SlideShare ist ein Scribd-Unternehmen logo

Amazon Web Services - Running Containers with ECS

Als PPTX, PDF herunterladen
Scott Weber
Scott Weber

Amazon ECS is a highly scalable, high-performance container service that supports Docker containers and allows you to easily run and scale containerized applications on AWS. Amazon ECS eliminates the need for you to install and operate your own container software, manage and scale a cluster of virtual machines, or schedule containers on those virtual machines. Want to learn more? https://eagledream.com/cloud/

Technologie
1 von 14
Amazon Web Services – Running Containers with ECS Scott Weber – Director, Cloud Solutions at EagleDream Technologies
2 DREAM BUILD SOAR Confidential | eagledream.com SECURITY CLOUD DEVELOPMENT WEB DESIGN COMPLIANCE COMMUNICATIONS
3 • Compute Options in AWS • Why Containers? • Amazon EC2 Container Service • Architecture • Security • Scaling Clusters • Deploying Containers Agenda Confidential | eagledream.com
4 Compute Options in AWS Confidential | eagledream.com Amazon EC2 Amazon ECS AWS Lambda • Traditional VMs • Provision on the fly • Autoscaling • Pay per second of run time • IaaS • Docker Containers • Micro Services • AWS Specific Scheduler • Runs on top of EC2 • Scalable • PaaS • Nano Services • Pay for the duration of execution • FaaS • Fully AWS Managed
5 Why Containers Confidential | eagledream.com • Next evolution in virtualization • Domain Driven services/Micro services • Complete packaging of running artifact – Stops the problem of “Well, it ran fine on the developer’s laptop” • Strong isolation of container to container • Infrastructure becomes a platform • Enables, “You built it, you run it”
6 Amazon EC2 Container Service Confidential | eagledream.com Amazon EC2 Container Service (ECS) is a highly scalable, high performance container management service that supports Docker containers and allows you to easily run applications on a managed cluster of Amazon EC2 instances. Amazon ECS eliminates the need for you to install, operate, and scale your own cluster management infrastructure. With simple API calls, you can launch and stop Docker- enabled applications, query the complete state of your cluster, and access many familiar features like security groups, Elastic Load Balancing, EBS volumes, and IAM roles. Source: https://aws.amazon.com/ecs/
7 Why ECS vs. Other Schedulers Confidential | eagledream.com • Designed for AWS by AWS • Very low technical barrier to use • Integrated with other AWS services • Hard problems are solved • Its free!
8 ECS Architecture Confidential | eagledream.com Source: AWS Amazon ECR Amazon RDS Application Load Balancer ECS Cluster ECS Cluster IAM Amazon API Gateway* Amazon Route 53 Amazon CloudWatch
9 Securing ECS – Security Groups Confidential | eagledream.com • Security Groups – Software defined firewalls around objects in AWS – Define inbound and outbound traffic at the port and protocol level – Security groups can reference each other – Used to define application communication patterns Amazon RDS Application Load Balancer EC2 Instance EC2 Instance
10 Securing ECS – IAM Roles Confidential | eagledream.com • IAM Roles – Define access to other AWS services via policies – Each Task has its own Role – Token based and tokens are constantly changed – No more shared accounts and password changes – Implementation is fully scriptable EC2 InstanceEC2 Instance Amazon DynamoDB Amazon S3 IAM Task 1 Task 2
11 Securing ECS – Managing Secrets Confidential | eagledream.com • Simple Systems Manager (SSM) Parameter Store – Leverage KMS for encryption at rest – Access controlled via IAM Roles – Separate configuration from code – Store all configuration data not just secrets – Poll for changes and dynamically change the running containers • Declare a Key • Set a parameter – Example: prod.app1.db-pass – Example: general.license-code • Setup IAM Role • Associate Role to Task/Container • Have application request the parameter https://aws.amazon.com/blogs/compute/managing-secrets-for-amazon-ecs-applications-using-parameter- store-and-iam-roles-for-tasks/ Steps:
12 Scaling Clusters Confidential | eagledream.com • Must scale in 2 vectors – Dynamically alter Tasks as load changes – Dynamically alter EC2 servers as load changes • AWS natively supports scaling up both Tasks and EC2 • AWS natively supports scaling down Tasks • Scale down of EC2 is a non-trivial problem – Autoscaling will randomly choose an EC2 instance to scale down – Must interrupt the process and force the re-distribution of the running containers – AWS published solution is published on GitHub
13 Code Deployment Confidential | eagledream.com Source: https://aws.amazon.com/blogs/compute/continuous-deployment-to-amazon-ecs-using-aws-codepipeline-aws- codebuild-amazon-ecr-and-aws-cloudformation/
14 Primary Contact(s): Jon Providence VP of Enterprise Business Services Phone: 585-943-0084 Email: Jon.Providence@eagledream.com Contact Info Contact Us 1.888.4EAGLEDREAM info@eagledream.com Eagledream.com Headquarters | Rochester, NY 300 Trolley Blvd Rochester, NY 14606 New England | Boston, MA 300 Baker Avenue, Suite 300 Concord, MA 01742 We look forward to being your AWS Partner. EagleDream.com Confidential | eagledream.com

