SlideShare a Scribd company logo

Running containers in AWS

A
AndrewMay59

This document provides an overview of running containers on AWS, including services like ECS, EKS, Fargate, Elastic Beanstalk, ECR, and CloudMap. It discusses the benefits and usage of each service, how they integrate with Docker and Kubernetes, and compares options like ECS on EC2 versus ECS on Fargate. Key points covered include task definitions and scheduling in ECS, cluster management with EKS, multi-container support in Elastic Beanstalk, and service discovery with CloudMap.

Software
1 of 43
Downloaded 15 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
Running Containers in AWS ECS, EKS, FARGATE, ELASTIC BEANSTALK ETC.
About me Andrew May Cloud Solutions Lead and Senior Solutions Architect at Leading EDJE AWS Academy instructor at Columbus State Community College
Docker Service Elastic Container Service (ECS) EC2 Fargate EKS Elastic Beanstalk Single Multi Discovery CloudMap AppMesh Transient AWS Batch CodeBuild
This is not an “Intro to Docker”
…but you may find this useful: Best Practices and Tips for Building Images Columbus Docker User Group ◦Wednesday March 27th - 6pm ◦Here at Leading EDJE office
Transient Docker Container
Service Docker Container
ECR “Amazon Elastic Container Registry (ECR) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images.”
Elastic Container Registry (ECR) ECR is a Docker registry hosted within AWS in each region ◦ Images are stored close to where your containers will run Images are secured using AWS IAM Policies, the service running the containers, or an AWS IAM User must be granted access The Elastic Container Registry contains a Repository for each image, a Repository can store many versions of that image Lifecycle Policies can be used to clean up old versions of images (you pay for the amount of storage you use in ECR, and images are often >100 MB) Login using AWS CLI (`aws ecr get-login --no-include-email –profile … --region us-east-1`), use standard Docker commands to pull and push Image names are prefixed by ECR Repository URL (<account>.dkr.ecr.<region>.amazonaws.com)
Repository storing multiple versions
Orchestration When running a production service, it’s no longer sufficient to manually start Docker containers. Orchestration is the management of the container lifecycles.
Orchestration provides: ➢Configuration ➢Scheduling ➢Deployment ➢Scaling ➢Storage (Volume) mapping ➢Secret management ➢High Availability ➢Load balancing integration
Managed Orchestration options (AWS)
ECS “Amazon Elastic Container Service is a highly scalable, high-performance container orchestration service that supports Docker containers and allows you to easily run and scale containerized applications on AWS”
Elastic Container Service (ECS) Original AWS Service for running containers ◦ Before it was made a public service, was the basis for Lambda functions launched a year earlier ECS Service is free, you only pay for the resources (EC2/Fargate) that are used with ECS Strong integration with other AWS Services, in particular: ◦ IAM permissions at container (task) level ◦ Load balancers (ELB/ALB/NLB) AutoScaling of containers (similar to EC2 AutoScaling)
• ECS can use either EC2 instances or Fargate to run Docker containers • Container Instances = ECS Instances = EC2 Instances • Tasks have 1 or more running Containers • Tasks are defined by Task Definitions
Task Definition and Tasks ❖ The Task Definition is a Template for a Task, that will run one or more Container ❖ The Task Definition will reference the Container Image that will be pulled from ECR (or Dockerhub) ❖ The ECS Agent pulls this image to start the containers for the Task ❖ Also specifies Port mappings, CPU/Memory requirements, Volumes etc. ❖ Specifies whether it runs on EC2 or Fargate ❖ Task Definitions are versioned
Application Load Balancer Integration with ECS Services ❖ ECS Services are long running Tasks (e.g. Webservers) ❖ Docker Containers have a container port (e.g. 80) and a host port ❖ Host ports can be predefined or if zero is specified in Task Definition it will use an ephemeral port ❖ ALB Target Group registered with Service will automatically be updated with correct port on EC2 instance when new container starts
