SlideShare una empresa de Scribd logo

Running Containers in a Hybrid Environment

Amazon Web Services
Amazon Web Services

The AWS Cloud offers infrastructure resources optimized for running containers, as well as a set of orchestration services that make it easy for you to build and run containerized applications in production. In this session we will review how Docker containers are used to build microservices and how Amazon Elastic Container Service (Amazon ECS) and AWS Fargate are used for container orchestration to help customers like FINRA run and scale containerized applications on AWS.

1 de 53
P U B L I C S E C T O R S U M M I T WASHINGTON, DC
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Running Containers in a Hybrid Environment Harsha Nippani Solutions Architect Amazon Web Services 2 9 9 9 4 6 Latha Nagaraj Principal Application Architect FINRA
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Agenda • Containers and Docker • Amazon Elastic Container Registry (Amazon ECR) • Amazon Elastic Container Service (Amazon ECS) • AWS Fargate • Customer Use Case - FINRA
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T The Problem • Different application stacks • Different hardware deployment environments • How to run all applications across different environments? • How to easily migrate from one environment to another? Static website Web fronted Background workers User DB Analytics DB Queue Dev VM QA Server Single Prod Server Onsite Cluster Public Cloud Contributor ’s laptop Customer Servers
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T The Solution • Unit of software delivery • Lightweight, portable, consistent • Deploy and run everywhere • Deploy and run anything Static website Web fronted Background workers User DB Analytics DB Queue Dev VM QA Server Single Prod Server Onsite Cluster Public Cloud Contributor ’s laptop Customer Servers
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Docker container image bootfs kernel Base image Image Image Container References parent image Read only image that is used as a template to launch a container. Start from base images that have your dependencies, add your custom code. Docker file for easy, reproducible builds.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Virtual Machines Vs Containers Server (Host) Host OS Hypervisor App 2 Guest OS Guest OS Guest OS Bins/Libs Bins/Libs Bins/Libs App 1 App 2 App 3 VM Server (Host) Host OS Docker Bins/Libs Bins/Libs Bins/Libs App 1 App 2 App 3 Container
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Docker Images Packaged Application Code Reproducible Immutable Portable
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T AWS Container Services Landscape MANAGEMENT Deployment, Scheduling, Scaling & Management of containerized applications HOSTING Where the containers run Amazon ECS Amazon Elastic Container Service for Kubernetes (Amazon EKS) Amazon EC2 AWS Fargate IMAGE REGISTRY Container Image Repository Amazon ECR
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Amazon Elastic Container Registry Fully Managed * Tight Integration with Amazon ECS * Integration with Docker Toolset * Management Console and AWS Command Line Interface (AWS CLI) Highly Available * Amazon Simple Storage Service (Amazon S3) backed* Regional endpoints Secure * AWS Identity and Access Management (IAM) Resource-based Policies * AWS CloudTrail Audit Logs * Images encrypted at transit and at rest
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Evolution of Compute on AWS AWS Cloud AWS Cloud AWS Cloud EC2 Instance Amazon EC2 Amazon ECS Containers in the cloud (no servers to manage) Container EC2 Instance   Container VMs in the cloud Containers in Amazon EC2 instances in the cloud AWS Fargate (EC2 launch type)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Amazon EC2 Instance TaskTask Task Task Amazon EC2 Instance TaskTask Task Task Amazon EC2 Instance TaskTask Task Task Amazon EC2 Instance TaskTask Task Task Amazon EC2 Instance TaskTask Task Task RUNNING CONTAINERS
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T ECS Service Amazon ECS—Task & Service AMAZON EC2 INSTANCES LOAD BALANCER Internet ECS AGENT TASK Container TASK Container ECS AGENT TASK Container TASK Container AGENT COMMUNICATION SERVICE Amazon ECS API CLUSTER MANAGEMENT ENGINE KEY/VALUE STORE ECS AGENT TASK Container TASK Container LOAD BALANCER
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Define application containers: Image URL, CPU & Memory requirements, etc. register Task Definition create Cluster • Infrastructure Isolation boundary • IAM Permissions boundary run Task • A running instantiation of a task definition create Service Elastic Load Balancer (ELB) • Maintain n running copies • Integrated with ELB • Unhealthy tasks automatically replaced CONSTRUCTS
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Scheduling and Orchestration Cluster Manager Placement Engine RUNNING CONTAINERS AT SCALE WITH ECS Availability Zone #1 Availability Zone #2 Availability Zone #3
