SlideShare a Scribd company logo

EFS_Integration.pdf

Suman Debnath
Suman Debnath

EFS Integration with Serverless (Lambda) and Container (ECS and EKS)

Technology
1 of 48
Download to read offline
© 2022, Amazon Web Services, Inc. or its Affiliates. Suman Debnath Developer Advocate, Amazon EFS Amazon EFS Serverless and Container Integration
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Stateful applications need durable shared storage Availability and durability Data sharing Scalable … Containers and serverless functions are transient in nature; long-running applications can benefit from keeping state in a durable storage Distributed applications like web serving, machine learning inference, and continuous integration and delivery benefit from shared storage layer Modern data-intensive applications like analytics require fast access to large volumes of data
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Lift & shift today, accelerate modernization Migrate Lift & shift applications to the cloud Amazon EKS Amazon ECS AWS Fargate AWS Lambda Amazon SageMaker Amazon EFS Amazon EC2
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Lift & shift today, accelerate modernization Migrate Lift & shift applications to the cloud Amazon EKS Amazon ECS AWS Fargate AWS Lambda Amazon SageMaker Amazon EFS Amazon EC2 Modernize Convert existing applications and build new applications with microservices like containers and serverless
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Availability zone Availability zone AWS Lambda Mount Target Mount Target Amazon EFS file system Amazon EFS and AWS Lambda
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Availability zone Availability zone AWS Lambda Mount Target Mount Target Amazon EFS file system Elastic, shared, serverless storage Petabyte-scale elastic storage for Lambda functions Build stateful applications Low-latency Pay for what you use Serverless storage Share data across 1000s of function invocations Amazon EFS and AWS Lambda
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Amazon EFS and AWS Lambda : How it works Create an Amazon EFS file system
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Create an Amazon EFS file system Create an Access Point Amazon EFS and AWS Lambda : How it works
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Configuring the Access Point Amazon EFS and AWS Lambda : How it works
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Configuring the Access Point Creating the Lambda Function Amazon EFS and AWS Lambda : How it works
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Adding the file system Amazon EFS and AWS Lambda : How it works
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Adding the file system Select the file system Amazon EFS and AWS Lambda : How it works
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL What we are going to build ? User Request Prediction
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Let’s focus on this… User Request Prediction
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Client Application Architecture
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Amazon API Gateway Client Application User Request Architecture
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Amazon API Gateway Client Application AWS Lambda User Request Invoke Architecture
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Amazon API Gateway Client Application AWS Lambda User Request Invoke Architecture Amazon EFS Loading Models
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Amazon API Gateway Client Application AWS Lambda User Request Invoke Architecture Amazon EFS Loading Models Amazon S3 Uploading Models ML Engineer
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Amazon API Gateway Client Application AWS Lambda User Request Invoke Architecture Amazon EFS Loading Models Amazon S3 Uploading Models ML Engineer AWS Lambda Trigger
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Amazon API Gateway Client Application AWS Lambda User Request Invoke Architecture Amazon EFS Loading Models Amazon S3 Uploading Models ML Engineer AWS Lambda Trigger Response Prediction
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Amazon API Gateway Client Application AWS Lambda User Request Invoke Architecture Amazon EFS Loading Models Amazon S3 Uploading Models ML Engineer AWS Lambda Trigger Response Prediction
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Amazon API Gateway Client Application AWS Lambda User Request Invoke Architecture Amazon EFS Loading Models Amazon S3 Uploading Models ML Engineer AWS Lambda Trigger Response Prediction
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Amazon API Gateway Client Application AWS Lambda User Request Invoke Architecture Amazon EFS Loading Models Amazon S3 Uploading Models ML Engineer AWS Lambda Trigger Response Prediction app1(s3-efs) app2(ml-inference)
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Demo @ aws-samples/amazon-efs-developer-zone
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Amazon Elastic File System (Amazon EFS) EC2 instance or on-premises server Application code Task Container 1 Container 2 Amazon ECS Amazon EC2 Pod Container 1 Container 2 Amazon EKS Amazon EC2 CSI driver AWS Fargate AWS Fargate Elastic, shared, highly-available storage Persist storage across containers Pay for what you use Serverless storage Application level security Amazon ECS and AWS Container Services
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Amazon ECS and Amazon EFS: How it works
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Create Amazon ECS Cluster Amazon ECS and Amazon EFS: How it works
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Create Amazon ECS Cluster Create Amazon ECS and Amazon EFS: How it works
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Create Amazon ECS Cluster Create a security group for Amazon EFS Create an Amazon EFS file system Amazon ECS and Amazon EFS: How it works
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Create Amazon ECS and Amazon EFS: How it works
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Create a task definition Mount Point definition Amazon ECS and Amazon EFS: How it works
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Create Amazon EKS Cluster Amazon EFS CSI Driver for Kubernetes
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Create Amazon EKS Cluster Create a security group for Amazon EFS Amazon EFS CSI Driver for Kubernetes
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Create Amazon EKS Cluster Create a security group for Amazon EFS Create an Amazon EFS file system Amazon EFS CSI Driver for Kubernetes
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Create Amazon EKS Cluster Create a security group for Amazon EFS Create an Amazon EFS file system Deploy EFS CSI Driver (Open Source) Amazon EFS CSI Driver for Kubernetes
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Defining Storage class Amazon EFS CSI Driver for Kubernetes
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Defining Storage class Persistent Volume Claim Mounting on the container/pod Amazon EFS CSI Driver for Kubernetes
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Kubeflow with Amazon EKS and Amazon EFS Amazon EKS Training Container 2 Training Container n Amazon EFS CSI driver Pod Pod Amazon ECR Pod Training Container 1 Build the container image for training and push it to ECR Save the training dataset on Amazon EFS
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Amazon EFS Developer Zone
© 2022, Amazon Web Services, Inc. or its Affiliates. Suman Debnath Developer Advocate, Amazon EFS Thank You
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Backup
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Goals for security and identity 1. File systems should only be mountable by applications that need them 2. Applications that mount file systems should only have access to data they need Amaz on EFS $ cat /my_app/data ### SUCCESS THIS IS MY FILE ### $ cat /someone_elses_app/data cat: /someone_elses_app/data : Permission denied
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Using IAM for file system access { “Statement” : { “Effect” : “allow”, “Action” : “elasticfilesystem:Client*”, “Principal” : { “AWS”: “arn:..Lambda” } } } Amazon EFS IAM { “Statement” : { “Effect” : “allow”, “Action” : “elasticfilesystem:Client*”, "Resource": ”fs-feedfeed" } } Task or execution role Function Container ECS EKS Lambda
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Understanding container identity ECS task Task identity (IAM role) IAM Container image Application identity User: Root Group: Root $ ls –l /efs/home drwx------ bob . BobHome drwx------ maria . MariaHome drwxrwx--- . biusers BI_Shared By default, POSIX identity comes from the container image, not the task/pod runtime
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Understanding function identity Lambda function IAM $ ls –l /efs/home drwx------ bob . BobHome drwx------ maria . MariaHome drwxrwx--- . biusers BI_Shared By default, Lambda functions have no predetermined identity Task identity (IAM role)
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Amazon EFS access points { “Name”: “MyApp”, "FileSystemId": ”fs-feedfeed", “PosixUser”: { “Uid”: 123 “Gid”: 123, “SecondaryGids”: [100, 200, 300] }, “RootDirectory”: { “Path”: “/apps/myapp”, “CreationInfo”: { “OwnerUid”: 123, “OwnerGid”: 123, “Permissions”: “0700” } } } Creates application-specific directory and permissions No Amazon EC2 instance required Applications only see the data they need Enforces file system identity Root containers cannot escalate access Arbitrary users are not locked out ECS EKS Lambda
© 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL { “Name”: “MyApp”, “PosixUser”: { “Uid”: 123 “Gid”: 123, “SecondaryGids”: [100, 200, 300] }, “RootDirectory”: { “Path”: “/apps/myapp”, “CreationInfo”: { “OwnerUid”: 123, “OwnerGid”: 123, “Permissions”: “0700” } } } How Amazon EFS access points work Amazon EFS with POSIX permissions “Effect” : “allow”, “Action” : “elasticfilesystem:Client*”, “Principal” : { “AWS”: “approle” }, “Condition”* : {“accessPointArn” : “fsap-1234”

