SlideShare a Scribd company logo
Amazon Web Services – Running Containers with ECS
Scott Weber – Director, Cloud Solutions at EagleDream Technologies
2
DREAM BUILD SOAR
Confidential | eagledream.com
SECURITY CLOUD DEVELOPMENT WEB DESIGN COMPLIANCE COMMUNICATIONS
3
• Compute Options in AWS
• Why Containers?
• Amazon EC2 Container Service
• Architecture
• Security
• Scaling Clusters
• Deploying Containers
Agenda
Confidential | eagledream.com
4
Compute Options in AWS
Confidential | eagledream.com
Amazon EC2 Amazon ECS AWS Lambda
• Traditional VMs
• Provision on the fly
• Autoscaling
• Pay per second of
run time
• IaaS
• Docker Containers
• Micro Services
• AWS Specific
Scheduler
• Runs on top of EC2
• Scalable
• PaaS
• Nano Services
• Pay for the duration
of execution
• FaaS
• Fully AWS Managed
5
Why Containers
Confidential | eagledream.com
• Next evolution in virtualization
• Domain Driven services/Micro services
• Complete packaging of running artifact
– Stops the problem of “Well, it ran fine on the developer’s laptop”
• Strong isolation of container to container
• Infrastructure becomes a platform
• Enables, “You built it, you run it”
6
Amazon EC2 Container Service
Confidential | eagledream.com
Amazon EC2 Container Service (ECS) is a highly scalable, high
performance container management service that supports Docker
containers and allows you to easily run applications on a managed cluster
of Amazon EC2 instances. Amazon ECS eliminates the need for you to
install, operate, and scale your own cluster management
infrastructure. With simple API calls, you can launch and stop Docker-
enabled applications, query the complete state of your cluster, and
access many familiar features like security groups, Elastic Load
Balancing, EBS volumes, and IAM roles.
Source: https://aws.amazon.com/ecs/
7
Why ECS vs. Other Schedulers
Confidential | eagledream.com
• Designed for AWS by AWS
• Very low technical barrier to use
• Integrated with other AWS services
• Hard problems are solved
• Its free!
8
ECS Architecture
Confidential | eagledream.com
Source: AWS
Amazon ECR
Amazon
RDS
Application Load
Balancer
ECS Cluster
ECS Cluster
IAM
Amazon API
Gateway*
Amazon
Route 53
Amazon CloudWatch
9
Securing ECS – Security Groups
Confidential | eagledream.com
• Security Groups
– Software defined firewalls
around objects in AWS
– Define inbound and outbound
traffic at the port and protocol
level
– Security groups can reference
each other
– Used to define application
communication patterns
Amazon
RDS
Application Load
Balancer
EC2 Instance
EC2 Instance
10
Securing ECS – IAM Roles
Confidential | eagledream.com
• IAM Roles
– Define access to other AWS
services via policies
– Each Task has its own Role
– Token based and tokens are
constantly changed
– No more shared accounts
and password changes
– Implementation is fully
scriptable
EC2 InstanceEC2 Instance
Amazon
DynamoDB
Amazon
S3
IAM
Task 1 Task 2
11
Securing ECS – Managing Secrets
Confidential | eagledream.com
• Simple Systems Manager
(SSM) Parameter Store
– Leverage KMS for encryption at
rest
– Access controlled via IAM
Roles
– Separate configuration from
code
– Store all configuration data not
just secrets
– Poll for changes and
dynamically change the running
containers
• Declare a Key
• Set a parameter
– Example: prod.app1.db-pass
– Example: general.license-code
• Setup IAM Role
• Associate Role to
Task/Container
• Have application request the
parameter
https://aws.amazon.com/blogs/compute/managing-secrets-for-amazon-ecs-applications-using-parameter-
store-and-iam-roles-for-tasks/
Steps:
12
Scaling Clusters
Confidential | eagledream.com
• Must scale in 2 vectors
– Dynamically alter Tasks as load changes
– Dynamically alter EC2 servers as load changes
• AWS natively supports scaling up both Tasks and EC2
• AWS natively supports scaling down Tasks
• Scale down of EC2 is a non-trivial problem
– Autoscaling will randomly choose an EC2 instance to scale down
– Must interrupt the process and force the re-distribution of the running containers
– AWS published solution is published on GitHub
13
Code Deployment
Confidential | eagledream.com
Source: https://aws.amazon.com/blogs/compute/continuous-deployment-to-amazon-ecs-using-aws-codepipeline-aws-
codebuild-amazon-ecr-and-aws-cloudformation/
14
Primary Contact(s):
Jon Providence
VP of Enterprise Business Services
Phone: 585-943-0084
Email: Jon.Providence@eagledream.com
Contact Info
Contact Us
1.888.4EAGLEDREAM
info@eagledream.com
Eagledream.com
Headquarters | Rochester, NY
300 Trolley Blvd
Rochester, NY 14606
New England | Boston, MA
300 Baker Avenue, Suite 300
Concord, MA 01742
We look forward to being your AWS Partner. EagleDream.com
Confidential | eagledream.com

