Containers

Results of the 2019 AWS Container Security Survey

Security is a top priority in AWS, and in our service team we naturally focus on container security. In order to better assess where we stand, we conducted an anonymous survey in late 2019 amongst container users on AWS. Overall, we got 68 responses from a variety of roles, from ops folks and SREs to […]

Read More

Securing EKS Ingress With Contour And Let’s Encrypt The GitOps Way

This is a guest post by Stefan Prodan of Weaveworks. In Kubernetes terminology, Ingress exposes HTTP(S) routes from outside the cluster to services running within the cluster. An Ingress can be configured to provide Kubernetes services with externally-reachable URLs while performing load balancing and SSL/TLS termination. Kubernetes comes with an Ingress resource and there are several controllers that […]

Read More

Using ALB Ingress Controller with Amazon EKS on Fargate

In December 2019, we announced the ability to use Amazon Elastic Kubernetes Service to run Kubernetes pods on AWS Fargate. Fargate eliminates the need for you to create or manage EC2 instances for your Kubernetes applications. When your pods start, Fargate automatically allocates compute resources on-demand to run them. Fargate is great for running and […]

Read More

Deep Dive on Amazon ECS Cluster Auto Scaling

Introduction Up until recently, ensuring that the number of EC2 instances in your ECS cluster would scale as needed to accommodate your tasks and services could be challenging.  ECS clusters could not always scale out when needed, and scaling in could impact availability unless handled carefully. Sometimes, customers would resort to custom tooling such as […]

Read More

EKS VPC routable IP address conservation patterns in a hybrid network

Introduction Our customers are embracing containers and Kubernetes/EKS for the flexibility and the agility it affords their developers. As environments continue to scale, they want to find ways to more efficiently utilize their private RFC1918 IP address space. This post will review patterns to help conserve your RFC1918 IP address space with your EKS pods leveraging […]

Read More

Autoscaling EKS on Fargate with custom metrics

This is a guest post by Stefan Prodan of Weaveworks. Autoscaling is an approach to automatically scale up or down workloads based on the resource usage. In Kubernetes, the Horizontal Pod Autoscaler (HPA) can scale pods based on observed CPU utilization and memory usage. Starting with Kubernetes 1.7, an aggregation layer was introduced that allows third-party […]

Read More

How to use Multiple load balancer Target Group Support for Amazon ECS to access internal and external service endpoint using the same DNS name

Customers running container-based applications on Amazon ECS using Amazon EC2 (commonly referred to as EC2) or AWS Fargate, frequently need to expose the application to both external clients and internal clients within the Amazon VPC (commonly referred to as VPC). In this blog post, we will look at a solution to optimize cost and reduce […]

Read More

How to Run ECS Windows Task with group Managed Service Account (gMSA)

Amazon Elastic Container Service(ECS) recently announced gMSA support, and the focus of this blog post is to show you how to deploy a Windows Task with gMSA credentials. Though the main focus is on ECS Task, I will also show you how to set up an AWS managed Active Directory with a gMSA account, and […]

Read More

Announcing the Amazon ECS CLI v2

Amazon ECS released version 1 of the Amazon ECS CLI in 2015. The Amazon ECS CLI simplified the management of your Amazon ECS clusters, tasks, services, and ECR repositories by enabling you to create profiles and cluster configurations with default settings. While many customers have found the Amazon ECS CLI useful, we have received feedback […]

Read More

Scanning images with Trivy in an AWS CodePipeline

This post was contributed by AWS Container Hero, Liz Rice, VP Open Source Engineering at Aqua Security. If you’re working with containers, it’s important to scan your images for known vulnerabilities, so that you don’t deploy code that an attacker can easily exploit. A good way of ensuring that all your deployed images get this […]

Read More