Container & serverless workload security
Least-privilege roles, runtime controls, and image provenance.
Workloads are where identity, network, and posture meet the running code. A container or function that is compromised becomes whatever its cloud role allows, reaches whatever the network permits, and runs whatever made it into the image. Securing the workload means shrinking each of those to the minimum: a tight identity, a verified image, and a constrained runtime.
Least-privilege workload identity
Every workload should have its own cloud identity scoped to exactly the resources it uses — never a shared, broad node role that any pod can borrow. On Kubernetes this is IRSA (AWS) or Workload Identity (GKE/AKS): a service account maps to a cloud role via federation, so a compromised pod inherits only that one workload permission set, not the whole node. Pair a tight role with a hardened runtime — non-root user, read-only root filesystem, dropped capabilities — so a foothold has little to stand on.
apiVersion: v1kind: ServiceAccountmetadata:name: report-svcannotations:eks.amazonaws.com/role-arn: arn:aws:iam::222222222222:role/report-svc # IRSA---apiVersion: apps/v1kind: Deploymentspec:template:spec:serviceAccountName: report-svc # this workload's identity onlysecurityContext: { runAsNonRoot: true, seccompProfile: { type: RuntimeDefault } }containers:- name: appimage: registry.internal/report@sha256:9f2c... # pinned by digestsecurityContext:readOnlyRootFilesystem: trueallowPrivilegeEscalation: falsecapabilities: { drop: ["ALL"] }
Provenance and runtime
Two more layers close the loop. Provenance: scan images for known vulnerabilities and require a valid signature at admission, so only images your pipeline built and signed can run — a pinned digest plus a verified cosign signature rejects tampered or unknown images. Runtime: behavioral monitoring detects the post-exploitation activity a static scan cannot see, like a shell spawning in a container that should never spawn one. For serverless the levers shift — no OS to patch, so the function role, its dependencies, and its input triggers become the whole attack surface.