Other ECS Benefits ECS Infrastructure can be created using CloudFormation Updating a Service to use a new Task Definition will perform a Blue-Green deployment ◦ New Tasks are started and must be healthy (e.g. via ALB healthcheck) before old Tasks are stopped Task Placement can distribute across AZs or binpack ◦ Can also have non homogeneous clusters with different instance types and control where tasks run DAEMON Services can be used for running agents (e.g. XRay) on each EC2 instance in cluster, rather than including in each Task Definition as a “sidecar” Metrics collected in CloudWatch, and logs can go to CloudWatch Logs or other destinations
Fargate “AWS Fargate is a compute engine for Amazon ECS that allows you to run containers without having to manage servers”
Fargate “Serverless” option for running containers in an ECS Cluster ◦ Configure desired CPU/Memory and this will be guaranteed for that container ◦ Compare to using EC2 where you may be over/under provisioned Configuration uses Task Definitions, with only minor changes from running on EC2 Networking is always awsvpc – i.e. it will use an ENI per instance (one of your subnet IPs) Because there is no shared server, can no longer run DAEMON tasks ◦ Can still run “sidecar” containers that are defined in the shared task definition Scaling at a task level is similar to when using EC2 instances, but without the complexity of scaling the underlying EC2 AutoScaling group(s)
Fargate Pricing Fargate was expensive when launched, but the Firecracker VM technology has allowed AWS to reduce costs ◦ vCPU $0.04048/hour Memory $0.004445/GB hour ◦ Still expensive compared to well utilized EC2, especially if using reserved instances Tech10 (https://www.trek10.com/blog/fargate-pricing-vs-ec2/) produced a pricing comparison that compares EC2 and Fargate pricing for ECS ◦ With recent price reductions, Fargate is comparable in price to on-demand EC2 instances with ~70% utilization ◦ EC2 reserved instances are considerably cheaper, but will typically only be used for baseline load
EKS “Amazon Elastic Container Service for Kubernetes (Amazon EKS) makes it easy to deploy, manage, and scale containerized applications using Kubernetes on AWS.”
Kubernetes Predominant Docker Orchestration service Managed Kubernetes available in: ◦ Google Cloud Platform (Google Kubernetes Engine) ◦ Microsoft Azure (Azure Kubernetes Service – AKS) ◦ Amazon Web Services (EKS) The GCP offering is the most mature, AKS and EKS were both launched in 2018 Support for running Kubernetes clusters on EC2 and integrating with other services (e.g. ELB) has existed for longer than EKS has been available
What does EKS manage? EKS manages three Kubernetes master instances across AZs to provide high availability
Using EKS Cluster creation can be automated with CloudFormation, and AWS provides sample templates Cluster requires: ◦ VPC with public/private subnets to run in, and security group used for control plane ◦ EKS Service IAM role (allows cluster to create load balancers etc.) ◦ EKS Cluster (the master instances managed by AWS) ◦ Node instances – use EKS AMI that runs a bootstrap to register with cluster Once Cluster created, configure kubectl with access to cluster and use normal Kubernetes tools and templates to manage and deploy to the cluster EKS Cluster cost $0.20/hour (about $140/month)
Integration with other AWS Services Kubernetes (not specifically EKS) supports Classic ELBs and NLBs, but not ALBs ◦ Can use Nginx Ingress (with ELB) or aws-alb-ingress-controller Integrating with IAM to provide “pod” level permissions requires installing kube2Iam Registering created load balancers with Route 53 requires installing external-dns Making logs accessible requires Fluentd or another service to be installed Metrics collections requires additional services to be installed You may need to install Helm to install some of these other services All of these extra service that need to be run, consume memory/CPU on worker nodes