More Related Content

What's hot

Continuous Delivery to Amazon ECS - AWS August Webinar Series
Continuous Delivery to Amazon ECS - AWS August Webinar SeriesContinuous Delivery to Amazon ECS - AWS August Webinar Series
Continuous Delivery to Amazon ECS - AWS August Webinar Series
Amazon Web Services
 
Amazon Elastic Container Service (ECS)
Amazon Elastic Container Service (ECS)Amazon Elastic Container Service (ECS)
Amazon Elastic Container Service (ECS)
Andrew Dixon
 
Getting Started with Docker on AWS
Getting Started with Docker on AWSGetting Started with Docker on AWS
Getting Started with Docker on AWS
Amazon Web Services
 
Workshop: Serverless DevOps to the Rescue
Workshop: Serverless DevOps to the RescueWorkshop: Serverless DevOps to the Rescue
Workshop: Serverless DevOps to the Rescue
Amazon Web Services
 
Aws cli
Aws cliAws cli
Aws cli
Anh Vu Pham
 
Introduction to Docker on AWS
Introduction to Docker on AWSIntroduction to Docker on AWS
Introduction to Docker on AWS
Amazon Web Services
 
Eks and fargate
Eks and fargateEks and fargate
Eks and fargate
Asaf Abres
 
Introduzione ad Amazon EKS
Introduzione ad Amazon EKSIntroduzione ad Amazon EKS
Introduzione ad Amazon EKS
Amazon Web Services
 
Continuous Delivery to Amazon EC2 Container Service
Continuous Delivery to Amazon EC2 Container ServiceContinuous Delivery to Amazon EC2 Container Service
Continuous Delivery to Amazon EC2 Container Service
Amazon Web Services
 
Agile Deployment using Git and AWS Elastic Beanstalk
Agile Deployment using Git and AWS Elastic BeanstalkAgile Deployment using Git and AWS Elastic Beanstalk
Agile Deployment using Git and AWS Elastic Beanstalk
Amazon Web Services
 
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
Amazon Web Services
 
Containers for Non-Developers
Containers for Non-DevelopersContainers for Non-Developers
Containers for Non-Developers
Amazon Web Services
 
AWS Innovate: Moving Microsoft .Net applications one container at a time - Da...
AWS Innovate: Moving Microsoft .Net applications one container at a time - Da...AWS Innovate: Moving Microsoft .Net applications one container at a time - Da...
AWS Innovate: Moving Microsoft .Net applications one container at a time - Da...
Amazon Web Services Korea
 
WCM-6 Crafter Studio: Extending Alfresco for Next Generation WCM
WCM-6 Crafter Studio: Extending Alfresco for Next Generation WCMWCM-6 Crafter Studio: Extending Alfresco for Next Generation WCM
WCM-6 Crafter Studio: Extending Alfresco for Next Generation WCM
Alfresco Software
 
Amazon Elastic Beanstalk
Amazon Elastic BeanstalkAmazon Elastic Beanstalk
Amazon Elastic Beanstalk
Eberhard Wolff
 
(SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive (SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive
Amazon Web Services
 
Amazon Web Services - Elastic Beanstalk
Amazon Web Services - Elastic BeanstalkAmazon Web Services - Elastic Beanstalk
Amazon Web Services - Elastic Beanstalk
Amazon Web Services
 
