Category: Compute

Introduction Amazon GuardDuty is a threat detection service that continuously monitors your AWS environment for malicious activity and anomalous behavior. Since its launch in 2017, Amazon GuardDuty has expanded its visibility and threat detection coverage. Amazon GuardDuty is capable of analyzing tens of billions of events per minute across multiple AWS data sources such as […]

Introduction At AWS, we offer security from the get-go by providing you the ability to use Security Groups and Security Group rules to configure the fine-grained control over the traffic that flows to and from AWS resources such as Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS Databases, Application Load Balancers, and Containers. On August […]

Introduction AWS Elastic Load Balancers provide native ingress solutions for workloads deployed on Amazon Elastic Kubernetes Service (Amazon EKS) clusters at both L4 and L7 with Network Load Balancer and Application Load Balancer (ALB). The AWS Load Balancer Controller, formerly called the AWS ALB Ingress Controller, satisfies Kubernetes ingress using ALB and service type load […]

Introduction The majority of the enterprise customers tend to establish centralize control and well-architected organization-wide policies when it comes to distribution of cloud resources in multiple teams. These teams are primarily divided into three categories: IT operations, Enterprise Security, and Application (App)-development. While delivery of business value from application standpoint falls under the purview of […]

Introduction When you purchase a packaged food item in your local grocery store, you probably check the list of ingredients written to understand what’s inside and make sure you aren’t consuming ingredients inadvertently that you don’t want to or are known to have adverse health effects. Do you think in a similar way when you […]

Introduction An Amazon Elastic Container Service (Amazon ECS) task is a number of co-located containers that are scheduled on to AWS Fargate or an Amazon EC2 container instance. Containers use Linux namespaces to provide workload isolation—and with namespaces—even though containers are scheduled together in an Amazon ECS task, they’re still isolated from each other and […]

Introduction Amazon Elastic Container Service (Amazon ECS) is a managed container orchestration service offered by AWS. It simplifies the deployment, management, and scalability of containerized applications using Amazon ECS task definitions through the AWS Management Console, AWS Command Line Interface (AWS CLI), or AWS Software Development Kits (AWS SDKs). Customers who require running containerized workloads, […]

Introduction For improved observability and troubleshooting, it is recommended to ship container logs from the compute platform to a container running on to a centralized logging server. In the real world, the logging server may occasionally be unreachable or unable to accept logs. There is an architectural tradeoff when designing for log server failures. Service […]

Introduction When Amazon VPC Container Network Interface (CNI) plugin assigns IPv4 addresses to Pods, it allocates them from the VPC CIDR range assigned to the cluster. While it makes Pods first-class citizens within the VPC network, it often leads to exhaustion of the limited number of IPv4 addresses available in the VPCs. The long term […]

This post was co-written with Rouel Lanche, Associate Director IT Architect, Regeneron Introduction Regeneron is a leading biotechnology company that invents, develops, and commercializes life-transforming medicines for people with serious diseases. Founded and led for 35 years by physician-scientists, Regeneron’s unique ability to repeatedly and consistently translate science into medicine has led to numerous FDA-approved […]