Cloud Portability One of the promises of Kubernetes is the ability to run applications in the same way across different Cloud platforms There significant variations between what is supported across AWS, GCP and Azure, and what services are preinstalled as part of managed clusters Running the same service across multiple Cloud platforms requires using platform specific annotations However, most of those differences are hidden from the running applications that can operate the same way across platforms
Elastic Beanstalk “AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS.”
Elastic Beanstalk Elastic Beanstalk is a Platform-as-a-Service (PaaS) for a variety of languages and services Aims to make it easy to migrate applications to AWS Manages underlying infrastructure, high availability, deployments, logging etc. ◦ Can also create databases and other related services
Elastic Beanstalk Docker support Single Container (version 1) Launched in 2014 (before ECS) Runs single container per EC2 instance Uses Nginx as proxy to container Upload source code including Dockerfile and it will build and deploy container OR Upload configuration file referencing image stored in Docker registry Multiple Container (version 2) Launched in 2015 Runs containers on ECS Can only reference prebuilt images stored in a Docker registry Can upload files that are mounted as container volumes as part of the deployment bundle
AWS CloudMap “AWS Cloud Map is a cloud resource discovery service. With Cloud Map, you can define custom names for your application resources, and it maintains the updated location of these dynamically changing resources.”
CloudMap AWS CloudMap superceeds Service Discovery for ECS ◦ Launched in May 2018, Service Discovery for ECS registered running tasks in a Route 53 namespace (hosted zone), creating A (IP) and SRV (IP and Port) records ◦ Query DNS for available services ◦ ECS Tasks must use awsvpc networking, either using Fargate or the limited number of ENIs available per EC2 instance AWS CloudMap builds the previous service to add an API based system that still supports DNS, but is no longer reliant upon it, allowing it to be used for resources where DNS does not apply ◦ Supports a variety of services including ECS, EKS, S3, SQS, Lambda, Load Balancers ◦ ECS Tasks with Service discovery enabled automatically enrolled in CloudMap ◦ EKS support via External DNS Similar to the Service Discovery portions of Hashicorp Consul
CloudMap
CloudMap
AWS AppMesh (BETA) “AWS App Mesh makes it easy to monitor and control microservices running on AWS. App Mesh standardizes how your microservices communicate, giving you end-to-end visibility and helping to ensure high-availability for your applications.”
AppMesh Available in public Beta, but still in very early stages Service Mesh implementation for AWS, using the Open Source Envoy proxy, but a custom Control Plane Manage connectivity between microservices, including traffic shaping functionality like: ◦ Routing: Canary and A/B Testing ◦ Load Balancing and Service Discovery ◦ Handling Failures (Retry, Circuit Breaker) Integration with CloudMap for Service Discovery Logging and Tracing (CloudWatch, X-Ray)
AppMesh
AWS Batch “AWS Batch enables developers, scientists, and engineers to easily and efficiently run hundreds of thousands of batch computing jobs on AWS.”
AWS Batch Batch service that automatically provisions computing resources to run Jobs Job = Unit of work: shell script, Linux executable or Docker container image Job Definition = How jobs are run: IAM Role, CPU/Memory requirements ◦ Similar to ECS Task Definition Job Queue = Queue of jobs to run, can have multiple queues (e.g. different priorities) Jobs are run using Docker containers utilizing ECS technology ◦ EC2 instances for running containers are automatically managed ◦ Can use EC2 spot instances to reduce costs
AWS CodeBuild “AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy.”
AWS CodeBuild Docker based build/test environment ◦ All steps run in docker containers, either provided codebuild containers for common build tools, or custom images from ECR/Dockerhub ◦ Support for Windows (e.g. .NET Framework) builds using Windows containers on Windows Server Commonly integrated with CodePipeline Scales automatically rather than provisioning agents Pay for build minutes ◦ First 100 build minutes (smallest instance type) per month free
Questions?