(CMP406) Amazon ECS at Coursera: A general-purpose microservice
(CMP406) Amazon ECS at Coursera: A general-purpose microservice(CMP406) Amazon ECS at Coursera: A general-purpose microservice
(CMP406) Amazon ECS at Coursera: A general-purpose microservice
Amazon Web Services
 
Alfresco Day Roma 2015: Platform Update
Alfresco Day Roma 2015: Platform UpdateAlfresco Day Roma 2015: Platform Update
Alfresco Day Roma 2015: Platform Update
Alfresco Software
 
Zaragoza dev ops-activiti-khd-20181212
Zaragoza dev ops-activiti-khd-20181212Zaragoza dev ops-activiti-khd-20181212
Zaragoza dev ops-activiti-khd-20181212
Angel Borroy López
 

What's hot (20)

Continuous Delivery to Amazon ECS - AWS August Webinar Series
Continuous Delivery to Amazon ECS - AWS August Webinar SeriesContinuous Delivery to Amazon ECS - AWS August Webinar Series
Continuous Delivery to Amazon ECS - AWS August Webinar Series
 
Amazon Elastic Container Service (ECS)
Amazon Elastic Container Service (ECS)Amazon Elastic Container Service (ECS)
Amazon Elastic Container Service (ECS)
 
Getting Started with Docker on AWS
Getting Started with Docker on AWSGetting Started with Docker on AWS
Getting Started with Docker on AWS
 
Workshop: Serverless DevOps to the Rescue
Workshop: Serverless DevOps to the RescueWorkshop: Serverless DevOps to the Rescue
Workshop: Serverless DevOps to the Rescue
 
Aws cli
Aws cliAws cli
Aws cli
 
Introduction to Docker on AWS
Introduction to Docker on AWSIntroduction to Docker on AWS
Introduction to Docker on AWS
 
Eks and fargate
Eks and fargateEks and fargate
Eks and fargate
 
Introduzione ad Amazon EKS
Introduzione ad Amazon EKSIntroduzione ad Amazon EKS
Introduzione ad Amazon EKS
 
Continuous Delivery to Amazon EC2 Container Service
Continuous Delivery to Amazon EC2 Container ServiceContinuous Delivery to Amazon EC2 Container Service
Continuous Delivery to Amazon EC2 Container Service
 
Agile Deployment using Git and AWS Elastic Beanstalk
Agile Deployment using Git and AWS Elastic BeanstalkAgile Deployment using Git and AWS Elastic Beanstalk
Agile Deployment using Git and AWS Elastic Beanstalk
 
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
 
Containers for Non-Developers
Containers for Non-DevelopersContainers for Non-Developers
Containers for Non-Developers
 
AWS Innovate: Moving Microsoft .Net applications one container at a time - Da...
AWS Innovate: Moving Microsoft .Net applications one container at a time - Da...AWS Innovate: Moving Microsoft .Net applications one container at a time - Da...
AWS Innovate: Moving Microsoft .Net applications one container at a time - Da...
 
WCM-6 Crafter Studio: Extending Alfresco for Next Generation WCM
WCM-6 Crafter Studio: Extending Alfresco for Next Generation WCMWCM-6 Crafter Studio: Extending Alfresco for Next Generation WCM
WCM-6 Crafter Studio: Extending Alfresco for Next Generation WCM
 
Amazon Elastic Beanstalk
Amazon Elastic BeanstalkAmazon Elastic Beanstalk
Amazon Elastic Beanstalk
 
(SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive (SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive
 
Amazon Web Services - Elastic Beanstalk
Amazon Web Services - Elastic BeanstalkAmazon Web Services - Elastic Beanstalk
Amazon Web Services - Elastic Beanstalk
 
(CMP406) Amazon ECS at Coursera: A general-purpose microservice
(CMP406) Amazon ECS at Coursera: A general-purpose microservice(CMP406) Amazon ECS at Coursera: A general-purpose microservice
(CMP406) Amazon ECS at Coursera: A general-purpose microservice
 
Alfresco Day Roma 2015: Platform Update
Alfresco Day Roma 2015: Platform UpdateAlfresco Day Roma 2015: Platform Update
Alfresco Day Roma 2015: Platform Update
 
Zaragoza dev ops-activiti-khd-20181212
Zaragoza dev ops-activiti-khd-20181212Zaragoza dev ops-activiti-khd-20181212
Zaragoza dev ops-activiti-khd-20181212
 