Empfohlen

(BIZ303) Active Directory in the AWS Cloud | AWS re:Invent 2014
(BIZ303) Active Directory in the AWS Cloud | AWS re:Invent 2014(BIZ303) Active Directory in the AWS Cloud | AWS re:Invent 2014
(BIZ303) Active Directory in the AWS Cloud | AWS re:Invent 2014
Amazon Web Services
 
Continuous Delivery to Amazon EC2 Container Service
Continuous Delivery to Amazon EC2 Container ServiceContinuous Delivery to Amazon EC2 Container Service
Continuous Delivery to Amazon EC2 Container Service
Amazon Web Services
 
AWS Community Day - Andrew May - Running Containers in AWS
AWS Community Day - Andrew May - Running Containers in AWS AWS Community Day - Andrew May - Running Containers in AWS
AWS Community Day - Andrew May - Running Containers in AWS
AWS Chicago
 
Deep Dive into AWS ECS and Spot Instances at Scale
Deep Dive into AWS ECS and Spot Instances at ScaleDeep Dive into AWS ECS and Spot Instances at Scale
Deep Dive into AWS ECS and Spot Instances at Scale
Pahud Hsieh
 
Amazon EC2 and AWS Elastic Beanstalk Introduction
Amazon EC2 and AWS Elastic Beanstalk IntroductionAmazon EC2 and AWS Elastic Beanstalk Introduction
Amazon EC2 and AWS Elastic Beanstalk Introduction
Amazon Web Services
 
(DVO305) Turbocharge YContinuous Deployment Pipeline with Containers
(DVO305) Turbocharge YContinuous Deployment Pipeline with Containers(DVO305) Turbocharge YContinuous Deployment Pipeline with Containers
(DVO305) Turbocharge YContinuous Deployment Pipeline with Containers
Amazon Web Services
 
AWS November Webinar Series - From Local Development to Production Using the ...
AWS November Webinar Series - From Local Development to Production Using the ...AWS November Webinar Series - From Local Development to Production Using the ...
AWS November Webinar Series - From Local Development to Production Using the ...
Amazon Web Services
 
Amazon ECS Deep Dive
Amazon ECS Deep DiveAmazon ECS Deep Dive
Amazon ECS Deep Dive
Amazon Web Services
 

Empfohlen

(BIZ303) Active Directory in the AWS Cloud | AWS re:Invent 2014
(BIZ303) Active Directory in the AWS Cloud | AWS re:Invent 2014(BIZ303) Active Directory in the AWS Cloud | AWS re:Invent 2014
(BIZ303) Active Directory in the AWS Cloud | AWS re:Invent 2014
Amazon Web Services
 
Continuous Delivery to Amazon EC2 Container Service
Continuous Delivery to Amazon EC2 Container ServiceContinuous Delivery to Amazon EC2 Container Service
Continuous Delivery to Amazon EC2 Container Service
Amazon Web Services
 
AWS Community Day - Andrew May - Running Containers in AWS
AWS Community Day - Andrew May - Running Containers in AWS AWS Community Day - Andrew May - Running Containers in AWS
AWS Community Day - Andrew May - Running Containers in AWS
AWS Chicago
 