More Related Content

What's hot (6)

PPTX
ECS - from 0 to 100
Vitaliy Kuznetsov
 
PDF
Containers Meetup (AWS+CNCF) Milano Jan 15th 2020
Massimo Ferre'
 
PDF
Amazon Ec2 Application Design
guestd0b61e
 
PDF
Amazon EC2
sonal parmar
 
PPTX
Aws ec2
Bhavik Vashi
 
PPTX
AWS ECS workshop
Prashant Kalkar
 
ECS - from 0 to 100
Vitaliy Kuznetsov
 
Containers Meetup (AWS+CNCF) Milano Jan 15th 2020
Massimo Ferre'
 
Amazon Ec2 Application Design
guestd0b61e
 
Amazon EC2
sonal parmar
 
Aws ec2
Bhavik Vashi
 
AWS ECS workshop
Prashant Kalkar
 

Similar to Running containers in AWS (20)

PPTX
AWS ECS Meetup Talentica
Anshul Patel
 
PDF
Running containerized application in AWS ECS
DevOps Indonesia
 
ODP
Walk-through: Amazon ECS
Knoldus Inc.
 
PPTX
Getting Started with Amazon EKS (Managed Kubernetes)
Tanya Seno
 
PPTX
Docker on AWS - the Right Way
AllCloud
 
PPTX
EKS AWS Presentation kuberneted oriented
anabella881965
 
PDF
AWS Community Day - Andrew May - Running Containers in AWS
AWS Chicago
 
PPTX
Amazon EKS Deep Dive
Andrzej Komarnicki
 
PDF
AWS re:Invent re:Cap - 배포를 더욱 손쉽고 빠르게: Amazon EC2 Container Service - 김일호
Amazon Web Services Korea
 
PPTX
Containers on AWS
AWS Riyadh User Group
 
PPTX
Wi t containerizemicroservices
Dipali Kulshrestha
 
PDF
Amazon EC2 container service
Aleksandr Maklakov
 
PPTX
Docker and Azure Kubernetes service.pptx
ArzitPanda
 
PPTX
Major Container Platform Comparison
indu Yadav
 
PDF
Getting Started with Docker on AWS
Kristana Kane
 
PPTX
aks_training_document_Azure_kuberne.pptx
WaseemShare
 
PDF
Kubernetes and Amazon ECS
Geert Pante
 
PDF
ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day
Amazon Web Services Korea
 
PDF
ECS in action
Naoki AINOYA
 
PDF
AWS ECS vs EKS
Norberto Enomoto
 
AWS ECS Meetup Talentica
Anshul Patel
 
Running containerized application in AWS ECS
DevOps Indonesia
 
Walk-through: Amazon ECS
Knoldus Inc.
 
Getting Started with Amazon EKS (Managed Kubernetes)
Tanya Seno
 
Docker on AWS - the Right Way
AllCloud
 
EKS AWS Presentation kuberneted oriented
anabella881965
 
AWS Community Day - Andrew May - Running Containers in AWS
AWS Chicago
 
Amazon EKS Deep Dive
Andrzej Komarnicki
 
AWS re:Invent re:Cap - 배포를 더욱 손쉽고 빠르게: Amazon EC2 Container Service - 김일호
Amazon Web Services Korea
 
Containers on AWS
AWS Riyadh User Group
 
Wi t containerizemicroservices
Dipali Kulshrestha
 
Amazon EC2 container service
Aleksandr Maklakov
 
Docker and Azure Kubernetes service.pptx
ArzitPanda
 
Major Container Platform Comparison
indu Yadav
 
Getting Started with Docker on AWS
Kristana Kane
 
aks_training_document_Azure_kuberne.pptx
WaseemShare
 
Kubernetes and Amazon ECS
Geert Pante
 
ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day
Amazon Web Services Korea
 
ECS in action
Naoki AINOYA
 
AWS ECS vs EKS
Norberto Enomoto
 
Ad

Recently uploaded (20)

PDF
On Software Engineers' Productivity - Beyond Misleading Metrics
Romén Rodríguez-Gil
 
PDF
Step-by-Step Guide to Install SAP HANA Studio | Complete Installation Tutoria...
SAP Vista, an A L T Z E N Company
 
PPT
Brief History of Python by Learning Python in three hours
adanechb21
 
PDF
Salesforce Implementation Services Provider.pdf
VALiNTRY360
 
PPTX
Farrell__10e_ch04_PowerPoint.pptx Programming Logic and Design slides
bashnahara11
 
PDF
Supabase Meetup: Build in a weekend, scale to millions
Carlo Gilmar Padilla Santana
 
PDF
Salesforce Pricing Update 2025: Impact, Strategy & Smart Cost Optimization wi...
GetOnCRM Solutions
 
PDF
Download iTop VPN Free 6.1.0.5882 Crack Full Activated Pre Latest 2025
imang66g
 
PDF
What companies do with Pharo (ESUG 2025)
ESUG
 
PPTX
ASSIGNMENT_1[1][1][1][1][1] (1) variables.pptx
kr2589474
 
PDF
advancepresentationskillshdhdhhdhdhdhhfhf
jasmenrojas249
 
PDF
AI Image Enhancer: Revolutionizing Visual Quality”
docmasoom
 
PDF
Enhancing Security in VAST: Towards Static Vulnerability Scanning
ESUG
 
PDF
How to Download and Install ADT (ABAP Development Tools) for Eclipse IDE | SA...
SAP Vista, an A L T Z E N Company
 
PPTX
slidesgo-unlocking-the-code-the-dynamic-dance-of-variables-and-constants-2024...
kr2589474
 
PDF
AWS_Agentic_AI_in_Indian_BFSI_A_Strategic_Blueprint_for_Customer.pdf
siddharthnetsavvies
 
PPTX
Role Of Python In Programing Language.pptx
jaykoshti048
 
PPTX
Contractor Management Platform and Software Solution for Compliance
SHEQ Network Limited
 
PPTX
Presentation about variables and constant.pptx
kr2589474
 
PDF
New Download MiniTool Partition Wizard Crack Latest Version 2025
imang66g
 
On Software Engineers' Productivity - Beyond Misleading Metrics
Romén Rodríguez-Gil
 