Similar to Amazon Web Services - Running Containers with ECS

2017 AWSome day Taichung sharing
2017 AWSome day Taichung sharing2017 AWSome day Taichung sharing
2017 AWSome day Taichung sharing
Yu-Lin Huang
 
SRV409 Deep Dive on Microservices and Docker
SRV409 Deep Dive on Microservices and DockerSRV409 Deep Dive on Microservices and Docker
SRV409 Deep Dive on Microservices and Docker
Amazon Web Services
 
Securing serverless and container services - SDD306 - AWS re:Inforce 2019
Securing serverless and container services - SDD306 - AWS re:Inforce 2019 Securing serverless and container services - SDD306 - AWS re:Inforce 2019
Securing serverless and container services - SDD306 - AWS re:Inforce 2019
Amazon Web Services
 
[Jun AWS 201] Technical Workshop
[Jun AWS 201] Technical Workshop[Jun AWS 201] Technical Workshop
[Jun AWS 201] Technical Workshop
Amazon Web Services Korea
 
AWS Update from AWS User Group UK July Meetup
AWS Update from AWS User Group UK July MeetupAWS Update from AWS User Group UK July Meetup
AWS Update from AWS User Group UK July Meetup
Ian Massingham
 
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
Amazon Web Services
 
O'Reilly Webcast: Architecting Applications For The Cloud
O'Reilly Webcast: Architecting Applications For The CloudO'Reilly Webcast: Architecting Applications For The Cloud
O'Reilly Webcast: Architecting Applications For The Cloud
O'Reilly Media
 
Containers on AWS
Containers on AWSContainers on AWS
Containers on AWS
AWS Riyadh User Group
 
AWS Fundamentals @Back2School by CloudZone
AWS Fundamentals @Back2School by CloudZoneAWS Fundamentals @Back2School by CloudZone
AWS Fundamentals @Back2School by CloudZone
Idan Tohami
 
Deep Dive on Microservices and Docker
Deep Dive on Microservices and DockerDeep Dive on Microservices and Docker
Deep Dive on Microservices and Docker
Kristana Kane
 
SRV409 Deep Dive on Microservices and Docker
SRV409 Deep Dive on Microservices and DockerSRV409 Deep Dive on Microservices and Docker
SRV409 Deep Dive on Microservices and Docker
Amazon Web Services
 
Amazon EKS - security best practices - 2022
Amazon EKS - security best practices - 2022 Amazon EKS - security best practices - 2022
Amazon EKS - security best practices - 2022
Jean-François LOMBARDO
 
From Monolith to Microservices
From Monolith to MicroservicesFrom Monolith to Microservices
From Monolith to Microservices
Amazon Web Services
 
Introduction to AWS
Introduction to AWSIntroduction to AWS
Introduction to AWS
Angel Borroy López
 
Architecting for the Cloud: Best Practices
Architecting for the Cloud: Best PracticesArchitecting for the Cloud: Best Practices
Architecting for the Cloud: Best Practices
Amazon Web Services
 
Architecting for AWS Cloud - let's do it right!
Architecting for AWS Cloud - let's do it right!Architecting for AWS Cloud - let's do it right!
Architecting for AWS Cloud - let's do it right!
Misha Hanin
 
Fundamentals of Cloud Computing & AWS
Fundamentals of Cloud Computing & AWSFundamentals of Cloud Computing & AWS
Fundamentals of Cloud Computing & AWS
Bhuvaneswari Subramani
 
Building Secure Architectures on AWS
Building Secure Architectures on AWSBuilding Secure Architectures on AWS
Building Secure Architectures on AWS
Amazon Web Services
 
Amazon Web Services Architecture - An Overview
Amazon Web Services Architecture - An OverviewAmazon Web Services Architecture - An Overview
Amazon Web Services Architecture - An Overview
Scott Weber
 
AWS Terms
AWS TermsAWS Terms
AWS Terms
LadderMinds
 

Similar to Amazon Web Services - Running Containers with ECS (20)

2017 AWSome day Taichung sharing
2017 AWSome day Taichung sharing2017 AWSome day Taichung sharing
2017 AWSome day Taichung sharing
 