Recommended

Innovate - Breaking Down The Monolith
Innovate - Breaking Down The MonolithInnovate - Breaking Down The Monolith
Innovate - Breaking Down The MonolithShouvikKnightmare
 
5 incredible (and uncommon) serverless patterns
5 incredible (and uncommon) serverless patterns5 incredible (and uncommon) serverless patterns
5 incredible (and uncommon) serverless patternsDavidVictoria12
 
Vue presentation
Vue presentationVue presentation
Vue presentationNorbert Nader
 
AWS ECS Workshop A Journey to Modern Applications
AWS ECS Workshop A Journey to Modern ApplicationsAWS ECS Workshop A Journey to Modern Applications
AWS ECS Workshop A Journey to Modern ApplicationsAmazon Web Services
 
Systems Operations for Windows Workloads
Systems Operations for Windows WorkloadsSystems Operations for Windows Workloads
Systems Operations for Windows WorkloadsAmazon Web Services
 
DEV328_DevOps Lessons from Courser a Site Performance, Reliability, and Devel...
DEV328_DevOps Lessons from Courser a Site Performance, Reliability, and Devel...DEV328_DevOps Lessons from Courser a Site Performance, Reliability, and Devel...
DEV328_DevOps Lessons from Courser a Site Performance, Reliability, and Devel...Amazon Web Services
 
CON309_Containerized Machine Learning on AWS
CON309_Containerized Machine Learning on AWSCON309_Containerized Machine Learning on AWS
CON309_Containerized Machine Learning on AWSAmazon Web Services
 
2018 10-17 J1 3C - Hybrid architectures with Amazon Web Services, Office 365 ...
2018 10-17 J1 3C - Hybrid architectures with Amazon Web Services, Office 365 ...2018 10-17 J1 3C - Hybrid architectures with Amazon Web Services, Office 365 ...
2018 10-17 J1 3C - Hybrid architectures with Amazon Web Services, Office 365 ...Modern Workplace Conference Paris
 

