Containers

Advice on mitigating the Apache log4j security issue for EKS, ECS, and Fargate customers

CVE-2021-44228 (and subsequently CVE-2021-45046) describe a security issue found in the Apache Log4j 2 Java logging library versions 2.0-beta9 up to and including version 2.15.0. This issue uses the Java Naming and Directory Interface (JNDI), and allows a malicious actor to perform remote code execution on a vulnerable platform. The Amazon Web Services (AWS) security […]

Read More

Container scanning updates in Amazon ECR private registries using Amazon Inspector

We announced a new Amazon Inspector last week at re:Invent 2021 with improved vulnerability management for cloud workloads. Amazon Inspector is a service used by organizations of all sizes to automate security assessment and management at scale. For Amazon Elastic Container Registry (Amazon ECR) private registry customers, this announcement brings updates, enhancements, and integrations to […]

Read More
ADOT Collector Pipeline

Cost savings by customizing metrics sent by Container Insights in Amazon EKS

AWS Distro for OpenTelemetry (ADOT) is an AWS-provided distribution of the OpenTelemetry project. The ADOT Collector receives and exports data from multiple sources and destinations. Amazon CloudWatch Container Insights now supports ADOT for Amazon Elastic Kubernetes Service (Amazon EKS) and Amazon Elastic Container Service (Amazon ECS). This will enable customers to perform advanced configurations, such as customizing metrics […]

Read More
Spark Jobs dashboard

Best practices for running Spark on Amazon EKS

Amazon EKS is becoming a popular choice among AWS customers for scheduling Spark applications on Kubernetes. It’s fully managed but still offers full Kubernetes capabilities for consolidating different workloads and getting a flexible scheduling API to optimize resources consumption. But Kubernetes is complex, and not all data engineers are familiar with how to set up […]

Read More

Autonomous ML-based detection and identification of root cause for incidents in microservices running on EKS

This blog was co-written with Gavin Cohen, VP of Product at Zebrium. Overview If you’ve never experienced the frustration of hunting for root cause through huge volumes of logs, then you’re one of the few lucky ones! The process typically starts by searching for errors around the time of the problem and then scanning for […]

Read More

Implementing custom domain names with ROSA

Red Hat OpenShift Service on AWS (ROSA) is a fully managed implementation of Red Hat OpenShift. The Red Hat SRE team does all the heavy lifting of maintaining and operating an OpenShift cluster on behalf of customers, allowing them to refocus their resources where it is most beneficial to their business and customers. ROSA provides […]

Read More

Collecting data from edge devices using Kubernetes and AWS IoT Greengrass V2

Kubernetes is open-source software that allows you to deploy and manage containerized applications at scale. It manages clusters of Amazon Elastic Compute Cloud (Amazon EC2) compute instances and runs containers on those instances with processes for deployment, maintenance, and scaling. Using Kubernetes, you can run any type of containerized application using the same toolset on […]

Read More

Secure end-to-end traffic on Amazon EKS using TLS certificate in ACM, ALB, and Istio

I was helping a customer to migrate a Kubernetes workload from an on-premises data center into Amazon Elastic Kubernetes Service (Amazon EKS). The customer had an existing investment in Istio and wanted to continue using it as their preferred service mesh in the Amazon EKS environment. However, the customer was struggling to implement end-to-end encryption […]

Read More

How to use Application Load Balancer and Amazon Cognito to authenticate users for your Kubernetes web apps

This post describes how to use Amazon Cognito to authenticate users for web apps running in an Amazon Elastic Kubernetes Services (Amazon EKS) cluster.  Behind any identity management system resides a complex network of systems meant to keep data and services secure. These systems handle functions such as directory services, access management, identity authentication, and […]

Read More

Centralized observability for AWS App Runner services

In enterprise organizations, it can sometimes be hard for engineering teams to move quickly. Teams must demonstrate they have a plan for keeping software up to date, they must pass security reviews to ensure the application architecture doesn’t introduce vulnerabilities into the environment, and they must think about how to instrument the application so there […]

Read More