SRV409 Deep Dive on Microservices and Docker
SRV409 Deep Dive on Microservices and DockerSRV409 Deep Dive on Microservices and Docker
SRV409 Deep Dive on Microservices and Docker
 
Securing serverless and container services - SDD306 - AWS re:Inforce 2019
Securing serverless and container services - SDD306 - AWS re:Inforce 2019 Securing serverless and container services - SDD306 - AWS re:Inforce 2019
Securing serverless and container services - SDD306 - AWS re:Inforce 2019
 
[Jun AWS 201] Technical Workshop
[Jun AWS 201] Technical Workshop[Jun AWS 201] Technical Workshop
[Jun AWS 201] Technical Workshop
 
AWS Update from AWS User Group UK July Meetup
AWS Update from AWS User Group UK July MeetupAWS Update from AWS User Group UK July Meetup
AWS Update from AWS User Group UK July Meetup
 
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
 
O'Reilly Webcast: Architecting Applications For The Cloud
O'Reilly Webcast: Architecting Applications For The CloudO'Reilly Webcast: Architecting Applications For The Cloud
O'Reilly Webcast: Architecting Applications For The Cloud
 
Containers on AWS
Containers on AWSContainers on AWS
Containers on AWS
 
AWS Fundamentals @Back2School by CloudZone
AWS Fundamentals @Back2School by CloudZoneAWS Fundamentals @Back2School by CloudZone
AWS Fundamentals @Back2School by CloudZone
 
Deep Dive on Microservices and Docker
Deep Dive on Microservices and DockerDeep Dive on Microservices and Docker
Deep Dive on Microservices and Docker
 
SRV409 Deep Dive on Microservices and Docker
SRV409 Deep Dive on Microservices and DockerSRV409 Deep Dive on Microservices and Docker
SRV409 Deep Dive on Microservices and Docker
 
Amazon EKS - security best practices - 2022
Amazon EKS - security best practices - 2022 Amazon EKS - security best practices - 2022
Amazon EKS - security best practices - 2022
 
From Monolith to Microservices
From Monolith to MicroservicesFrom Monolith to Microservices
From Monolith to Microservices
 
Introduction to AWS
Introduction to AWSIntroduction to AWS
Introduction to AWS
 
Architecting for the Cloud: Best Practices
Architecting for the Cloud: Best PracticesArchitecting for the Cloud: Best Practices
Architecting for the Cloud: Best Practices
 
Architecting for AWS Cloud - let's do it right!
Architecting for AWS Cloud - let's do it right!Architecting for AWS Cloud - let's do it right!
Architecting for AWS Cloud - let's do it right!
 
Fundamentals of Cloud Computing & AWS
Fundamentals of Cloud Computing & AWSFundamentals of Cloud Computing & AWS
Fundamentals of Cloud Computing & AWS
 
Building Secure Architectures on AWS
Building Secure Architectures on AWSBuilding Secure Architectures on AWS
Building Secure Architectures on AWS
 
Amazon Web Services Architecture - An Overview
Amazon Web Services Architecture - An OverviewAmazon Web Services Architecture - An Overview
Amazon Web Services Architecture - An Overview
 
AWS Terms
AWS TermsAWS Terms
AWS Terms
 

Recently uploaded

Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Tatiana Kojar
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms  calicut university B. sc Cs 4th sem.pdfdbms  calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
Shinana2
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
Hiike
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Precisely
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
SAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloudSAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloud
maazsz111
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
HarisZaheer8
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 

Recently uploaded (20)

Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms  calicut university B. sc Cs 4th sem.pdfdbms  calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
SAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloudSAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloud
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 