Recommended

Innovate - Breaking Down The Monolith
Innovate - Breaking Down The MonolithInnovate - Breaking Down The Monolith
Innovate - Breaking Down The MonolithShouvikKnightmare
 
5 incredible (and uncommon) serverless patterns
5 incredible (and uncommon) serverless patterns5 incredible (and uncommon) serverless patterns
5 incredible (and uncommon) serverless patternsDavidVictoria12
 
Vue presentation
Vue presentationVue presentation
Vue presentationNorbert Nader
 
AWS ECS Workshop A Journey to Modern Applications
AWS ECS Workshop A Journey to Modern ApplicationsAWS ECS Workshop A Journey to Modern Applications
AWS ECS Workshop A Journey to Modern ApplicationsAmazon Web Services
 
Systems Operations for Windows Workloads
Systems Operations for Windows WorkloadsSystems Operations for Windows Workloads
Systems Operations for Windows WorkloadsAmazon Web Services
 
DEV328_DevOps Lessons from Courser a Site Performance, Reliability, and Devel...
DEV328_DevOps Lessons from Courser a Site Performance, Reliability, and Devel...DEV328_DevOps Lessons from Courser a Site Performance, Reliability, and Devel...
DEV328_DevOps Lessons from Courser a Site Performance, Reliability, and Devel...Amazon Web Services
 
CON309_Containerized Machine Learning on AWS
CON309_Containerized Machine Learning on AWSCON309_Containerized Machine Learning on AWS
CON309_Containerized Machine Learning on AWSAmazon Web Services
 
2018 10-17 J1 3C - Hybrid architectures with Amazon Web Services, Office 365 ...
2018 10-17 J1 3C - Hybrid architectures with Amazon Web Services, Office 365 ...2018 10-17 J1 3C - Hybrid architectures with Amazon Web Services, Office 365 ...
2018 10-17 J1 3C - Hybrid architectures with Amazon Web Services, Office 365 ...Modern Workplace Conference Paris
 
20210608 - Desarrollo de aplicaciones en la nube
20210608 - Desarrollo de aplicaciones en la nube20210608 - Desarrollo de aplicaciones en la nube
20210608 - Desarrollo de aplicaciones en la nubeMarcia Villalba
 
MSC204_Leverage AWS Marketplace to accelerate production ready workloads
MSC204_Leverage AWS Marketplace to accelerate production ready workloadsMSC204_Leverage AWS Marketplace to accelerate production ready workloads
MSC204_Leverage AWS Marketplace to accelerate production ready workloadsAmazon Web Services
 
Leverage AWS Marketplace to Accelerate Production-Ready Workloads - MSC204 - ...
Leverage AWS Marketplace to Accelerate Production-Ready Workloads - MSC204 - ...Leverage AWS Marketplace to Accelerate Production-Ready Workloads - MSC204 - ...
Leverage AWS Marketplace to Accelerate Production-Ready Workloads - MSC204 - ...Amazon Web Services
 
NEW LAUNCH! Introducing AWS Fargate - CON214 - re:Invent 2017
NEW LAUNCH! Introducing AWS Fargate - CON214 - re:Invent 2017NEW LAUNCH! Introducing AWS Fargate - CON214 - re:Invent 2017
NEW LAUNCH! Introducing AWS Fargate - CON214 - re:Invent 2017Amazon Web Services
 
Amazon EKS - security best practices - 2022
Amazon EKS - security best practices - 2022 Amazon EKS - security best practices - 2022
Amazon EKS - security best practices - 2022 Jean-François LOMBARDO
 
IDI 2022: Making sense of the '17 ways to run containers on AWS'
IDI 2022: Making sense of the '17 ways to run containers on AWS'IDI 2022: Making sense of the '17 ways to run containers on AWS'
IDI 2022: Making sense of the '17 ways to run containers on AWS'Massimo Ferre'
 
Modernizing .NET Applications on AWS (GPSCT204) - AWS re:Invent 2018
Modernizing .NET Applications on AWS (GPSCT204) - AWS re:Invent 2018Modernizing .NET Applications on AWS (GPSCT204) - AWS re:Invent 2018
Modernizing .NET Applications on AWS (GPSCT204) - AWS re:Invent 2018Amazon Web Services
 
Modern Applications Web Day | Container Workloads on AWS
Modern Applications Web Day | Container Workloads on AWSModern Applications Web Day | Container Workloads on AWS
Modern Applications Web Day | Container Workloads on AWSAWS Germany
 
Simplificando Arquiteturas Microsoft com os Serviços da AWS - ARC204 - Sao P...
Simplificando Arquiteturas Microsoft com os Serviços da AWS - ARC204 - Sao P...Simplificando Arquiteturas Microsoft com os Serviços da AWS - ARC204 - Sao P...
Simplificando Arquiteturas Microsoft com os Serviços da AWS - ARC204 - Sao P...Amazon Web Services
 
Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...Amazon Web Services
 
Migration of Microsoft Workloads to AWS
Migration of Microsoft Workloads to AWSMigration of Microsoft Workloads to AWS
Migration of Microsoft Workloads to AWSAmazon Web Services
 
AWS Scalable Architectures - Serverless
AWS Scalable Architectures - ServerlessAWS Scalable Architectures - Serverless
AWS Scalable Architectures - ServerlessChris Adriaensen
 
