Category: Thought Leadership

A deep dive into resilience and availability on Amazon Elastic Container Service

Introduction In this post, we’ll deep dive into the architecture principles we use in Amazon Elastic Container Service (Amazon ECS). We’ll outline some of the features that Amazon ECS delivers to make it easy for your application to achieve high availability and resilience. We explore how Amazon ECS is designed to use AWS availability and […]

HardenEKS: Validating Best Practices For Amazon EKS Clusters Programmatically

Introduction HardenEKS is an open source Python-based Command Line Interface (CLI). We created HardenEKS to make it easier to programmatically validate if an Amazon Elastic Kubernetes Service (Amazon EKS)  cluster follows best practices defined in AWS’ EKS Best Practices Guide (EBPG). The EBPG is an essential resource for Amazon EKS operators who seek easier Day […]

Kubernetes as a platform vs. Kubernetes as an API

Introduction What is Kubernetes? I have been working on this technology since the beginning and after 8 years, I’m still having a problem defining what it is. Some people define Kubernetes as a container orchestrator but does that definition capture the essence of Kubernetes? I don’t think so. In this post, I’d like to explore […]

Three things to consider when implementing Mutual TLS with AWS App Mesh

Mutual Transport Layer Security (mTLS) is an extension of TLS, where both the client and server leverage X.509 digital certificates to authenticate each other before starting communications. Both parties present certificates to each other and validate the other’s certificate. The key difference from any usual TLS communication is that when using mutual TLS, each client must […]

Enabling mTLS in AWS App Mesh using SPIFFE/SPIRE in a multi-account Amazon EKS environment

Over the past few years, companies and organizations have been adopting microservice-based architectures to drive their businesses forward with a rapid pace of innovation. Moving to microservices brings several benefits in terms of modularity and deployment speed, but it also adds additional complexity that requires establishing higher security postures. For distributed applications spanning multiple, potentially […]