Step-by-Step Guide to Install SAP HANA Studio | Complete Installation Tutoria...
SAP Vista, an A L T Z E N Company
 
Brief History of Python by Learning Python in three hours
adanechb21
 
Salesforce Implementation Services Provider.pdf
VALiNTRY360
 
Farrell__10e_ch04_PowerPoint.pptx Programming Logic and Design slides
bashnahara11
 
Supabase Meetup: Build in a weekend, scale to millions
Carlo Gilmar Padilla Santana
 
Salesforce Pricing Update 2025: Impact, Strategy & Smart Cost Optimization wi...
GetOnCRM Solutions
 
Download iTop VPN Free 6.1.0.5882 Crack Full Activated Pre Latest 2025
imang66g
 
What companies do with Pharo (ESUG 2025)
ESUG
 
ASSIGNMENT_1[1][1][1][1][1] (1) variables.pptx
kr2589474
 
advancepresentationskillshdhdhhdhdhdhhfhf
jasmenrojas249
 
AI Image Enhancer: Revolutionizing Visual Quality”
docmasoom
 
Enhancing Security in VAST: Towards Static Vulnerability Scanning
ESUG
 
How to Download and Install ADT (ABAP Development Tools) for Eclipse IDE | SA...
SAP Vista, an A L T Z E N Company
 
slidesgo-unlocking-the-code-the-dynamic-dance-of-variables-and-constants-2024...
kr2589474
 
AWS_Agentic_AI_in_Indian_BFSI_A_Strategic_Blueprint_for_Customer.pdf
siddharthnetsavvies
 
Role Of Python In Programing Language.pptx
jaykoshti048
 
Contractor Management Platform and Software Solution for Compliance
SHEQ Network Limited
 
