AWS Public Sector Blog

Migrate and modernize public sector applications using containers and serverless

Migrate and modernize public sector applications using containers and serverless

Many public sector customers are interested in building secure, cost-effective, reliable, and highly performant applications. Technologies like containerization and serverless help customers migrate and modernize their applications. In this blog post, learn how public sector customers use offerings from Amazon Web Services (AWS) like AWS Lambda, Amazon Elastic Kubernetes Service (Amazon EKS), Amazon Elastic Container Service (Amazon ECS) to build modern applications supporting diverse use cases, including those driven by machine learning (ML) and generative artificial intelligence (AI).

Modernization has become imperative for public sector organizations of all sizes to drive mission outcomes. Building modern applications in AWS helps customers with increased innovation, speed, reliability, scalability, and security while lowering total cost of ownership (TCO). We previously reviewed AWS serverless and container services to build modern applications in the previous blog post, “Modernizing public sector applications using serverless and containers.”

In this blog post, we cover public sector use cases that are driving the adoption of serverless and containers, such as generative AI, data analytics, document processing, and more. If you want to learn more on this topic, please register to attend the webinar series, Build Modern Applications on AWS.

Building modern applications with containers

Containers are lightweight, versatile, and portable units that are revolutionizing the way modern applications are built, deployed, and managed. Containers enhance and modernize public sector applications with improved application quality, portability, security, scalability, and fault isolation. Offering isolation and security, containers help applications run in their own independent environment, minimizing the risk of data breaches and unauthorized access, which is important for public sector organizations as they handle sensitive data. Containers also facilitate rapid development and deployment of services, allowing organizations to roll out new applications and updates quickly. This is particularly valuable in times of crisis or when there’s a need to respond swiftly to constituent demands.

Running containerized on-premises or self-managed workloads involves significant overhead to manage operational resources. AWS container services such as Amazon EKS and Amazon ECS are fully managed container orchestration services that can help deploy containerized workloads at scale while offloading the operational burden to AWS.

If you prefer open-source tools and are already familiar with Kubernetes, you can harness the power of Kubernetes with Amazon EKS. Amazon EKS is a managed, certified Kubernetes-conformant service, supporting compatibility with existing upstream applications on Kubernetes. This transition not only streamlines operations but also facilitates seamless integration with a range of robust AWS services. If you have a requirement to retain data within a designated Region or data center, you can use Amazon EKS Anywhere on premises.

For a streamlined and effective approach, consider running container workloads on Amazon ECS. Amazon ECS presents an AWS-guided solution for effectively managing containers on a large scale. Amazon ECS offers simplified application deployment, scalability, flexibility, security, and cost optimization. This service is particularly appealing for its simplicity, scalability, and integration with other AWS Services.

Customers are adopting and modernizing data analytics and ML use cases due to the rise of generative AI. If your organization has standardized to have Kubernetes as the platform of choice, now you can use Data on EKS to streamline and accelerate the process of building, deploying, and scaling data workloads on Amazon EKS.

The National Aeronautics and Space Administration (NASA) recently soft-launched ‘notebook-as-a-service,’ which uses Data on EKS to provide compute equitably to scientists, researchers, and aspiring scientists (that is, students) across the world so they can research climate change and meet their Open Source Science Initiative (OSSI) goals. With AWS, Data on EKS, and platform engineering, aspiring scientists can now add to NASA’s climate research. For running ML workloads on Amazon EKS—including high-performance deep learning (DL) training such as large language models (LLMs)—customers are using AI/ML on EKS blueprints. You can run the ML model inference inside a container and host it in Amazon ECS or Amazon EKS.

Customers are also adopting Kubernetes as a platform strategy and creating internal developer platforms (IDPs) to empower application teams to self-serve infrastructure provisioning requests. With IDPs, Kubernetes becomes the standard platform to provision any AWS resources such as AWS Lambda, Amazon ECS, Amazon Relational Database Service (Amazon RDS), and more. This approach allows the platform team to reuse established Kubernetes tooling and standards instead of creating and maintaining separate infrastructure as code pipelines.

Customers across the public sector are using Amazon EKS and Amazon ECS for various other use cases:

In the public sector, where security, compliance, and efficiency are paramount, GitOps can be a transformative approach when combined with Amazon EKS. By defining infrastructure and application configurations as code, automating deployments, and maintaining an audit trail, public sector organizations can achieve agility, security, and operational excellence in their Amazon EKS–powered environments. By syncing Git repositories with Amazon EKS, you can create an auditable, efficient, and resilient path. Configurations become code, deployments can be automated, and rollbacks are swift. By adopting GitOps with EKS, you create a foundation for future innovation. Teams can focus on developing new features and enhancing services rather than spending excessive time on manual management tasks.

Customers can simply bootstrap an EKS or ECS cluster with EKS Blueprints or ECS Blueprints, respectively. Blueprints also helps you implement the relevant security controls needed to operate workloads from multiple teams in the same cluster. Blueprints provisions clusters with a wide range of popular open-source add-ons, including Prometheus, Karpenter, Nginx, Traefik, AWS Load Balancer Controller, Fluent Bit, Keda, Argo CD, and more.