Integrate Your Favourite Microsoft DevOps Tools with AWS - AWS Summit Sydney
Integrate Your Favourite Microsoft DevOps Tools with AWS - AWS Summit SydneyIntegrate Your Favourite Microsoft DevOps Tools with AWS - AWS Summit Sydney
Integrate Your Favourite Microsoft DevOps Tools with AWS - AWS Summit SydneyAmazon Web Services
 
GPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through FailureGPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through FailureAmazon Web Services
 
Interstella 8888: CICD for Containers on AWS - CON319 - re:Invent 2017
Interstella 8888: CICD for Containers on AWS - CON319 - re:Invent 2017Interstella 8888: CICD for Containers on AWS - CON319 - re:Invent 2017
Interstella 8888: CICD for Containers on AWS - CON319 - re:Invent 2017Amazon Web Services
 
CON319_Interstella GTC CICD for Containers on AWS
CON319_Interstella GTC CICD for Containers on AWSCON319_Interstella GTC CICD for Containers on AWS
CON319_Interstella GTC CICD for Containers on AWSAmazon Web Services
 
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Amazon Web Services
 
Managing Container Images with Amazon ECR - AWS Online Tech Talks
Managing Container Images with Amazon ECR - AWS Online Tech TalksManaging Container Images with Amazon ECR - AWS Online Tech Talks
Managing Container Images with Amazon ECR - AWS Online Tech TalksAmazon Web Services
 
Introducing Amazon Fargate
Introducing Amazon FargateIntroducing Amazon Fargate
Introducing Amazon FargateAmazon Web Services
 
Best practices for choosing identity solutions for applications + workloads -...
Best practices for choosing identity solutions for applications + workloads -...Best practices for choosing identity solutions for applications + workloads -...
Best practices for choosing identity solutions for applications + workloads -...Amazon Web Services
 
LambdaMongoDB.pdf
LambdaMongoDB.pdfLambdaMongoDB.pdf
LambdaMongoDB.pdfSuman Debnath
 
OpenSourceIndia-Suman.pptx
OpenSourceIndia-Suman.pptxOpenSourceIndia-Suman.pptx
OpenSourceIndia-Suman.pptxSuman Debnath
 

More Related Content

Similar to EFS_Integration.pdf

20210608 - Desarrollo de aplicaciones en la nube
20210608 - Desarrollo de aplicaciones en la nube20210608 - Desarrollo de aplicaciones en la nube
20210608 - Desarrollo de aplicaciones en la nubeMarcia Villalba
 
MSC204_Leverage AWS Marketplace to accelerate production ready workloads
MSC204_Leverage AWS Marketplace to accelerate production ready workloadsMSC204_Leverage AWS Marketplace to accelerate production ready workloads
MSC204_Leverage AWS Marketplace to accelerate production ready workloadsAmazon Web Services
 
Leverage AWS Marketplace to Accelerate Production-Ready Workloads - MSC204 - ...
Leverage AWS Marketplace to Accelerate Production-Ready Workloads - MSC204 - ...Leverage AWS Marketplace to Accelerate Production-Ready Workloads - MSC204 - ...
Leverage AWS Marketplace to Accelerate Production-Ready Workloads - MSC204 - ...Amazon Web Services
 
NEW LAUNCH! Introducing AWS Fargate - CON214 - re:Invent 2017
NEW LAUNCH! Introducing AWS Fargate - CON214 - re:Invent 2017NEW LAUNCH! Introducing AWS Fargate - CON214 - re:Invent 2017
NEW LAUNCH! Introducing AWS Fargate - CON214 - re:Invent 2017Amazon Web Services
 
Amazon EKS - security best practices - 2022
Amazon EKS - security best practices - 2022 Amazon EKS - security best practices - 2022
Amazon EKS - security best practices - 2022 Jean-François LOMBARDO
 
IDI 2022: Making sense of the '17 ways to run containers on AWS'
IDI 2022: Making sense of the '17 ways to run containers on AWS'IDI 2022: Making sense of the '17 ways to run containers on AWS'
IDI 2022: Making sense of the '17 ways to run containers on AWS'Massimo Ferre'
 
Modernizing .NET Applications on AWS (GPSCT204) - AWS re:Invent 2018
Modernizing .NET Applications on AWS (GPSCT204) - AWS re:Invent 2018Modernizing .NET Applications on AWS (GPSCT204) - AWS re:Invent 2018
Modernizing .NET Applications on AWS (GPSCT204) - AWS re:Invent 2018Amazon Web Services
 
Modern Applications Web Day | Container Workloads on AWS
Modern Applications Web Day | Container Workloads on AWSModern Applications Web Day | Container Workloads on AWS
Modern Applications Web Day | Container Workloads on AWSAWS Germany
 
Simplificando Arquiteturas Microsoft com os Serviços da AWS - ARC204 - Sao P...
Simplificando Arquiteturas Microsoft com os Serviços da AWS - ARC204 - Sao P...Simplificando Arquiteturas Microsoft com os Serviços da AWS - ARC204 - Sao P...
Simplificando Arquiteturas Microsoft com os Serviços da AWS - ARC204 - Sao P...Amazon Web Services
 
Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...Amazon Web Services
 
Migration of Microsoft Workloads to AWS
Migration of Microsoft Workloads to AWSMigration of Microsoft Workloads to AWS
Migration of Microsoft Workloads to AWSAmazon Web Services
 
AWS Scalable Architectures - Serverless
AWS Scalable Architectures - ServerlessAWS Scalable Architectures - Serverless
AWS Scalable Architectures - ServerlessChris Adriaensen
 
Integrate Your Favourite Microsoft DevOps Tools with AWS - AWS Summit Sydney
Integrate Your Favourite Microsoft DevOps Tools with AWS - AWS Summit SydneyIntegrate Your Favourite Microsoft DevOps Tools with AWS - AWS Summit Sydney
Integrate Your Favourite Microsoft DevOps Tools with AWS - AWS Summit SydneyAmazon Web Services
 
GPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through FailureGPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through FailureAmazon Web Services
 
Interstella 8888: CICD for Containers on AWS - CON319 - re:Invent 2017
Interstella 8888: CICD for Containers on AWS - CON319 - re:Invent 2017Interstella 8888: CICD for Containers on AWS - CON319 - re:Invent 2017
Interstella 8888: CICD for Containers on AWS - CON319 - re:Invent 2017Amazon Web Services
 
CON319_Interstella GTC CICD for Containers on AWS
CON319_Interstella GTC CICD for Containers on AWSCON319_Interstella GTC CICD for Containers on AWS
CON319_Interstella GTC CICD for Containers on AWSAmazon Web Services
 
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Amazon Web Services
 
Managing Container Images with Amazon ECR - AWS Online Tech Talks
Managing Container Images with Amazon ECR - AWS Online Tech TalksManaging Container Images with Amazon ECR - AWS Online Tech Talks
Managing Container Images with Amazon ECR - AWS Online Tech TalksAmazon Web Services
 
Best practices for choosing identity solutions for applications + workloads -...
Best practices for choosing identity solutions for applications + workloads -...Best practices for choosing identity solutions for applications + workloads -...
Best practices for choosing identity solutions for applications + workloads -...Amazon Web Services
 

Similar to EFS_Integration.pdf (20)

20210608 - Desarrollo de aplicaciones en la nube
20210608 - Desarrollo de aplicaciones en la nube20210608 - Desarrollo de aplicaciones en la nube
20210608 - Desarrollo de aplicaciones en la nube
 
MSC204_Leverage AWS Marketplace to accelerate production ready workloads
MSC204_Leverage AWS Marketplace to accelerate production ready workloadsMSC204_Leverage AWS Marketplace to accelerate production ready workloads
MSC204_Leverage AWS Marketplace to accelerate production ready workloads
 
Leverage AWS Marketplace to Accelerate Production-Ready Workloads - MSC204 - ...
Leverage AWS Marketplace to Accelerate Production-Ready Workloads - MSC204 - ...Leverage AWS Marketplace to Accelerate Production-Ready Workloads - MSC204 - ...
Leverage AWS Marketplace to Accelerate Production-Ready Workloads - MSC204 - ...
 
NEW LAUNCH! Introducing AWS Fargate - CON214 - re:Invent 2017
NEW LAUNCH! Introducing AWS Fargate - CON214 - re:Invent 2017NEW LAUNCH! Introducing AWS Fargate - CON214 - re:Invent 2017
NEW LAUNCH! Introducing AWS Fargate - CON214 - re:Invent 2017
 
Amazon EKS - security best practices - 2022
Amazon EKS - security best practices - 2022 Amazon EKS - security best practices - 2022
Amazon EKS - security best practices - 2022
 
IDI 2022: Making sense of the '17 ways to run containers on AWS'
IDI 2022: Making sense of the '17 ways to run containers on AWS'IDI 2022: Making sense of the '17 ways to run containers on AWS'
IDI 2022: Making sense of the '17 ways to run containers on AWS'
 
Modernizing .NET Applications on AWS (GPSCT204) - AWS re:Invent 2018
Modernizing .NET Applications on AWS (GPSCT204) - AWS re:Invent 2018Modernizing .NET Applications on AWS (GPSCT204) - AWS re:Invent 2018
Modernizing .NET Applications on AWS (GPSCT204) - AWS re:Invent 2018
 
Modern Applications Web Day | Container Workloads on AWS
Modern Applications Web Day | Container Workloads on AWSModern Applications Web Day | Container Workloads on AWS
Modern Applications Web Day | Container Workloads on AWS
 
Simplificando Arquiteturas Microsoft com os Serviços da AWS - ARC204 - Sao P...
Simplificando Arquiteturas Microsoft com os Serviços da AWS - ARC204 - Sao P...Simplificando Arquiteturas Microsoft com os Serviços da AWS - ARC204 - Sao P...
Simplificando Arquiteturas Microsoft com os Serviços da AWS - ARC204 - Sao P...
 
Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...
 
