Containers

Tag: ALB

How Perry Street Software Implemented Resilient Deployment Strategies with Amazon ECS

This post was coauthored by Ben Duffield and Eric Silverberg at Perry Street Software, with contributions from Adam Tucker, Piotr Wald, and Cristian Constantinescu of PSS Introduction You just finished deploying that important change you spent weeks preparing, when you see this email subject in your inbox: Alarm: HTTPCode_Target_5XX_Count. Ugh. The code you have just […]

Enabling mTLS with ALB in Amazon EKS

Introduction In today’s interconnected world, communication faces evolving security threats. From sensitive financial transactions in online banking to secure data transmissions in the automobile industry, ensuring trust and authenticity between businesses is becoming more and more critical. This is where Mutual Transport Layer Security (mTLS) can be an option to offer enhanced security through advanced […]

Securing Kubecost access with Amazon Cognito

Introduction Kubecost provides real-time cost visibility and insights for teams using Kubernetes. It has an intuitive dashboard to help you understand and analyze the costs of running your workloads in a Kubernetes cluster. Kubecost is built on OpenCost, which was recently accepted as a Cloud Native Computing Foundation (CNCF) Sandbox project, and is actively supported […]

How Condé Nast modernized its container platform on Amazon Elastic Kubernetes Service

This post was co-written with Emily Atkinson, Senior Engineering Manager at Condé Nast. About Condé Nast Condé Nast is a global media company home to iconic brands including Vogue, GQ, AD, Condé Nast Traveler, Vanity Fair, Wired, The New Yorker, Glamour, Allure, Bon Appétit, Self and many more. In 2014, Condé Nast started their journey in […]

How to rapidly scale your application with ALB on EKS (without losing traffic)

To meet user demand, dynamic HTTP-based applications require constant scaling of Kubernetes pods. For applications exposed through Kubernetes ingress objects, the AWS Application Load Balancer (ALB) distributes incoming traffic automatically across the newly scaled replicas. When Kubernetes applications scale down due to a decline in demand, certain situations will result in brief interruptions for end […]

Expose Amazon EKS pods through cross-account load balancer

Introduction Amazon Elastic Kubernetes Service (Amazon EKS) is a managed container service to run and scale Kubernetes applications in the cloud or on-premises. Kubernetes Ingress is an API resource that allows you manage external or internal HTTP(S) access to Kubernetes services running in a cluster. The AWS Load Balancer Controller in Amazon EKS creates Application […]

Read our blog post on securing Amazon Elastic Container Service applications using Application Load Balancer and Amazon Cognito.

Securing Amazon Elastic Container Service applications using Application Load Balancer and Amazon Cognito

Introduction Designing and maintaining secure user management, authentication and other related features for applications is not an easy task. Amazon Cognito takes care of this work, which allows developers to focus on building the core business logic of the application. Amazon Cognito provides user management, authentication, and authorization for applications where users can log in […]

Secure end-to-end traffic on Amazon EKS using TLS certificate in ACM, ALB, and Istio

I was helping a customer to migrate a Kubernetes workload from an on-premises data center into Amazon Elastic Kubernetes Service (Amazon EKS). The customer had an existing investment in Istio and wanted to continue using it as their preferred service mesh in the Amazon EKS environment. However, the customer was struggling to implement end-to-end encryption […]

How to use Application Load Balancer and Amazon Cognito to authenticate users for your Kubernetes web apps

This post describes how to use Amazon Cognito to authenticate users for web apps running in an Amazon Elastic Kubernetes Services (Amazon EKS) cluster.  Behind any identity management system resides a complex network of systems meant to keep data and services secure. These systems handle functions such as directory services, access management, identity authentication, and […]