Presentation about variables and constant.pptx
kr2589474
 
New Download MiniTool Partition Wizard Crack Latest Version 2025
imang66g
 
Ad

Running containers in AWS

  • 1. Running Containers in AWS ECS, EKS, FARGATE, ELASTIC BEANSTALK ETC.
  • 2. About me Andrew May Cloud Solutions Lead and Senior Solutions Architect at Leading EDJE AWS Academy instructor at Columbus State Community College
  • 3. Docker Service Elastic Container Service (ECS) EC2 Fargate EKS Elastic Beanstalk Single Multi Discovery CloudMap AppMesh Transient AWS Batch CodeBuild
  • 4. This is not an “Intro to Docker”
  • 5. …but you may find this useful: Best Practices and Tips for Building Images Columbus Docker User Group ◦Wednesday March 27th - 6pm ◦Here at Leading EDJE office
  • 8. ECR “Amazon Elastic Container Registry (ECR) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images.”
  • 9. Elastic Container Registry (ECR) ECR is a Docker registry hosted within AWS in each region ◦ Images are stored close to where your containers will run Images are secured using AWS IAM Policies, the service running the containers, or an AWS IAM User must be granted access The Elastic Container Registry contains a Repository for each image, a Repository can store many versions of that image Lifecycle Policies can be used to clean up old versions of images (you pay for the amount of storage you use in ECR, and images are often >100 MB) Login using AWS CLI (`aws ecr get-login --no-include-email –profile … --region us-east-1`), use standard Docker commands to pull and push Image names are prefixed by ECR Repository URL (<account>.dkr.ecr.<region>.amazonaws.com)
  • 11. Orchestration When running a production service, it’s no longer sufficient to manually start Docker containers. Orchestration is the management of the container lifecycles.
  • 12. Orchestration provides: ➢Configuration ➢Scheduling ➢Deployment ➢Scaling ➢Storage (Volume) mapping ➢Secret management ➢High Availability ➢Load balancing integration
  • 14. ECS “Amazon Elastic Container Service is a highly scalable, high-performance container orchestration service that supports Docker containers and allows you to easily run and scale containerized applications on AWS”
  • 15. Elastic Container Service (ECS) Original AWS Service for running containers ◦ Before it was made a public service, was the basis for Lambda functions launched a year earlier ECS Service is free, you only pay for the resources (EC2/Fargate) that are used with ECS Strong integration with other AWS Services, in particular: ◦ IAM permissions at container (task) level ◦ Load balancers (ELB/ALB/NLB) AutoScaling of containers (similar to EC2 AutoScaling)
  • 16. • ECS can use either EC2 instances or Fargate to run Docker containers • Container Instances = ECS Instances = EC2 Instances • Tasks have 1 or more running Containers • Tasks are defined by Task Definitions
  • 17. Task Definition and Tasks ❖ The Task Definition is a Template for a Task, that will run one or more Container ❖ The Task Definition will reference the Container Image that will be pulled from ECR (or Dockerhub) ❖ The ECS Agent pulls this image to start the containers for the Task ❖ Also specifies Port mappings, CPU/Memory requirements, Volumes etc. ❖ Specifies whether it runs on EC2 or Fargate ❖ Task Definitions are versioned
  • 18. Application Load Balancer Integration with ECS Services ❖ ECS Services are long running Tasks (e.g. Webservers) ❖ Docker Containers have a container port (e.g. 80) and a host port ❖ Host ports can be predefined or if zero is specified in Task Definition it will use an ephemeral port ❖ ALB Target Group registered with Service will automatically be updated with correct port on EC2 instance when new container starts
  • 19. Other ECS Benefits ECS Infrastructure can be created using CloudFormation Updating a Service to use a new Task Definition will perform a Blue-Green deployment ◦ New Tasks are started and must be healthy (e.g. via ALB healthcheck) before old Tasks are stopped Task Placement can distribute across AZs or binpack ◦ Can also have non homogeneous clusters with different instance types and control where tasks run DAEMON Services can be used for running agents (e.g. XRay) on each EC2 instance in cluster, rather than including in each Task Definition as a “sidecar” Metrics collected in CloudWatch, and logs can go to CloudWatch Logs or other destinations
  • 20. Fargate “AWS Fargate is a compute engine for Amazon ECS that allows you to run containers without having to manage servers”
  • 21. Fargate “Serverless” option for running containers in an ECS Cluster ◦ Configure desired CPU/Memory and this will be guaranteed for that container ◦ Compare to using EC2 where you may be over/under provisioned Configuration uses Task Definitions, with only minor changes from running on EC2 Networking is always awsvpc – i.e. it will use an ENI per instance (one of your subnet IPs) Because there is no shared server, can no longer run DAEMON tasks ◦ Can still run “sidecar” containers that are defined in the shared task definition Scaling at a task level is similar to when using EC2 instances, but without the complexity of scaling the underlying EC2 AutoScaling group(s)
  • 22. Fargate Pricing Fargate was expensive when launched, but the Firecracker VM technology has allowed AWS to reduce costs ◦ vCPU $0.04048/hour Memory $0.004445/GB hour ◦ Still expensive compared to well utilized EC2, especially if using reserved instances Tech10 (https://www.trek10.com/blog/fargate-pricing-vs-ec2/) produced a pricing comparison that compares EC2 and Fargate pricing for ECS ◦ With recent price reductions, Fargate is comparable in price to on-demand EC2 instances with ~70% utilization ◦ EC2 reserved instances are considerably cheaper, but will typically only be used for baseline load
  • 23. EKS “Amazon Elastic Container Service for Kubernetes (Amazon EKS) makes it easy to deploy, manage, and scale containerized applications using Kubernetes on AWS.”