Migration of Microsoft Workloads to AWS
Migration of Microsoft Workloads to AWSMigration of Microsoft Workloads to AWS
Migration of Microsoft Workloads to AWS
 
AWS Scalable Architectures - Serverless
AWS Scalable Architectures - ServerlessAWS Scalable Architectures - Serverless
AWS Scalable Architectures - Serverless
 
Integrate Your Favourite Microsoft DevOps Tools with AWS - AWS Summit Sydney
Integrate Your Favourite Microsoft DevOps Tools with AWS - AWS Summit SydneyIntegrate Your Favourite Microsoft DevOps Tools with AWS - AWS Summit Sydney
Integrate Your Favourite Microsoft DevOps Tools with AWS - AWS Summit Sydney
 
GPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through FailureGPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through Failure
 
Interstella 8888: CICD for Containers on AWS - CON319 - re:Invent 2017
Interstella 8888: CICD for Containers on AWS - CON319 - re:Invent 2017Interstella 8888: CICD for Containers on AWS - CON319 - re:Invent 2017
Interstella 8888: CICD for Containers on AWS - CON319 - re:Invent 2017
 
CON319_Interstella GTC CICD for Containers on AWS
CON319_Interstella GTC CICD for Containers on AWSCON319_Interstella GTC CICD for Containers on AWS
CON319_Interstella GTC CICD for Containers on AWS
 
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
 
Managing Container Images with Amazon ECR - AWS Online Tech Talks
Managing Container Images with Amazon ECR - AWS Online Tech TalksManaging Container Images with Amazon ECR - AWS Online Tech Talks
Managing Container Images with Amazon ECR - AWS Online Tech Talks
 
Introducing Amazon Fargate
Introducing Amazon FargateIntroducing Amazon Fargate
Introducing Amazon Fargate
 
Best practices for choosing identity solutions for applications + workloads -...
Best practices for choosing identity solutions for applications + workloads -...Best practices for choosing identity solutions for applications + workloads -...
Best practices for choosing identity solutions for applications + workloads -...
 

More from Suman Debnath

OpenSourceIndia-Suman.pptx
OpenSourceIndia-Suman.pptxOpenSourceIndia-Suman.pptx
OpenSourceIndia-Suman.pptxSuman Debnath
 
Develop a Graph Based Recommendation System in Python on AWS
Develop a Graph Based Recommendation System in Python on AWSDevelop a Graph Based Recommendation System in Python on AWS
Develop a Graph Based Recommendation System in Python on AWSSuman Debnath
 
An introduction to the Transformers architecture and BERT
An introduction to the Transformers architecture and BERTAn introduction to the Transformers architecture and BERT
An introduction to the Transformers architecture and BERTSuman Debnath
 
Transformers and BERT with SageMaker
Transformers and BERT with SageMakerTransformers and BERT with SageMaker
Transformers and BERT with SageMakerSuman Debnath
 
Introduction to Transformers
Introduction to TransformersIntroduction to Transformers
Introduction to TransformersSuman Debnath
 
Deploy PyTorch models in Production on AWS with TorchServe
Deploy PyTorch models in Production on AWS with TorchServeDeploy PyTorch models in Production on AWS with TorchServe
Deploy PyTorch models in Production on AWS with TorchServeSuman Debnath
 
Introduction to k-Nearest Neighbors and Amazon SageMaker
Introduction to k-Nearest Neighbors and Amazon SageMaker Introduction to k-Nearest Neighbors and Amazon SageMaker
Introduction to k-Nearest Neighbors and Amazon SageMaker Suman Debnath
 
AWS Serverless with Chalice
AWS Serverless with Chalice AWS Serverless with Chalice
AWS Serverless with Chalice Suman Debnath
 
Introduction to ML and Decision Tree
Introduction to ML and Decision TreeIntroduction to ML and Decision Tree
Introduction to ML and Decision TreeSuman Debnath
 
Introduction to AI/ML with AWS
Introduction to AI/ML with AWSIntroduction to AI/ML with AWS
Introduction to AI/ML with AWSSuman Debnath
 

More from Suman Debnath (16)

LambdaMongoDB.pdf
LambdaMongoDB.pdfLambdaMongoDB.pdf
LambdaMongoDB.pdf
 
OpenSourceIndia-Suman.pptx
OpenSourceIndia-Suman.pptxOpenSourceIndia-Suman.pptx
OpenSourceIndia-Suman.pptx
 
Develop a Graph Based Recommendation System in Python on AWS
Develop a Graph Based Recommendation System in Python on AWSDevelop a Graph Based Recommendation System in Python on AWS
Develop a Graph Based Recommendation System in Python on AWS
 
An introduction to the Transformers architecture and BERT
An introduction to the Transformers architecture and BERTAn introduction to the Transformers architecture and BERT
An introduction to the Transformers architecture and BERT
 
Transformers and BERT with SageMaker
Transformers and BERT with SageMakerTransformers and BERT with SageMaker
Transformers and BERT with SageMaker
 
Introduction to Transformers
Introduction to TransformersIntroduction to Transformers
Introduction to Transformers
 
AWS DynamoDB
AWS DynamoDBAWS DynamoDB
AWS DynamoDB
 
Introduction to AWS
Introduction to AWSIntroduction to AWS
Introduction to AWS
 
Data engineering
Data engineeringData engineering
Data engineering
 
Deploy PyTorch models in Production on AWS with TorchServe
Deploy PyTorch models in Production on AWS with TorchServeDeploy PyTorch models in Production on AWS with TorchServe
Deploy PyTorch models in Production on AWS with TorchServe
 
