Category: Compute

Introduction At one time, all servers were bare metal servers. We have come a long way with virtualization, cloud computing, and more recently with containers and serverless technologies. Despite these innovations, bare metal servers remain popular on premises. Customers run applications on bare metal infrastructure for performance benefits, to gain direct access to underlying hardware […]

Secrets management is a challenging but critical aspect of running secure and dynamic containerized applications at scale. To support this need to securely distribute secrets to running applications, Kubernetes provides native functionality to manage secrets in the form of Kubernetes Secrets. However, many customers choose to centralize the management of secrets outside of their Kubernetes […]

As application architects we have come across many customers who are moving towards a container-only strategy for their most critical application workloads. While using managed container services like Amazon Elastic Container Service (ECS), Amazon Elastic Kubernetes Service (EKS), and AWS Fargate make it easy to manage complex workloads, AWS offers a lot more in terms […]

Note: The dates in the migration timeline have been updated as of October 11, 2022. Since the launch of AWS Fargate in 2017, we have steadily increased the quota on various concurrent Amazon Elastic Container Service (Amazon ECS) tasks and Amazon Elastic Kubernetes Service (Amazon EKS) pods that can be launched: 2017: 20 on-demand tasks […]

Years before Amazon Elastic Kubernetes Service (EKS) was released, our customers told us they wanted a service that would simplify Kubernetes management. Many of them were running self-managed clusters on Amazon Elastic Computer Cloud (EC2) and were having challenges upgrading, scaling, and maintaining the Kubernetes control plane. When EKS launched in 2018, it aimed to […]

Overview Data transfer costs can play a significant role in determining the overall design of a system. The Amazon Elastic Container Registry (Amazon ECR), Amazon Elastic Container Service (Amazon ECS), and Amazon Elastic Kubernetes Service (Amazon EKS) can all incur data transfer charges depending on a variety of factors. It can be difficult to visualize what […]

It’s every on-call’s nightmare—awakened by a text at 3 a.m. from your alert system that says there’s a problem with the cluster. You need to quickly determine if the issue is with the Amazon EKS managed control plane or the new custom application you just rolled out last week. Even though you installed the default […]

Last year, we announced the general availability of the Amazon Elastic Container Service (Amazon ECS)-optimized Bottlerocket AMI. Bottlerocket is an open source project that focuses on security and maintainability, providing a reliable and consistent Linux distribution for hosting container-based workloads. Now, we are happy to announce that you can now run ECS NVIDIA GPU-accelerated workloads […]

In the Amazon EKS Best Practices Guide, AWS recommends Open Policy Agent (OPA) as a policy-as-code (PaC) solution for Kubernetes pod security. The long list of pros provided for PaC focuses mainly on the flexibility and comprehensive control that PaC provides when compared with built-in pod security admission. While PaC brings powerful flexibility, it can […]

With the rapid growth of software as a service (SaaS) and cloud adoption, identity is the new security perimeter. AWS Identity and Access Management (IAM) and Kubernetes role-based access control (RBAC) provide the tools to build a strong least-privilege security posture. Single sign-on (SSO) uses federation with a central identity provider (IdP) to improve security by allowing […]