Deep Dive into AWS ECS and Spot Instances at Scale
Deep Dive into AWS ECS and Spot Instances at ScaleDeep Dive into AWS ECS and Spot Instances at Scale
Deep Dive into AWS ECS and Spot Instances at Scale
Pahud Hsieh
 
Amazon EC2 and AWS Elastic Beanstalk Introduction
Amazon EC2 and AWS Elastic Beanstalk IntroductionAmazon EC2 and AWS Elastic Beanstalk Introduction
Amazon EC2 and AWS Elastic Beanstalk Introduction
Amazon Web Services
 
(DVO305) Turbocharge YContinuous Deployment Pipeline with Containers
(DVO305) Turbocharge YContinuous Deployment Pipeline with Containers(DVO305) Turbocharge YContinuous Deployment Pipeline with Containers
(DVO305) Turbocharge YContinuous Deployment Pipeline with Containers
Amazon Web Services
 
AWS November Webinar Series - From Local Development to Production Using the ...
AWS November Webinar Series - From Local Development to Production Using the ...AWS November Webinar Series - From Local Development to Production Using the ...
AWS November Webinar Series - From Local Development to Production Using the ...
Amazon Web Services
 
Amazon ECS Deep Dive
Amazon ECS Deep DiveAmazon ECS Deep Dive
Amazon ECS Deep Dive
Amazon Web Services
 
Continuous Delivery to Amazon ECS - AWS August Webinar Series
Continuous Delivery to Amazon ECS - AWS August Webinar SeriesContinuous Delivery to Amazon ECS - AWS August Webinar Series
Continuous Delivery to Amazon ECS - AWS August Webinar Series
Amazon Web Services
 
Amazon Elastic Container Service (ECS)
Amazon Elastic Container Service (ECS)Amazon Elastic Container Service (ECS)
Amazon Elastic Container Service (ECS)
Andrew Dixon
 
Getting Started with Docker on AWS
Getting Started with Docker on AWSGetting Started with Docker on AWS
Getting Started with Docker on AWS
Amazon Web Services
 
Workshop: Serverless DevOps to the Rescue
Workshop: Serverless DevOps to the RescueWorkshop: Serverless DevOps to the Rescue
Workshop: Serverless DevOps to the Rescue
Amazon Web Services
 
Aws cli
Aws cliAws cli
Aws cli
Anh Vu Pham
 
Introduction to Docker on AWS
Introduction to Docker on AWSIntroduction to Docker on AWS
Introduction to Docker on AWS
Amazon Web Services
 
Eks and fargate
Eks and fargateEks and fargate
Eks and fargate
Asaf Abres
 
Introduzione ad Amazon EKS
Introduzione ad Amazon EKSIntroduzione ad Amazon EKS
Introduzione ad Amazon EKS
Amazon Web Services
 
Continuous Delivery to Amazon EC2 Container Service
Continuous Delivery to Amazon EC2 Container ServiceContinuous Delivery to Amazon EC2 Container Service
Continuous Delivery to Amazon EC2 Container Service
Amazon Web Services
 
Agile Deployment using Git and AWS Elastic Beanstalk
Agile Deployment using Git and AWS Elastic BeanstalkAgile Deployment using Git and AWS Elastic Beanstalk
Agile Deployment using Git and AWS Elastic Beanstalk
Amazon Web Services
 
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
Amazon Web Services
 
Containers for Non-Developers
Containers for Non-DevelopersContainers for Non-Developers
Containers for Non-Developers
Amazon Web Services
 
AWS Innovate: Moving Microsoft .Net applications one container at a time - Da...
AWS Innovate: Moving Microsoft .Net applications one container at a time - Da...AWS Innovate: Moving Microsoft .Net applications one container at a time - Da...
AWS Innovate: Moving Microsoft .Net applications one container at a time - Da...
Amazon Web Services Korea
 
