Category: Best Practices

Explore etcd Defragmentation in Amazon EKS

Introduction Amazon Elastic Kubernetes Service (Amazon EKS) has gained significant popularity as a managed Kubernetes service, providing a scalable and reliable platform for running containerized applications. Behind the scenes, Amazon EKS uses etcd, a distributed key-value store, to store cluster configuration, state, and metadata. In this post, we delve into the defragmentation functionality in etcd and discuss the […]

Serve distinct domains with TLS powered by ACM on Amazon EKS

Introduction AWS Elastic Load Balancers provide native ingress solutions for workloads deployed on Amazon Elastic Kubernetes Service (Amazon EKS) clusters at both L4 and L7 with Network Load Balancer and Application Load Balancer (ALB). The AWS Load Balancer Controller, formerly called the AWS ALB Ingress Controller, satisfies Kubernetes ingress using ALB and service type load […]

Preventing log loss with non-blocking mode in the AWSLogs container log driver

Introduction For improved observability and troubleshooting, it is recommended to ship container logs from the compute platform to a container running on to a centralized logging server. In the real world, the logging server may occasionally be unreachable or unable to accept logs. There is an architectural tradeoff when designing for log server failures. Service […]

Migrate cron jobs to event-driven architectures using Amazon Elastic Container Service and Amazon EventBridge

Introduction Many customers use traditional cron job schedulers in on-premise systems. They need a simple approach to move these scheduled tasks to AWS without refactoring while unlocking the scalability of the cloud. A lift-and-shift migration to Amazon Elastic Compute Cloud (Amazon EC2) is always a possibility, but that doesn’t take advantage of cloud-native services or […]

HardenEKS: Validating Best Practices For Amazon EKS Clusters Programmatically

Introduction HardenEKS is an open source Python-based Command Line Interface (CLI). We created HardenEKS to make it easier to programmatically validate if an Amazon Elastic Kubernetes Service (Amazon EKS)  cluster follows best practices defined in AWS’ EKS Best Practices Guide (EBPG). The EBPG is an essential resource for Amazon EKS operators who seek easier Day […]

Validating Amazon EKS optimized Bottlerocket AMI against the CIS Benchmark

Introduction As Kubernetes adoption grows, many organizations are choosing it as their platform to build and host their modern and secure applications. Security is one of the primary design criteria for many workloads, especially those dealing with sensitive data such as financial data processing. These workloads have a stringent requirement to adhere to various security […]

Deploy geo-distributed Amazon EKS clusters on AWS Wavelength

Introduction In December 2019, we announced AWS Wavelength, new AWS infrastructure that allows customers to deploy workload closer to 5G-connected users and devices. Customers can now use AWS Wavelength to deploy Amazon Elastic Compute Cloud (Amazon EC2) instances, Amazon Elastic Kubernetes Service (Amazon EKS) clusters and a suite of supported partner solutions available on the […]

Building Amazon Linux 2 CIS Benchmark AMIs for Amazon EKS

Building Amazon Linux 2 CIS Benchmark AMIs for Amazon EKS

Introduction The Center for Internet Security (CIS) Benchmarks are best practices for the secure configuration of a target system. They define various Benchmarks for Kubernetes control plane and the data plane. For Amazon EKS clusters, it is strongly recommended to follow the CIS Amazon EKS Benchmark. If the data plane of an Amazon EKS cluster uses Amazon Linux […]

Amazon ECR in Multi-Account and Multi-Region Architectures

Amazon ECR in Multi-Account and Multi-Region Architectures

Introduction Amazon Elastic Container Registry (Amazon ECR) is a fully managed container registry offering high-performance hosting, so you can reliably deploy application images and artifacts anywhere. It stores container images and artifacts that deploy application workloads across AWS services as well as non-AWS environments. Amazon ECR is a regional service, where each Region in each […]

Understanding and Cost Optimizing Amazon EKS Control Plane Logs

Amazon Elastic Kubernetes Service (Amazon EKS) is a managed container service that provides a highly available single-tenant control plane to run and scale Kubernetes applications in the cloud or on-premises. Logs are an important way to debug problems, audit cluster activities, and monitor the health of your application. Kubernetes logging can be divided into control […]