  • 24. Kubernetes Predominant Docker Orchestration service Managed Kubernetes available in: ◦ Google Cloud Platform (Google Kubernetes Engine) ◦ Microsoft Azure (Azure Kubernetes Service – AKS) ◦ Amazon Web Services (EKS) The GCP offering is the most mature, AKS and EKS were both launched in 2018 Support for running Kubernetes clusters on EC2 and integrating with other services (e.g. ELB) has existed for longer than EKS has been available
  • 25. What does EKS manage? EKS manages three Kubernetes master instances across AZs to provide high availability
  • 26. Using EKS Cluster creation can be automated with CloudFormation, and AWS provides sample templates Cluster requires: ◦ VPC with public/private subnets to run in, and security group used for control plane ◦ EKS Service IAM role (allows cluster to create load balancers etc.) ◦ EKS Cluster (the master instances managed by AWS) ◦ Node instances – use EKS AMI that runs a bootstrap to register with cluster Once Cluster created, configure kubectl with access to cluster and use normal Kubernetes tools and templates to manage and deploy to the cluster EKS Cluster cost $0.20/hour (about $140/month)
  • 27. Integration with other AWS Services Kubernetes (not specifically EKS) supports Classic ELBs and NLBs, but not ALBs ◦ Can use Nginx Ingress (with ELB) or aws-alb-ingress-controller Integrating with IAM to provide “pod” level permissions requires installing kube2Iam Registering created load balancers with Route 53 requires installing external-dns Making logs accessible requires Fluentd or another service to be installed Metrics collections requires additional services to be installed You may need to install Helm to install some of these other services All of these extra service that need to be run, consume memory/CPU on worker nodes
  • 28. Cloud Portability One of the promises of Kubernetes is the ability to run applications in the same way across different Cloud platforms There significant variations between what is supported across AWS, GCP and Azure, and what services are preinstalled as part of managed clusters Running the same service across multiple Cloud platforms requires using platform specific annotations However, most of those differences are hidden from the running applications that can operate the same way across platforms
  • 29. Elastic Beanstalk “AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS.”
  • 30. Elastic Beanstalk Elastic Beanstalk is a Platform-as-a-Service (PaaS) for a variety of languages and services Aims to make it easy to migrate applications to AWS Manages underlying infrastructure, high availability, deployments, logging etc. ◦ Can also create databases and other related services
  • 31. Elastic Beanstalk Docker support Single Container (version 1) Launched in 2014 (before ECS) Runs single container per EC2 instance Uses Nginx as proxy to container Upload source code including Dockerfile and it will build and deploy container OR Upload configuration file referencing image stored in Docker registry Multiple Container (version 2) Launched in 2015 Runs containers on ECS Can only reference prebuilt images stored in a Docker registry Can upload files that are mounted as container volumes as part of the deployment bundle
  • 32. AWS CloudMap “AWS Cloud Map is a cloud resource discovery service. With Cloud Map, you can define custom names for your application resources, and it maintains the updated location of these dynamically changing resources.”
  • 33. CloudMap AWS CloudMap superceeds Service Discovery for ECS ◦ Launched in May 2018, Service Discovery for ECS registered running tasks in a Route 53 namespace (hosted zone), creating A (IP) and SRV (IP and Port) records ◦ Query DNS for available services ◦ ECS Tasks must use awsvpc networking, either using Fargate or the limited number of ENIs available per EC2 instance AWS CloudMap builds the previous service to add an API based system that still supports DNS, but is no longer reliant upon it, allowing it to be used for resources where DNS does not apply ◦ Supports a variety of services including ECS, EKS, S3, SQS, Lambda, Load Balancers ◦ ECS Tasks with Service discovery enabled automatically enrolled in CloudMap ◦ EKS support via External DNS Similar to the Service Discovery portions of Hashicorp Consul
  • 36. AWS AppMesh (BETA) “AWS App Mesh makes it easy to monitor and control microservices running on AWS. App Mesh standardizes how your microservices communicate, giving you end-to-end visibility and helping to ensure high-availability for your applications.”
  • 37. AppMesh Available in public Beta, but still in very early stages Service Mesh implementation for AWS, using the Open Source Envoy proxy, but a custom Control Plane Manage connectivity between microservices, including traffic shaping functionality like: ◦ Routing: Canary and A/B Testing ◦ Load Balancing and Service Discovery ◦ Handling Failures (Retry, Circuit Breaker) Integration with CloudMap for Service Discovery Logging and Tracing (CloudWatch, X-Ray)
  • 39. AWS Batch “AWS Batch enables developers, scientists, and engineers to easily and efficiently run hundreds of thousands of batch computing jobs on AWS.”
  • 40. AWS Batch Batch service that automatically provisions computing resources to run Jobs Job = Unit of work: shell script, Linux executable or Docker container image Job Definition = How jobs are run: IAM Role, CPU/Memory requirements ◦ Similar to ECS Task Definition Job Queue = Queue of jobs to run, can have multiple queues (e.g. different priorities) Jobs are run using Docker containers utilizing ECS technology ◦ EC2 instances for running containers are automatically managed ◦ Can use EC2 spot instances to reduce costs
  • 41. AWS CodeBuild “AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy.”
  • 42. AWS CodeBuild Docker based build/test environment ◦ All steps run in docker containers, either provided codebuild containers for common build tools, or custom images from ECR/Dockerhub ◦ Support for Windows (e.g. .NET Framework) builds using Windows containers on Windows Server Commonly integrated with CodePipeline Scales automatically rather than provisioning agents Pay for build minutes ◦ First 100 build minutes (smallest instance type) per month free