WCM-6 Crafter Studio: Extending Alfresco for Next Generation WCM
WCM-6 Crafter Studio: Extending Alfresco for Next Generation WCMWCM-6 Crafter Studio: Extending Alfresco for Next Generation WCM
WCM-6 Crafter Studio: Extending Alfresco for Next Generation WCM
Alfresco Software
 
Amazon Elastic Beanstalk
Amazon Elastic BeanstalkAmazon Elastic Beanstalk
Amazon Elastic Beanstalk
Eberhard Wolff
 
(SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive (SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive
Amazon Web Services
 
Amazon Web Services - Elastic Beanstalk
Amazon Web Services - Elastic BeanstalkAmazon Web Services - Elastic Beanstalk
Amazon Web Services - Elastic Beanstalk
Amazon Web Services
 
(CMP406) Amazon ECS at Coursera: A general-purpose microservice
(CMP406) Amazon ECS at Coursera: A general-purpose microservice(CMP406) Amazon ECS at Coursera: A general-purpose microservice
(CMP406) Amazon ECS at Coursera: A general-purpose microservice
Amazon Web Services
 
Alfresco Day Roma 2015: Platform Update
Alfresco Day Roma 2015: Platform UpdateAlfresco Day Roma 2015: Platform Update
Alfresco Day Roma 2015: Platform Update
Alfresco Software
 
Zaragoza dev ops-activiti-khd-20181212
Zaragoza dev ops-activiti-khd-20181212Zaragoza dev ops-activiti-khd-20181212
Zaragoza dev ops-activiti-khd-20181212
Angel Borroy López
 
2017 AWSome day Taichung sharing
2017 AWSome day Taichung sharing2017 AWSome day Taichung sharing
2017 AWSome day Taichung sharing
Yu-Lin Huang
 
SRV409 Deep Dive on Microservices and Docker
SRV409 Deep Dive on Microservices and DockerSRV409 Deep Dive on Microservices and Docker
SRV409 Deep Dive on Microservices and Docker
Amazon Web Services
 

Weitere ähnliche Inhalte

Was ist angesagt?

Continuous Delivery to Amazon ECS - AWS August Webinar Series
Continuous Delivery to Amazon ECS - AWS August Webinar SeriesContinuous Delivery to Amazon ECS - AWS August Webinar Series
Continuous Delivery to Amazon ECS - AWS August Webinar Series
Amazon Web Services
 
Workshop: Serverless DevOps to the Rescue
Workshop: Serverless DevOps to the RescueWorkshop: Serverless DevOps to the Rescue
Workshop: Serverless DevOps to the Rescue
Amazon Web Services
 
AWS Innovate: Moving Microsoft .Net applications one container at a time - Da...
AWS Innovate: Moving Microsoft .Net applications one container at a time - Da...AWS Innovate: Moving Microsoft .Net applications one container at a time - Da...
AWS Innovate: Moving Microsoft .Net applications one container at a time - Da...
Amazon Web Services Korea
 
Amazon Elastic Beanstalk
Amazon Elastic BeanstalkAmazon Elastic Beanstalk
Amazon Elastic Beanstalk
Eberhard Wolff
 
(CMP406) Amazon ECS at Coursera: A general-purpose microservice
(CMP406) Amazon ECS at Coursera: A general-purpose microservice(CMP406) Amazon ECS at Coursera: A general-purpose microservice
(CMP406) Amazon ECS at Coursera: A general-purpose microservice
Amazon Web Services
 

Was ist angesagt? (20)

Continuous Delivery to Amazon ECS - AWS August Webinar Series
Continuous Delivery to Amazon ECS - AWS August Webinar SeriesContinuous Delivery to Amazon ECS - AWS August Webinar Series
Continuous Delivery to Amazon ECS - AWS August Webinar Series
 
Amazon Elastic Container Service (ECS)
Amazon Elastic Container Service (ECS)Amazon Elastic Container Service (ECS)
Amazon Elastic Container Service (ECS)
 
Getting Started with Docker on AWS
Getting Started with Docker on AWSGetting Started with Docker on AWS
Getting Started with Docker on AWS
 
Workshop: Serverless DevOps to the Rescue
Workshop: Serverless DevOps to the RescueWorkshop: Serverless DevOps to the Rescue
Workshop: Serverless DevOps to the Rescue
 
