Containers

Signing and Validating OCI Artifacts with AWS Signer

This post is an extension of our Container Image Signing blog series. In our first post, we discussed the motivations and fundamental concepts behind cryptographic signing for containers. Introduction Organizations today are adding additional security measures to their software development lifecycles (SDLC) due to compliance, governance, or executive requirements. For containerized applications, one such security […]

Accelerating feature delivery and improving reliability for a semi-stateful, memory-bound workload

This blog post was co-written by William Ho, Software Engineer, Airtable. Introduction Airtable is a connected applications platform that lets teams and enterprises build flexible interfaces and compose automations on top of their key data. Airtable provides so much flexibility that customers use Airtable for the most critical workflows across their organization. Today, half of […]

Spark on Amazon EKS networking – Part 2

This post was co-authored by James Fogel, Staff Software Engineer on the Cloud Architecture Team at Pinterest Part 2: Spark on EKS network design at scale Introduction In this two-part series, my counterpart, James Fogel (Staff Cloud Architect at Pinterest), and I share Pinterest’s journey designing and implementing their networking topology for running large-scale Spark […]

Spark on Amazon EKS networking – Part 1

This post was co-authored by James Fogel, Staff Software Engineer on the Cloud Architecture Team at Pinterest Part 1: Design process for Amazon EKS networking at scale Introduction Pinterest is a platform that helps inspire people to live a life they love. Big data and machine learning (ML) are core to Pinterest’s platform and product, […]

Amazon EKS Pod Identity: a new way for applications on EKS to obtain IAM credentials

Introduction At AWS we are constantly striving to improve customer experience. For instance, we launched IAM Roles for Service Accounts (IRSA) in 2019 that allows customers to configure Kubernetes (k8s) applications running on AWS with fine-grained AWS Identity and Access Management (AWS IAM) permissions to access other AWS resources such as Amazon Simple Storage Service […]

Effective use: Amazon ECS lifecycle events with Amazon CloudWatch logs insights

Introduction We have observed a growing adoption of container services among both startups and established companies. This trend is driven by the ease of deploying applications and migrating from on-premises environments to the cloud. One platform of choice for many of our customers is Amazon Elastic Container Service (Amazon ECS). The powerful simplicity of Amazon […]

Run Monte Carlo simulations at scale with AWS Step Functions and AWS Fargate

Introduction Organizations across financial services and other industries have business processes that require executing the same business logic across billions of records for their machine learning and compliance needs. Many organizations rely on internal custom orchestration systems or big data frameworks to coordinate the parallel processing of their business logic across many parallel compute nodes. […]

Accelerate the testing and verification of Amazon EKS upgrades with upgrade insights

Introduction Amazon’s Elastic Kubernetes Service (Amazon EKS) removes a lot of the heavy lifting that goes into managing Kubernetes. For example, AWS manages the Kubernetes control plane on your behalf, including patching, tuning, and updating it as necessary. Then there are features such as managed node groups that give you a mechanism for managing the […]

A deep dive into simplified Amazon EKS access management controls

Introduction Since the initial Amazon Elastic Kubernetes Service (Amazon EKS) launch, it has supported AWS Identity and Access Management (AWS IAM) principals as entities that can authenticate against a cluster. This was done to remove the burden—from administrators—of having to maintain a separate identity provider. Using AWS IAM also allows AWS customers to use their […]

Deploy an Amazon EKS cluster across AWS Outposts with Intra-VPC communication

Introduction Intra-VPC Communication enables network communication between subnets in the same Amazon Virtual Private Cloud (Amazon VPC) across multiple physical AWS Outposts using the Outposts local gateways (LGW) via direct VPC routing. With this feature, you can leverage a single Amazon VPC architecture for communication between applications and services running on disparate AWS Outposts. You […]