Docker on AWS
Docker on AWSDocker on AWS
Docker on AWS
 
Introduction to k-Nearest Neighbors and Amazon SageMaker
Introduction to k-Nearest Neighbors and Amazon SageMaker Introduction to k-Nearest Neighbors and Amazon SageMaker
Introduction to k-Nearest Neighbors and Amazon SageMaker
 
AWS Serverless with Chalice
AWS Serverless with Chalice AWS Serverless with Chalice
AWS Serverless with Chalice
 
Introduction to ML and Decision Tree
Introduction to ML and Decision TreeIntroduction to ML and Decision Tree
Introduction to ML and Decision Tree
 
AWS AI Services 101
AWS AI Services 101AWS AI Services 101
AWS AI Services 101
 
Introduction to AI/ML with AWS
Introduction to AI/ML with AWSIntroduction to AI/ML with AWS
Introduction to AI/ML with AWS
 

Recently uploaded

Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxFIDO Alliance
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxFIDO Alliance
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityVictorSzoltysek
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...panagenda
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Paige Cruz
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024Lorenzo Miniero
 
الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهMohamed Sweelam
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxFIDO Alliance
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...ScyllaDB
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxMarkSteadman7
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdfMuhammad Subhan
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxjbellis
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform EngineeringMarcus Vechiato
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe中 央社
 
Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfalexjohnson7307
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentationyogeshlabana357357
 
CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)Wonjun Hwang
 

Recently uploaded (20)

Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهله
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptx
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdf
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
 
CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)
 