Aws cli
Aws cliAws cli
Aws cli
 
Introduction to Docker on AWS
Introduction to Docker on AWSIntroduction to Docker on AWS
Introduction to Docker on AWS
 
Eks and fargate
Eks and fargateEks and fargate
Eks and fargate
 
Introduzione ad Amazon EKS
Introduzione ad Amazon EKSIntroduzione ad Amazon EKS
Introduzione ad Amazon EKS
 
Continuous Delivery to Amazon EC2 Container Service
Continuous Delivery to Amazon EC2 Container ServiceContinuous Delivery to Amazon EC2 Container Service
Continuous Delivery to Amazon EC2 Container Service
 
Agile Deployment using Git and AWS Elastic Beanstalk
Agile Deployment using Git and AWS Elastic BeanstalkAgile Deployment using Git and AWS Elastic Beanstalk
Agile Deployment using Git and AWS Elastic Beanstalk
 
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
 
Containers for Non-Developers
Containers for Non-DevelopersContainers for Non-Developers
Containers for Non-Developers
 
AWS Innovate: Moving Microsoft .Net applications one container at a time - Da...
AWS Innovate: Moving Microsoft .Net applications one container at a time - Da...AWS Innovate: Moving Microsoft .Net applications one container at a time - Da...
AWS Innovate: Moving Microsoft .Net applications one container at a time - Da...
 
WCM-6 Crafter Studio: Extending Alfresco for Next Generation WCM
WCM-6 Crafter Studio: Extending Alfresco for Next Generation WCMWCM-6 Crafter Studio: Extending Alfresco for Next Generation WCM
WCM-6 Crafter Studio: Extending Alfresco for Next Generation WCM
 
Amazon Elastic Beanstalk
Amazon Elastic BeanstalkAmazon Elastic Beanstalk
Amazon Elastic Beanstalk
 
(SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive (SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive
 
Amazon Web Services - Elastic Beanstalk
Amazon Web Services - Elastic BeanstalkAmazon Web Services - Elastic Beanstalk
Amazon Web Services - Elastic Beanstalk
 
(CMP406) Amazon ECS at Coursera: A general-purpose microservice
(CMP406) Amazon ECS at Coursera: A general-purpose microservice(CMP406) Amazon ECS at Coursera: A general-purpose microservice
(CMP406) Amazon ECS at Coursera: A general-purpose microservice
 
Alfresco Day Roma 2015: Platform Update
Alfresco Day Roma 2015: Platform UpdateAlfresco Day Roma 2015: Platform Update
Alfresco Day Roma 2015: Platform Update
 
Zaragoza dev ops-activiti-khd-20181212
Zaragoza dev ops-activiti-khd-20181212Zaragoza dev ops-activiti-khd-20181212
Zaragoza dev ops-activiti-khd-20181212
 

Ähnlich wie Amazon Web Services - Running Containers with ECS

2017 AWSome day Taichung sharing
2017 AWSome day Taichung sharing2017 AWSome day Taichung sharing
2017 AWSome day Taichung sharing
Yu-Lin Huang
 
SRV409 Deep Dive on Microservices and Docker
SRV409 Deep Dive on Microservices and DockerSRV409 Deep Dive on Microservices and Docker
SRV409 Deep Dive on Microservices and Docker
Amazon Web Services
 
Securing serverless and container services - SDD306 - AWS re:Inforce 2019
Securing serverless and container services - SDD306 - AWS re:Inforce 2019 Securing serverless and container services - SDD306 - AWS re:Inforce 2019
Securing serverless and container services - SDD306 - AWS re:Inforce 2019
Amazon Web Services
 
SRV409 Deep Dive on Microservices and Docker
SRV409 Deep Dive on Microservices and DockerSRV409 Deep Dive on Microservices and Docker
SRV409 Deep Dive on Microservices and Docker
Amazon Web Services
 

Ähnlich wie Amazon Web Services - Running Containers with ECS (20)

2017 AWSome day Taichung sharing
2017 AWSome day Taichung sharing2017 AWSome day Taichung sharing
2017 AWSome day Taichung sharing
 
