AWS Public Sector Blog

Modernizing public sector applications using serverless and containers

Application modernization helps public sector customers innovate faster with resilient, highly available, and scalable applications. Customers that use managed serverless and container services from Amazon Web Services (AWS) to modernize applications see a wide range of benefits.

Serverless and containers services support customers in accelerating time to market and migrating existing applications to AWS, and they can decrease an organization’s total cost of ownership (TCO). For example, a major charity based in the UK achieved a 93% cost reduction by going serverless on AWS. Another success story: the University of Chicago used Amazon Elastic Kubernetes Service (Amazon EKS), a managed container service, to produce ongoing data innovation and support pandemic biomedical research for the National Institutes of Health. Plus, these managed AWS services alleviate the undifferentiated heavy lifting associated with managing and maintaining underlying infrastructure.

In this blog post, learn how public sector customers use AWS serverless and containers technology to modernize their applications.

Building modern applications with serverless

AWS serverless services help customers run code, manage data, and integrate applications, all without managing servers. Customers also benefit from automatic scaling, built-in high availability, and a pay-for-what-you-use billing model. Serverless services eliminate infrastructure management tasks like capacity provisioning and patching, so organizations can focus on writing code that serves their customers. Using AWS-managed and serverless services helps reduce the time to service delivery, so agencies can spend more time focusing on improving the quality and security of the application. Some examples of serverless services are AWS Lambda, AWS Step Functions, and Amazon EventBridge.

Under the serverless model, many organizations adopt event-driven architecture (EDA) to create highly scalable and fault-tolerant applications. An event-driven architecture is an architecture pattern designed to connect service components and help complex systems communicate. An event is a change in state or an update. An example of an event could be a student enrolls in a university class on its website. In an event-driven design, this event can trigger multiple actions in different systems, such as inserting student information into a database, sending a schedule to the student, notifying a faculty member, processing payment, and more. Event-driven architectures are comprised of three key components:

  1. Event producers generate an event (e.g., mobile app, website, software as a service (SaaS) app)
  2. Event brokers transmit events (e.g., event router, event store)
  3. Event consumers process the event (e.g., compute service, SaaS applications)

Figure 1. When you build applications with event-driven architecture, you decouple your event sources and event targets. This can enable teams to act more independently, because your services are loosely coupled.

Figure 1. When you build applications with event-driven architecture, you decouple your event sources and event targets. This can enable teams to act more independently, because your services are loosely coupled.

An event-driven architecture is a decoupled architecture where the components are loosely coupled. In this decoupled architecture, producers broadcast events without necessitating which downstream systems responds to them. Figure 1 illustrates the concept of decoupling event sources from event targets. This saves time because events can be queued and forwarded whenever the receiver is ready to process them. The same event can trigger processes in multiple systems. It is simple to add or modify the consumers without impacting the producer. This allows for building scalable, highly modifiable systems. For example, PowerSchool migrated to a serverless architecture on AWS, which enabled them to handle massive scale while saving 97.6% in operations expenses. Healthcare organization Dr. B launched an event-driven serverless system to get as many COVID-19 vaccines into as many arms as possible.

Building modern applications with containers

 Organizations worldwide are adopting and growing their use of containers as a portable way to run and deploy many new applications. Containers are lightweight and provide a consistent, portable software environment for applications to run and scale anywhere with ease.

When moving to containerized applications, organizations need to consider where and how to invest their operational resources. Core to that consideration is determining the container orchestration platform is best suited for the management of complex application deployments and the delivery of infrastructure automation.

For those with a preference for open-source software (OSS), Kubernetes has gained significant adoption due to its vibrant ecosystem, community, consistent open-source APIs, and broad flexibility. As an example, if you have containerized your application, and are running on-premises in a self-managed Kubernetes cluster, there is significant overhead associated with managing the control plane. You can migrate the same application to Amazon EKS on AWS, Amazon EKS Anywhere in your data center, or even on the edge such as in a ship, plane, or a spaceship. Amazon EKS manages the control plane for you and makes it highly available, reliable, secure, and scalable. Amazon EKS is certified Kubernetes-conformant, so existing applications running on upstream Kubernetes are compatible with Amazon EKS. Migrating to Amazon EKS can also help you integrate with other powerful AWS services. For example, during the COVID-19 pandemic, telehealth solutions became very popular. Telehealth lets patients receive care without having to step into a doctor’s office—a key feature that has benefits for those in hard-to-reach or rural areas and patients with mobility issues. These virtual solutions are achieved using Amazon EKS, along with Amazon Kinesis, and Amazon Aurora.

For powerful simplicity, consider running container workloads on Amazon Elastic Container Service (Amazon ECS). Amazon ECS delivers an AWS-opinionated solution for running containers at scale. It reduces the time it takes customers to build, deploy, or migrate their containerized applications successfully. Using Amazon ECS decreases the number of decisions customers must make around compute, network, and security configurations, without sacrificing scale or features. For example, if a workload needs a load balancer, AWS Application Load Balancer (ALB) or Network Load Balancer (NLB) integrates seamlessly with Amazon ECS, so agencies don’t need to build or maintain generalized abstractions. Simplicity of Amazon ECS reduces the time to market for the applications. For example, the US Department of Justice (DOJ) Tax Division built a remote telework application in six weeks using Amazon ECS. The India-based nonprofit ShikshaLokam used Amazon ECS to build a reliable and scalable platform to provide on-demand digital learning and improvement programs to 150,000 public education leaders in India.

For both Amazon EKS and Amazon ECS, AWS provides multiple levers to implement security best practices, starting with providing a secure AMI (Amazon Machine Image), the capability to scan containers in Amazon Elastic Container Registry (Amazon ECR), and the ability to apply detection, alerts, and forensics for an application.

AWS also offers a serverless compute engine option for Amazon ECS and Amazon EKS called AWS Fargate. This option helps agencies to completely remove the operational overhead of scaling, patching, securing, and managing servers for containerized applications.

Learn more about serverless and containers for the public sector

Public sector customers are adopting serverless and containers to build resilient, highly available, and scalable applications.

Additionally, with security as a top priority for public sector applications, AWS offers serverless and container services designed to help meet certain compliance needs. Refer to the AWS Services in Scope by Compliance Program page to find the list of AWS services in the scope of AWS assurance programs.

If you are interested in learning more about choosing between these different AWS services for your applications, security considerations, and use cases, register now for an upcoming three-part webinar series taking place October 25-27, 2022: Building modern applications for the public sector.

Read more about AWS for application modernization:

Subscribe to the AWS Public Sector Blog newsletter to get the latest in AWS tools, solutions, and innovations from the public sector delivered to your inbox, or contact us.

Please take a few minutes to share insights regarding your experience with the AWS Public Sector Blog in this survey, and we’ll use feedback from the survey to create more content aligned with the preferences of our readers.