Amazon Web Services - Running Containers with ECS

  • 1. Amazon Web Services – Running Containers with ECS Scott Weber – Director, Cloud Solutions at EagleDream Technologies
  • 2. 2 DREAM BUILD SOAR Confidential | eagledream.com SECURITY CLOUD DEVELOPMENT WEB DESIGN COMPLIANCE COMMUNICATIONS
  • 3. 3 • Compute Options in AWS • Why Containers? • Amazon EC2 Container Service • Architecture • Security • Scaling Clusters • Deploying Containers Agenda Confidential | eagledream.com
  • 4. 4 Compute Options in AWS Confidential | eagledream.com Amazon EC2 Amazon ECS AWS Lambda • Traditional VMs • Provision on the fly • Autoscaling • Pay per second of run time • IaaS • Docker Containers • Micro Services • AWS Specific Scheduler • Runs on top of EC2 • Scalable • PaaS • Nano Services • Pay for the duration of execution • FaaS • Fully AWS Managed
  • 5. 5 Why Containers Confidential | eagledream.com • Next evolution in virtualization • Domain Driven services/Micro services • Complete packaging of running artifact – Stops the problem of “Well, it ran fine on the developer’s laptop” • Strong isolation of container to container • Infrastructure becomes a platform • Enables, “You built it, you run it”
  • 6. 6 Amazon EC2 Container Service Confidential | eagledream.com Amazon EC2 Container Service (ECS) is a highly scalable, high performance container management service that supports Docker containers and allows you to easily run applications on a managed cluster of Amazon EC2 instances. Amazon ECS eliminates the need for you to install, operate, and scale your own cluster management infrastructure. With simple API calls, you can launch and stop Docker- enabled applications, query the complete state of your cluster, and access many familiar features like security groups, Elastic Load Balancing, EBS volumes, and IAM roles. Source: https://aws.amazon.com/ecs/
  • 7. 7 Why ECS vs. Other Schedulers Confidential | eagledream.com • Designed for AWS by AWS • Very low technical barrier to use • Integrated with other AWS services • Hard problems are solved • Its free!
  • 8. 8 ECS Architecture Confidential | eagledream.com Source: AWS Amazon ECR Amazon RDS Application Load Balancer ECS Cluster ECS Cluster IAM Amazon API Gateway* Amazon Route 53 Amazon CloudWatch
  • 9. 9 Securing ECS – Security Groups Confidential | eagledream.com • Security Groups – Software defined firewalls around objects in AWS – Define inbound and outbound traffic at the port and protocol level – Security groups can reference each other – Used to define application communication patterns Amazon RDS Application Load Balancer EC2 Instance EC2 Instance
  • 10. 10 Securing ECS – IAM Roles Confidential | eagledream.com • IAM Roles – Define access to other AWS services via policies – Each Task has its own Role – Token based and tokens are constantly changed – No more shared accounts and password changes – Implementation is fully scriptable EC2 InstanceEC2 Instance Amazon DynamoDB Amazon S3 IAM Task 1 Task 2
  • 11. 11 Securing ECS – Managing Secrets Confidential | eagledream.com • Simple Systems Manager (SSM) Parameter Store – Leverage KMS for encryption at rest – Access controlled via IAM Roles – Separate configuration from code – Store all configuration data not just secrets – Poll for changes and dynamically change the running containers • Declare a Key • Set a parameter – Example: prod.app1.db-pass – Example: general.license-code • Setup IAM Role • Associate Role to Task/Container • Have application request the parameter https://aws.amazon.com/blogs/compute/managing-secrets-for-amazon-ecs-applications-using-parameter- store-and-iam-roles-for-tasks/ Steps:
  • 12. 12 Scaling Clusters Confidential | eagledream.com • Must scale in 2 vectors – Dynamically alter Tasks as load changes – Dynamically alter EC2 servers as load changes • AWS natively supports scaling up both Tasks and EC2 • AWS natively supports scaling down Tasks • Scale down of EC2 is a non-trivial problem – Autoscaling will randomly choose an EC2 instance to scale down – Must interrupt the process and force the re-distribution of the running containers – AWS published solution is published on GitHub
  • 13. 13 Code Deployment Confidential | eagledream.com Source: https://aws.amazon.com/blogs/compute/continuous-deployment-to-amazon-ecs-using-aws-codepipeline-aws- codebuild-amazon-ecr-and-aws-cloudformation/
  • 14. 14 Primary Contact(s): Jon Providence VP of Enterprise Business Services Phone: 585-943-0084 Email: Jon.Providence@eagledream.com Contact Info Contact Us 1.888.4EAGLEDREAM info@eagledream.com Eagledream.com Headquarters | Rochester, NY 300 Trolley Blvd Rochester, NY 14606 New England | Boston, MA 300 Baker Avenue, Suite 300 Concord, MA 01742 We look forward to being your AWS Partner. EagleDream.com Confidential | eagledream.com