SRV409 Deep Dive on Microservices and Docker
SRV409 Deep Dive on Microservices and DockerSRV409 Deep Dive on Microservices and Docker
SRV409 Deep Dive on Microservices and Docker
 
Securing serverless and container services - SDD306 - AWS re:Inforce 2019
Securing serverless and container services - SDD306 - AWS re:Inforce 2019 Securing serverless and container services - SDD306 - AWS re:Inforce 2019
Securing serverless and container services - SDD306 - AWS re:Inforce 2019
 
[Jun AWS 201] Technical Workshop
[Jun AWS 201] Technical Workshop[Jun AWS 201] Technical Workshop
[Jun AWS 201] Technical Workshop
 
AWS Update from AWS User Group UK July Meetup
AWS Update from AWS User Group UK July MeetupAWS Update from AWS User Group UK July Meetup
AWS Update from AWS User Group UK July Meetup
 
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
 
O'Reilly Webcast: Architecting Applications For The Cloud
O'Reilly Webcast: Architecting Applications For The CloudO'Reilly Webcast: Architecting Applications For The Cloud
O'Reilly Webcast: Architecting Applications For The Cloud
 
Containers on AWS
Containers on AWSContainers on AWS
Containers on AWS
 
AWS Fundamentals @Back2School by CloudZone
AWS Fundamentals @Back2School by CloudZoneAWS Fundamentals @Back2School by CloudZone
AWS Fundamentals @Back2School by CloudZone
 
Deep Dive on Microservices and Docker
Deep Dive on Microservices and DockerDeep Dive on Microservices and Docker
Deep Dive on Microservices and Docker
 
SRV409 Deep Dive on Microservices and Docker
SRV409 Deep Dive on Microservices and DockerSRV409 Deep Dive on Microservices and Docker
SRV409 Deep Dive on Microservices and Docker
 
Amazon EKS - security best practices - 2022
Amazon EKS - security best practices - 2022 Amazon EKS - security best practices - 2022
Amazon EKS - security best practices - 2022
 
From Monolith to Microservices
From Monolith to MicroservicesFrom Monolith to Microservices
From Monolith to Microservices
 
Introduction to AWS
Introduction to AWSIntroduction to AWS
Introduction to AWS
 
Architecting for the Cloud: Best Practices
Architecting for the Cloud: Best PracticesArchitecting for the Cloud: Best Practices
Architecting for the Cloud: Best Practices
 
Architecting for AWS Cloud - let's do it right!
Architecting for AWS Cloud - let's do it right!Architecting for AWS Cloud - let's do it right!
Architecting for AWS Cloud - let's do it right!
 
Fundamentals of Cloud Computing & AWS
Fundamentals of Cloud Computing & AWSFundamentals of Cloud Computing & AWS
Fundamentals of Cloud Computing & AWS
 
Building Secure Architectures on AWS
Building Secure Architectures on AWSBuilding Secure Architectures on AWS
Building Secure Architectures on AWS
 
Amazon Web Services Architecture - An Overview
Amazon Web Services Architecture - An OverviewAmazon Web Services Architecture - An Overview
Amazon Web Services Architecture - An Overview
 
AWS Terms
AWS TermsAWS Terms
AWS Terms
 

Kürzlich hochgeladen

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Kürzlich hochgeladen (20)

