Category: Compute

Measure cluster performance impact of Amazon GuardDuty EKS Agent

Introduction Amazon GuardDuty is a threat detection service that continuously monitors your AWS environment for malicious activity and anomalous behavior. Since its launch in 2017, Amazon GuardDuty has expanded its visibility and threat detection coverage. Amazon GuardDuty is capable of analyzing tens of billions of events per minute across multiple AWS data sources such as […]

Network Load Balancers now support Security groups

Introduction At AWS, we offer security from the get-go by providing you the ability to use Security Groups and Security Group rules to configure the fine-grained control over the traffic that flows to and from AWS resources such as Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS Databases, Application Load Balancers, and Containers. On August […]

Serve distinct domains with TLS powered by ACM on Amazon EKS

Introduction AWS Elastic Load Balancers provide native ingress solutions for workloads deployed on Amazon Elastic Kubernetes Service (Amazon EKS) clusters at both L4 and L7 with Network Load Balancer and Application Load Balancer (ALB). The AWS Load Balancer Controller, formerly called the AWS ALB Ingress Controller, satisfies Kubernetes ingress using ALB and service type load […]

Multi-account infrastructure provisioning with AWS Control Tower and AWS Proton

Introduction The majority of the enterprise customers tend to establish centralize control and well-architected organization-wide policies when it comes to distribution of cloud resources in multiple teams. These teams are primarily divided into three categories: IT operations, Enterprise Security, and Application (App)-development. While delivery of business value from application standpoint falls under the purview of […]

Using SBOM to find vulnerable container images running on Amazon EKS clusters

Introduction When you purchase a packaged food item in your local grocery store, you probably check the list of ingredients written to understand what’s inside and make sure you aren’t consuming ingredients inadvertently that you don’t want to or are known to have adverse health effects. Do you think in a similar way when you […]

Announcing additional Linux controls for Amazon ECS tasks on AWS Fargate

Introduction An Amazon Elastic Container Service (Amazon ECS) task is a number of co-located containers that are scheduled on to AWS Fargate or an Amazon EC2 container instance. Containers use Linux namespaces to provide workload isolation—and with namespaces—even though containers are scheduled together in an Amazon ECS task, they’re still isolated from each other and […]

Implement custom service discovery for Amazon ECS Anywhere tasks

Introduction Amazon Elastic Container Service (Amazon ECS) is a managed container orchestration service offered by AWS. It simplifies the deployment, management, and scalability of containerized applications using Amazon ECS task definitions through the AWS Management Console, AWS Command Line Interface (AWS CLI), or AWS Software Development Kits (AWS SDKs). Customers who require running containerized workloads, […]

Preventing log loss with non-blocking mode in the AWSLogs container log driver

Introduction For improved observability and troubleshooting, it is recommended to ship container logs from the compute platform to a container running on to a centralized logging server. In the real world, the logging server may occasionally be unreachable or unable to accept logs. There is an architectural tradeoff when designing for log server failures. Service […]

Automating custom networking to solve IPv4 exhaustion in Amazon EKS

Introduction When Amazon VPC Container Network Interface (CNI) plugin assigns IPv4 addresses to Pods, it allocates them from the VPC CIDR range assigned to the cluster. While it makes Pods first-class citizens within the VPC network, it often leads to exhaustion of the limited number of IPv4 addresses available in the VPCs. The long term […]

How RGC Genetics Center achieved infrastructure automation at scale using AWS Proton

This post was co-written with Rouel Lanche, Associate Director IT Architect, Regeneron Introduction Regeneron is a leading biotechnology company that invents, develops, and commercializes life-transforming medicines for people with serious diseases. Founded and led for 35 years by physician-scientists, Regeneron’s unique ability to repeatedly and consistently translate science into medicine has led to numerous FDA-approved […]