EFS_Integration.pdf

  • 1. © 2022, Amazon Web Services, Inc. or its Affiliates. Suman Debnath Developer Advocate, Amazon EFS Amazon EFS Serverless and Container Integration
  • 2. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Stateful applications need durable shared storage Availability and durability Data sharing Scalable … Containers and serverless functions are transient in nature; long-running applications can benefit from keeping state in a durable storage Distributed applications like web serving, machine learning inference, and continuous integration and delivery benefit from shared storage layer Modern data-intensive applications like analytics require fast access to large volumes of data
  • 3. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Lift & shift today, accelerate modernization Migrate Lift & shift applications to the cloud Amazon EKS Amazon ECS AWS Fargate AWS Lambda Amazon SageMaker Amazon EFS Amazon EC2
  • 4. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Lift & shift today, accelerate modernization Migrate Lift & shift applications to the cloud Amazon EKS Amazon ECS AWS Fargate AWS Lambda Amazon SageMaker Amazon EFS Amazon EC2 Modernize Convert existing applications and build new applications with microservices like containers and serverless
  • 5. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Availability zone Availability zone AWS Lambda Mount Target Mount Target Amazon EFS file system Amazon EFS and AWS Lambda
  • 6. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Availability zone Availability zone AWS Lambda Mount Target Mount Target Amazon EFS file system Elastic, shared, serverless storage Petabyte-scale elastic storage for Lambda functions Build stateful applications Low-latency Pay for what you use Serverless storage Share data across 1000s of function invocations Amazon EFS and AWS Lambda
  • 7. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Amazon EFS and AWS Lambda : How it works Create an Amazon EFS file system
  • 8. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Create an Amazon EFS file system Create an Access Point Amazon EFS and AWS Lambda : How it works
  • 9. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Configuring the Access Point Amazon EFS and AWS Lambda : How it works
  • 10. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Configuring the Access Point Creating the Lambda Function Amazon EFS and AWS Lambda : How it works
  • 11. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Adding the file system Amazon EFS and AWS Lambda : How it works
  • 12. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Adding the file system Select the file system Amazon EFS and AWS Lambda : How it works
  • 13. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL What we are going to build ? User Request Prediction
  • 14. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Let’s focus on this… User Request Prediction
  • 15. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Client Application Architecture
  • 16. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Amazon API Gateway Client Application User Request Architecture
  • 17. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Amazon API Gateway Client Application AWS Lambda User Request Invoke Architecture
  • 18. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Amazon API Gateway Client Application AWS Lambda User Request Invoke Architecture Amazon EFS Loading Models
  • 19. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Amazon API Gateway Client Application AWS Lambda User Request Invoke Architecture Amazon EFS Loading Models Amazon S3 Uploading Models ML Engineer
  • 20. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Amazon API Gateway Client Application AWS Lambda User Request Invoke Architecture Amazon EFS Loading Models Amazon S3 Uploading Models ML Engineer AWS Lambda Trigger
  • 21. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Amazon API Gateway Client Application AWS Lambda User Request Invoke Architecture Amazon EFS Loading Models Amazon S3 Uploading Models ML Engineer AWS Lambda Trigger Response Prediction
  • 22. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Amazon API Gateway Client Application AWS Lambda User Request Invoke Architecture Amazon EFS Loading Models Amazon S3 Uploading Models ML Engineer AWS Lambda Trigger Response Prediction
  • 23. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Amazon API Gateway Client Application AWS Lambda User Request Invoke Architecture Amazon EFS Loading Models Amazon S3 Uploading Models ML Engineer AWS Lambda Trigger Response Prediction
  • 24. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Amazon API Gateway Client Application AWS Lambda User Request Invoke Architecture Amazon EFS Loading Models Amazon S3 Uploading Models ML Engineer AWS Lambda Trigger Response Prediction app1(s3-efs) app2(ml-inference)
  • 25. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Demo @ aws-samples/amazon-efs-developer-zone
  • 26. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Amazon Elastic File System (Amazon EFS) EC2 instance or on-premises server Application code Task Container 1 Container 2 Amazon ECS Amazon EC2 Pod Container 1 Container 2 Amazon EKS Amazon EC2 CSI driver AWS Fargate AWS Fargate Elastic, shared, highly-available storage Persist storage across containers Pay for what you use Serverless storage Application level security Amazon ECS and AWS Container Services
  • 27. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Amazon ECS and Amazon EFS: How it works
  • 28. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Create Amazon ECS Cluster Amazon ECS and Amazon EFS: How it works
  • 29. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Create Amazon ECS Cluster Create Amazon ECS and Amazon EFS: How it works
  • 30. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Create Amazon ECS Cluster Create a security group for Amazon EFS Create an Amazon EFS file system Amazon ECS and Amazon EFS: How it works
  • 31. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Create Amazon ECS and Amazon EFS: How it works
  • 32. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Create a task definition Mount Point definition Amazon ECS and Amazon EFS: How it works
  • 33. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Create Amazon EKS Cluster Amazon EFS CSI Driver for Kubernetes
  • 34. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Create Amazon EKS Cluster Create a security group for Amazon EFS Amazon EFS CSI Driver for Kubernetes
  • 35. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Create Amazon EKS Cluster Create a security group for Amazon EFS Create an Amazon EFS file system Amazon EFS CSI Driver for Kubernetes
  • 36. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Create Amazon EKS Cluster Create a security group for Amazon EFS Create an Amazon EFS file system Deploy EFS CSI Driver (Open Source) Amazon EFS CSI Driver for Kubernetes
  • 37. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Defining Storage class Amazon EFS CSI Driver for Kubernetes
  • 38. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Defining Storage class Persistent Volume Claim Mounting on the container/pod Amazon EFS CSI Driver for Kubernetes
  • 39. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Kubeflow with Amazon EKS and Amazon EFS Amazon EKS Training Container 2 Training Container n Amazon EFS CSI driver Pod Pod Amazon ECR Pod Training Container 1 Build the container image for training and push it to ECR Save the training dataset on Amazon EFS
  • 40. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Amazon EFS Developer Zone
  • 41. © 2022, Amazon Web Services, Inc. or its Affiliates. Suman Debnath Developer Advocate, Amazon EFS Thank You
  • 42. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Backup
  • 43. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Goals for security and identity 1. File systems should only be mountable by applications that need them 2. Applications that mount file systems should only have access to data they need Amaz on EFS $ cat /my_app/data ### SUCCESS THIS IS MY FILE ### $ cat /someone_elses_app/data cat: /someone_elses_app/data : Permission denied
  • 44. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Using IAM for file system access { “Statement” : { “Effect” : “allow”, “Action” : “elasticfilesystem:Client*”, “Principal” : { “AWS”: “arn:..Lambda” } } } Amazon EFS IAM { “Statement” : { “Effect” : “allow”, “Action” : “elasticfilesystem:Client*”, "Resource": ”fs-feedfeed" } } Task or execution role Function Container ECS EKS Lambda
  • 45. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Understanding container identity ECS task Task identity (IAM role) IAM Container image Application identity User: Root Group: Root $ ls –l /efs/home drwx------ bob . BobHome drwx------ maria . MariaHome drwxrwx--- . biusers BI_Shared By default, POSIX identity comes from the container image, not the task/pod runtime
  • 46. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Understanding function identity Lambda function IAM $ ls –l /efs/home drwx------ bob . BobHome drwx------ maria . MariaHome drwxrwx--- . biusers BI_Shared By default, Lambda functions have no predetermined identity Task identity (IAM role)
  • 47. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL Amazon EFS access points { “Name”: “MyApp”, "FileSystemId": ”fs-feedfeed", “PosixUser”: { “Uid”: 123 “Gid”: 123, “SecondaryGids”: [100, 200, 300] }, “RootDirectory”: { “Path”: “/apps/myapp”, “CreationInfo”: { “OwnerUid”: 123, “OwnerGid”: 123, “Permissions”: “0700” } } } Creates application-specific directory and permissions No Amazon EC2 instance required Applications only see the data they need Enforces file system identity Root containers cannot escalate access Arbitrary users are not locked out ECS EKS Lambda
  • 48. © 2022, Amazon Web Services, Inc. or its Affiliates. CONFIDENTIAL { “Name”: “MyApp”, “PosixUser”: { “Uid”: 123 “Gid”: 123, “SecondaryGids”: [100, 200, 300] }, “RootDirectory”: { “Path”: “/apps/myapp”, “CreationInfo”: { “OwnerUid”: 123, “OwnerGid”: 123, “Permissions”: “0700” } } } How Amazon EFS access points work Amazon EFS with POSIX permissions “Effect” : “allow”, “Action” : “elasticfilesystem:Client*”, “Principal” : { “AWS”: “approle” }, “Condition”* : {“accessPointArn” : “fsap-1234”