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 

Amazon Web Services - Running Containers with ECS

  • 1. Amazon Web Services – Running Containers with ECS Scott Weber – Director, Cloud Solutions at EagleDream Technologies
  • 2. 2 DREAM BUILD SOAR Confidential | eagledream.com SECURITY CLOUD DEVELOPMENT WEB DESIGN COMPLIANCE COMMUNICATIONS
  • 3. 3 • Compute Options in AWS • Why Containers? • Amazon EC2 Container Service • Architecture • Security • Scaling Clusters • Deploying Containers Agenda Confidential | eagledream.com
  • 4. 4 Compute Options in AWS Confidential | eagledream.com Amazon EC2 Amazon ECS AWS Lambda • Traditional VMs • Provision on the fly • Autoscaling • Pay per second of run time • IaaS • Docker Containers • Micro Services • AWS Specific Scheduler • Runs on top of EC2 • Scalable • PaaS • Nano Services • Pay for the duration of execution • FaaS • Fully AWS Managed
  • 5. 5 Why Containers Confidential | eagledream.com • Next evolution in virtualization • Domain Driven services/Micro services • Complete packaging of running artifact – Stops the problem of “Well, it ran fine on the developer’s laptop” • Strong isolation of container to container • Infrastructure becomes a platform • Enables, “You built it, you run it”
  • 6. 6 Amazon EC2 Container Service Confidential | eagledream.com Amazon EC2 Container Service (ECS) is a highly scalable, high performance container management service that supports Docker containers and allows you to easily run applications on a managed cluster of Amazon EC2 instances. Amazon ECS eliminates the need for you to install, operate, and scale your own cluster management infrastructure. With simple API calls, you can launch and stop Docker- enabled applications, query the complete state of your cluster, and access many familiar features like security groups, Elastic Load Balancing, EBS volumes, and IAM roles. Source: https://aws.amazon.com/ecs/
  • 7. 7 Why ECS vs. Other Schedulers Confidential | eagledream.com • Designed for AWS by AWS • Very low technical barrier to use • Integrated with other AWS services • Hard problems are solved • Its free!
  • 8. 8 ECS Architecture Confidential | eagledream.com Source: AWS Amazon ECR Amazon RDS Application Load Balancer ECS Cluster ECS Cluster IAM Amazon API Gateway* Amazon Route 53 Amazon CloudWatch
  • 9. 9 Securing ECS – Security Groups Confidential | eagledream.com • Security Groups – Software defined firewalls around objects in AWS – Define inbound and outbound traffic at the port and protocol level – Security groups can reference each other – Used to define application communication patterns Amazon RDS Application Load Balancer EC2 Instance EC2 Instance
  • 10. 10 Securing ECS – IAM Roles Confidential | eagledream.com • IAM Roles – Define access to other AWS services via policies – Each Task has its own Role – Token based and tokens are constantly changed – No more shared accounts and password changes – Implementation is fully scriptable EC2 InstanceEC2 Instance Amazon DynamoDB Amazon S3 IAM Task 1 Task 2
  • 11. 11 Securing ECS – Managing Secrets Confidential | eagledream.com • Simple Systems Manager (SSM) Parameter Store – Leverage KMS for encryption at rest – Access controlled via IAM Roles – Separate configuration from code – Store all configuration data not just secrets – Poll for changes and dynamically change the running containers • Declare a Key • Set a parameter – Example: prod.app1.db-pass – Example: general.license-code • Setup IAM Role • Associate Role to Task/Container • Have application request the parameter https://aws.amazon.com/blogs/compute/managing-secrets-for-amazon-ecs-applications-using-parameter- store-and-iam-roles-for-tasks/ Steps:
  • 12. 12 Scaling Clusters Confidential | eagledream.com • Must scale in 2 vectors – Dynamically alter Tasks as load changes – Dynamically alter EC2 servers as load changes • AWS natively supports scaling up both Tasks and EC2 • AWS natively supports scaling down Tasks • Scale down of EC2 is a non-trivial problem – Autoscaling will randomly choose an EC2 instance to scale down – Must interrupt the process and force the re-distribution of the running containers – AWS published solution is published on GitHub
  • 13. 13 Code Deployment Confidential | eagledream.com Source: https://aws.amazon.com/blogs/compute/continuous-deployment-to-amazon-ecs-using-aws-codepipeline-aws- codebuild-amazon-ecr-and-aws-cloudformation/
  • 14. 14 Primary Contact(s): Jon Providence VP of Enterprise Business Services Phone: 585-943-0084 Email: Jon.Providence@eagledream.com Contact Info Contact Us 1.888.4EAGLEDREAM info@eagledream.com Eagledream.com Headquarters | Rochester, NY 300 Trolley Blvd Rochester, NY 14606 New England | Boston, MA 300 Baker Avenue, Suite 300 Concord, MA 01742 We look forward to being your AWS Partner. EagleDream.com Confidential | eagledream.com