Category: Technical How-to

Autoscaling Amazon ECS services based on custom metrics with Application Auto Scaling

Introduction Application Auto Scaling is a web service for developers and system administrators who need a solution for automatically scaling their scalable resources for AWS services such as Amazon Elastic Container Service (Amazon ECS) services, Amazon DynamoDB tables, AWS Lambda Provisioned Concurrency, and more. Application Auto Scaling now offers support for scaling such resources using […]

Implementing a pub/sub architecture with AWS Copilot

Introduction The AWS Copilot CLI is a tool that since its launch in 2020, developers have been using to build, manage, and operate Linux and Windows containers on Amazon Elastic Container Service (Amazon ECS), AWS Fargate, and AWS App Runner. In this post, I’ll walk you through how you can use AWS Copilot CLI to […]

Migrate existing Amazon ECS services from service discovery to Amazon ECS Service Connect

At re:Invent in November 2022 we announced a new Amazon Elastic Container Service (Amazon ECS) solution for service-to-service communication called Amazon ECS Service Connect. Amazon ECS Service Connect enables easy communication between microservices and across Amazon Virtual Private Clouds (Amazon VPCs) by leveraging AWS Cloud Map namespaces and logical service names. This allows you to […]

Using Azure Active Directory to authenticate to Amazon EKS

Introduction Many customers use Microsoft Azure Active Directory (Azure AD) as their centralized corporate directory. One of the common requests from customers is to enable their users to use corporate credentials to access Amazon Elastic Kubernetes Service (Amazon EKS) clusters. This approach enables customers to use their already established way of providing authentication for corporate […]

Optimizing your Kubernetes compute costs with Karpenter consolidation

Introduction Karpenter was built to solve issues pertaining to optimal node selection in Kubernetes. Karpenter’s what-you-need-when-you-need-it model simplifies the process of managing compute resources in Kubernetes by adding compute capacity to your cluster based on a pod’s requirements. With the recent release of workload consolidation, Karpenter can now be enabled to continuously monitor and optimize […]

EKS Persistent Volumes for Instance Store

The Kubernetes project is made up of a number of special interest groups (SIGs) that focus on a particular part of the Kubernetes ecosystem. The Storage SIG is focused on different types of storage (block and file) and ensuring that storage is available to containers when they are scheduled. One of the subprojects of the Storage […]

Validating Amazon EKS optimized Bottlerocket AMI against the CIS Benchmark

Introduction As Kubernetes adoption grows, many organizations are choosing it as their platform to build and host their modern and secure applications. Security is one of the primary design criteria for many workloads, especially those dealing with sensitive data such as financial data processing. These workloads have a stringent requirement to adhere to various security […]

Automate rollbacks for Amazon ECS rolling deployments with CloudWatch alarms

Introduction Amazon ECS now offers native support for monitoring and automatically reacting to changes during a rolling update by using Amazon CloudWatch metric alarms. This enables customers to easily automate discovery and remediation for failed deployments and minimize the performance and availability impacts. Customers can configure Amazon CloudWatch alarms for their rolling updates using the […]

Expose Amazon EKS pods through cross-account load balancer

Introduction Amazon Elastic Kubernetes Service (Amazon EKS) is a managed container service to run and scale Kubernetes applications in the cloud or on-premises. Kubernetes Ingress is an API resource that allows you manage external or internal HTTP(S) access to Kubernetes services running in a cluster. The AWS Load Balancer Controller in Amazon EKS creates Application […]

Windows Authentication on Amazon EKS Windows pods

Per Microsoft documentation: Windows-based networks commonly use Active Directory (AD) to facilitate authentication and authorization between users, computers, and other network resources. Enterprise application developers often design their apps to be AD-integrated and run on domain-joined servers to take advantage of Integrated Windows Authentication, which makes it easy for users and other services to automatically […]