Containers
Category: Compute
Introducing bare metal deployments for Amazon EKS Anywhere
Introduction At one time, all servers were bare metal servers. We have come a long way with virtualization, cloud computing, and more recently with containers and serverless technologies. Despite these innovations, bare metal servers remain popular on premises. Customers run applications on bare metal infrastructure for performance benefits, to gain direct access to underlying hardware […]
Leverage AWS secrets stores from EKS Fargate with External Secrets Operator
Secrets management is a challenging but critical aspect of running secure and dynamic containerized applications at scale. To support this need to securely distribute secrets to running applications, Kubernetes provides native functionality to manage secrets in the form of Kubernetes Secrets. However, many customers choose to centralize the management of secrets outside of their Kubernetes […]
Run an active-active multi-region Kubernetes application with AppMesh and EKS
As application architects we have come across many customers who are moving towards a container-only strategy for their most critical application workloads. While using managed container services like Amazon Elastic Container Service (ECS), Amazon Elastic Kubernetes Service (EKS), and AWS Fargate make it easy to manage complex workloads, AWS offers a lot more in terms […]
Migrating Fargate service quotas to vCPU-based quotas
Note: The dates in the migration timeline have been updated as of October 11, 2022. Since the launch of AWS Fargate in 2017, we have steadily increased the quota on various concurrent Amazon Elastic Container Service (Amazon ECS) tasks and Amazon Elastic Kubernetes Service (Amazon EKS) pods that can be launched: 2017: 20 on-demand tasks […]
Amazon EKS improves control plane scaling and update speed by up to 4x
Years before Amazon Elastic Kubernetes Service (EKS) was released, our customers told us they wanted a service that would simplify Kubernetes management. Many of them were running self-managed clusters on Amazon Elastic Computer Cloud (EC2) and were having challenges upgrading, scaling, and maintaining the Kubernetes control plane. When EKS launched in 2018, it aimed to […]
Understanding data transfer costs for AWS container services
Overview Data transfer costs can play a significant role in determining the overall design of a system. The Amazon Elastic Container Registry (Amazon ECR), Amazon Elastic Container Service (Amazon ECS), and Amazon Elastic Kubernetes Service (Amazon EKS) can all incur data transfer charges depending on a variety of factors. It can be difficult to visualize what […]
Troubleshooting Amazon EKS API servers with Prometheus
It’s every on-call’s nightmare—awakened by a text at 3 a.m. from your alert system that says there’s a problem with the cluster. You need to quickly determine if the issue is with the Amazon EKS managed control plane or the new custom application you just rolled out last week. Even though you installed the default […]
Announcing NVIDIA GPU support for Bottlerocket on Amazon ECS
Last year, we announced the general availability of the Amazon Elastic Container Service (Amazon ECS)-optimized Bottlerocket AMI. Bottlerocket is an open source project that focuses on security and maintainability, providing a reliable and consistent Linux distribution for hosting container-based workloads. Now, we are happy to announce that you can now run ECS NVIDIA GPU-accelerated workloads […]
Harden Amazon EKS in minutes with Styra DAS Free and OPA
In the Amazon EKS Best Practices Guide, AWS recommends Open Policy Agent (OPA) as a policy-as-code (PaC) solution for Kubernetes pod security. The long list of pros provided for PaC focuses mainly on the flexibility and comprehensive control that PaC provides when compared with built-in pod security admission. While PaC brings powerful flexibility, it can […]
A quick path to Amazon EKS single sign-on using AWS SSO
With the rapid growth of software as a service (SaaS) and cloud adoption, identity is the new security perimeter. AWS Identity and Access Management (IAM) and Kubernetes role-based access control (RBAC) provide the tools to build a strong least-privilege security posture. Single sign-on (SSO) uses federation with a central identity provider (IdP) to improve security by allowing […]