Containers

How to Run EKS Windows containers with group Managed Service Accounts (gMSA)

Windows-based networks commonly use Active Directory to facilitate authentication and authorization between users, computers, and other computer network resources. Traditionally, enterprise applications running on Windows platforms use either service accounts or Managed Service Accounts (MSA) for authentication and authorization. The use of service accounts brings with it the overhead of service account password management. In […]

Read More

Using Gloo as an Ingress Gateway for AWS App Mesh

As part of their organization’s digital transformation, more and more customers are electing to use a managed Kubernetes service, like Amazon EKS, as their container-orchestration system of choice to deploy, scale, and manage microservices. As the number of microservices grow within an application, it becomes difficult to pinpoint the exact location of errors, re-route traffic […]

Read More

Amazon ECS availability best practices

We spend a lot of time thinking about availability at AWS. It is critically important that our service remains available even during inevitable partial failures in order to allow our customers to gain insight and take remedial action. To achieve this, we rely on the availability afforded us by Regional independence and Availability Zones isolation. […]

Read More

Using VPC endpoint policies to control Amazon ECR access

In January 2019, AWS announced support for AWS PrivateLink on Amazon ECR. AWS PrivateLink is a networking technology designed to keep all network traffic within the AWS network. When you enable AWS PrivateLink for Amazon ECR, VPC endpoints appear as elastic network interfaces with a private IP address inside your VPC. For more details on […]

Read More

AI assisted medical imaging annotations with NVIDIA Clara SDK on AWS using ECS with Spot GPUs

This post was contributed by Amr Ragab, Business Development Manager | Accelerated Computing The AWS cloud provides a managed infrastructure with compliance standards in place to develop and run production based healthcare workloads. With this emergence of a fully managed infrastructure a new requirement is emerging where architects, ML scientists, and medical researchers need to […]

Read More

Native Container Image Scanning in Amazon ECR

By Richard Nguyen and Michael Hausenblas Container security comprises a range of activities and tools, involving developers, security operations engineers, and infrastructure admins. One crucial part in the cloud native supply chain is to scan container images for vulnerabilities and being able to get actionable insights from it. We learned in Issue 17 of the […]

Read More
ECR PrivateLink architectural diagram

AWS PrivateLink ECR cross account Fargate deployment

AWS PrivateLink is a networking technology designed to enable access to AWS services in a highly available and scalable manner. It keeps all the network traffic within the AWS network. When you create AWS PrivateLink endpoints for Amazon Elastic Container Registry (ECR) and Amazon Elastic Container Service (ECS), these service endpoints appear as elastic network […]

Read More

Using sidecar injection on Amazon EKS with AWS App Mesh

AWS App Mesh works on the sidecar pattern where you must add containers to extend the behavior of existing containers. Kubernetes offers mutating admission controllers that allow operations teams to automate sidecar injection. In this post, I discuss the basics of the sidecar pattern and Kubernetes admission controllers and demonstrate how the App Mesh Sidecar […]

Read More

How Amazon ECS manages CPU and memory resources

On August 19, 2019, we launched a new Amazon Elastic Container Service (Amazon ECS) feature that allows containers to configure available swap space on Linux. We want to take this opportunity to step back and talk more holistically how ECS resource management works (including the behavior this new feature has introduced). Specifically, we want to clarify how CPU and memory […]

Read More