Building modern applications with serverless

AWS serverless services help customers run cost-effective, highly scalable, and secure applications. With serverless services, you do not have to manage and maintain your infrastructure. AWS manages the underlying infrastructure for your applications, including operating system patching. With serverless services, you are only charged on a per-request basis, and your infrastructure grows and shrinks automatically as the load characteristics of your application change. Due to these benefits, your teams can realize improved productivity, and you can release new applications and features more quickly. Services like AWS Lambda, AWS Step Functions, and Amazon EventBridge all fall under this category.

Serverless services can be put to use for various AI and ML workloads. AI services like Amazon Textract and Amazon Comprehend can integrate simply with serverless services, as described in the blog post, “Scaling intelligent document processing workflows with AWS AI services.” Customers are using AI and ML services along with serverless services for applications like intelligent document processing to support benefit claims, and creating chatbots with generative AI. You can also run ML model inference at scale using serverless services as described in “Machine learning inference at scale using AWS serverless.” Amazon CodeWhisperer is an AI coding companion that helps you build applications faster and more securely by generating code suggestions ranging from snippets to full functions in real time based on your comments and existing code. You can take advantage of CodeWhisperer right from the Lambda console and get started with your serverless applications in a few minutes.

A common use case in the public sector is modernizing web applications. Web portals provide efficient and user-friendly platforms for various applications. Use of web applications has significantly improved accessibility and convenience for citizens. Many of these applications can benefit from using serverless technologies. Take for example a web portal to submit unemployment insurance claims. The application might see a large variation in the number of users and sudden spikes in demand depending on macroeconomic conditions. In other applications, the number of users accessing the system might be low and sporadic, but still provides an important citizen function. In these cases, agencies can benefit from not paying for the underlying infrastructure 24-7 but only paying per request. For an example reference architecture on running a serverless web application using services like Amazon API Gateway, AWS Lambda, and Amazon DynamoDB, refer to the serverless application lens of the AWS Well-Architected Framework.

Another common use case in public sector applications is workflow and data orchestration. Workflow orchestration involves the coordination and automation of various tasks and processes within an organization. It allows for the smooth execution of complex workflows by defining dependencies, scheduling tasks, and monitoring progress. Examples where workflow orchestration is applicable are case management systems and document processing systems. Data orchestration, on the other hand, focuses on efficient movement, transformation, and integration of data across different systems or platforms. With the explosion of data in recent times, public sector customers are seeking efficient ways to gather data that is spread out across various silos to analyze and extract actionable intelligence from it. Using AWS Step Functions, you can create both workflow and data orchestration applications quickly and efficiently. Step Functions provides features like automatic scaling, built-in error handling, and the ability to include manual approvals in a workflow. For more information and resources on using Step Functions, refer to Serverlessland.com.

Event-driven architecture has gained significant traction in the public sector. Event-driven architecture facilitates efficient resource use by triggering actions only when specific events occur. An example event could be a student submitting a college application or a government agency approving a permit. This approach minimizes idle resources and optimizes costs for customers. By adopting event-driven architecture on AWS, organizations can unlock new possibilities for building scalable and responsive applications. AWS integration and messaging services like Amazon EventBridge, Amazon Simple Queue Service (Amazon SQS) and Amazon Simple Notification Service (Amazon SNS) help decouple your applications in a scalable and secure manner.

Building modern applications in AWS GovCloud (US) Regions

A number of US federal government applications have strict compliance requirements. The AWS GovCloud (US) Regions give government agencies and their partners the flexibility to architect secure cloud solutions that comply with the Federal Risk and Authorization Management Program (FedRAMP) high impact level, the Department of Justice’s Criminal Justice Information Systems (CJIS) Security Policy, US International Traffic in Arms Regulations (ITAR), and other compliance regimes. All of the AWS serverless services discussed in this post are available in the AWS GovCloud (US) Regions and can be used to build applications that require these compliance regimes.

Learn more about serverless and containers for the public sector

If you are interested in learning more about choosing between these AWS services for your applications, security considerations, and use cases, register now for an upcoming three-part webinar series taking place October 16–18, 2023.

Read related stories on the AWS Public Sector Blog:

Subscribe to the AWS Public Sector Blog newsletter to get the latest in AWS tools, solutions, and innovations from the public sector delivered to your inbox, or contact us.

Please take a few minutes to share insights regarding your experience with the AWS Public Sector Blog in this survey, and we’ll use feedback from the survey to create more content aligned with the preferences of our readers.

Aneel Murari

Aneel Murari

Aneel Murari is a senior serverless specialist solutions architect for Amazon Web Services (AWS), based in the Washington, D.C area. He helps customers design scalable, highly performant, secure, and cost effective solutions on AWS. He is passionate about using event-driven architecture and serverless solutions to solve various customer challenges. He has over 18 years of software development and architecture experience and holds a graduate degree in computer science.

Rajdeep Saha

Rajdeep Saha

Rajdeep Saha is a specialist solutions architect for serverless and containers at Amazon Web Services (AWS). He helps customers design scalable and secure applications on AWS. Rajdeep is passionate about helping and teaching newcomers about cloud computing. He is based out of New York City.

Sai Kumar Samala

Sai Kumar Samala

Sai Kumar Samala is a specialist solutions architect, specializing in containers at Amazon Web Services (AWS). His expertise lies in architecting robust container-based architectures with deep understanding of Kubernetes and Docker. He is passionate about helping organizations leverage the power of containerization. He is based out of Virginia.