernel extensions or any other host OS modifications). And every Defender type running in a cloud environment reports back to our single Prisma Cloud Console -- giving teams a simple, single-pane-of-glass for comprehensive visibility into their cloud environments.
![Figure 2: Complete Prisma Cloud architecture with Bottlerocket support for containerized workloads](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/04/word-image-30.png)
Figure 2: Complete Prisma Cloud architecture with Bottlerocket support for containerized workloads

Consider adopting Prisma Cloud integrated security automation with Bottlerocket to help lower costs for your organization, instead of running containerized applications on bulkier OSes that must be updated package-by-package, which is a challenge and costly to automate. Prisma Cloud protects containers running on optimized Bottlerocket with convenient security automation and reliable cloud native integration, incorporating AWS services such as Amazon EKS and Amazon ECS. Users gain visibility, compliance management, and risk prioritization for containerized applications protected on Bottlerocket and can take advantage of the Bottlerocket open development model to support and manage custom security controls, all with Prisma Cloud.

![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/04/word-image-31.png)

## **Prisma Cloud by Palo Alto Networks is Better Together with AWS**

Container-based environments are designed for easy auto-scaling, and customers often run host environments that encompass hundreds or thousands of instances. At this scale several security challenges will arise with the host operating system without adequate cloud defenses in place.

Protect your infrastructure investment with cloud native and industry-trusted Prisma Cloud by Palo Alto Networks, an AWS Security Competency and Containers Competency Partner.

Try Prisma Cloud as a tested and certified AWS solution for containers running on [Bottlerocket](https://aws.amazon.com/bottlerocket/) by visiting us in [AWS Marketplace](https://aws.amazon.com/marketplace/pp/Palo-Alto-Networks-Prisma-Cloud-Enterprise-Edition/B08BZWB9W9).

*** ** * ** ***

## Related Blogs

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown)

[#### Better Together With IBM and Prisma Cloud Compute Edition](https://www2.paloaltonetworks.com/blog/cloud-security/better-together-ibm-prisma-cloud/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown)

[#### Automating Visibility and Protection for Cloud VMs](https://www2.paloaltonetworks.com/blog/cloud-security/automating-visibility-protection-cloud-vms/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### Manage your Unmanaged Cloud with Prisma Cloud and Cortex Xpanse](https://www2.paloaltonetworks.com/blog/cloud-security/manage-unmanaged-cloud-prisma-cloud-and-cortex-xpanse/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown)

[#### Google Cloud and Prisma Cloud: Partnering to protect cloud VMs](https://www2.paloaltonetworks.com/blog/cloud-security/google-cloud-prisma-cloud-partnering-to-protect-cloud-vms/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown)

[#### Secure from Code to Cloud --- Prisma Cloud at AWS re:Inforce 2023](https://www2.paloaltonetworks.com/blog/cloud-security/aws-reinforce-2023-conference/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Integrators](https://www.paloaltonetworks.com/blog/category/integrators/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown)

[#### Prisma Cloud Secures Containers with ServiceNow Vulnerability Response](https://www2.paloaltonetworks.com/blog/cloud-security/prisma-cloud-secures-containers-with-servicenow-vulnerability-response/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language