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T PRODUCTION WORKLOADS ON ECS Amazon Virtual Private Cloud (Amazon VPC) networking mode Advanced task placement Deep integration with AWS services Amazon ECS AWS CLI …{ } Global footprint Powerful scheduling engines Auto scaling Amazon CloudWatch metrics Load balancers
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Scheduling and Orchestration Cluster Manager Placement Engine ECS AMI Docker agent ECS agent Amazon EC2 Instance ECS AMI Docker agent ECS agent Amazon EC2 Instance ECS AMI Docker agent ECS agent Amazon EC2 Instance ECS and Fargate
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T No clust er s t o manage M anages under lying inf r ast r uctur e Easy t o r un, easy t o scale AWS FARGATE
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Define application containers: Image URL, CPU & Memory requirements, etc. register Task Definition Create Cluster • Infrastructure Isolation boundary • IAM Permissions boundary run Task • A running instantiation of a task definition • Use AWS FARGATE launch type create Service Elastic Load Balancer • Maintain N running copies • Integrated with ELB • Unhealthy tasks automatically replaced FARGATE CONSTRUCTS
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Bridge networking mode Any non-local traffic to/from the containers must transit through eth0 Traffic between containers within the same task transit through docker- 0 docker-0 bridge eth0 network interface default network namespace c1 namespace c2 namespace task Amazon EC2 Instance c1 c2
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T awsvpc networking mode Containers within the task are in the same namespace can talk over local host All traffic transits through the task Elastic Network Interface (ENI). No dependence on host’s eth0 eth0 network interface default namespace task namespace EC2 Instance c1 c2 task task network interface local host
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T VPC INTEGRATION 172.31.0.0/16 Subnet 172.31.1.0/24 Internet Other Entities in VPC EC2 LB DB etc. Private IP 172.31.1.164 Launch your Fargate Tasks into subnets Under the hood : • We create an ENI • The ENI is allocated a private IP from your subnet • The ENI is attached to your task • Your task now has a private IP from your subnet! You can assign public IPs to your tasks Configure security groups to control inbound & outbound traffic ENI Fargate TaskPublic / 208.57.73.13 /
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Policy Before Task Roles Tasks rely on the Instance Role for permissions Instance Role must have the superset of all permissions. Violates principle of least privilege. EC2 Instance Role ... { "Action": [”ddb:*”], "Effect": "Allow", } ... { "Action": [”s3:*”], "Effect": "Allow", } task 1 AWS SDK/CLI task 2 AWS SDK/CLI
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Task Roles No reliance on Instance Role for permissions EC2 Instance RoleTask 1 Policy task 1 AWS SDK/CLI task 2 AWS SDK/CLI { "Action": [”ddb:*”], "Effect": "Allow", } Task1 Role Task 2 Policy { "Action": [”s3:*”], "Effect": "Allow", }Task2 Role
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Architecture Reference: Private Task Setup Public subnet Private subnet Fargate TaskENI Private IP 172.31.1.164 NAT Gateway Public EIP 34.214.162.237 Internet Gateway 172.31.0.0/16 172.31.2.0/24 172.31.1.0/24 Destination Target 172.31.0.0/1 6 local 0.0.0.0/0 NAT Gateway Destination Target 172.31.0.0/1 6 local 0.0.0.0/0 Internet Gateway Route Tables Attach Internet Gateway to Amazon VPC Setup a Public Subnet with • Route to Internet Gateway • NAT Gateway Setup Private Subnet with • Fargate Task • Route to NAT Gateway Security Group to allow outbound traffic Type Port Destination All Traffic ALL 0.0.0.0/0 Outbound Security Group Rules
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Architecture Reference: Internet facing ELB w/ VPC Public subnet Private subnet Fargate TaskENI Private IP 172.31.1.164 :8080 ALB Public IP 208.57.73.13 :80 172.31.0.0/16 172.31.2.0/24 172.31.1.0/24 Task in private subnet with private IP ALB in public subnet with public IP Make sure the AZs of the two subnets match ALB security group to allow inbound traffic from internet Task security group to allow inbound traffic from the ALB’s security group Task Security GroupALB Security Group Type Port Source HTTP 80 0.0.0.0/0 Inbound Rule Type Port Source Custom TCP 808 0 ALB Security Group Inbound Rule us-east-1a us-east-1a
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Sample Application – Task Definition Amazon ECS Task Definition: Visibility { "family": "scorekeep", "cpu": "1 vCpu", "memory": "2 gb", "networkMode":"awsvpc", "taskRoleArn": "arn:aws:…", "executionRoleArn”: “arn:…” "requiresCompatibilities": [ "FARGATE" ], "containerDefinitions": [ { "name": "scorekeep-frontend", "image":“xxx.dkr.ecr…frontend", "cpu": 256, "memoryReservation": 512, "portMappings" : [ { "containerPort": 8080 } ], "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-group": "scorekeep", "awslogs-region": "us-east-1", "awslogs-stream-prefix": "scorekeep/frontend” } } } ]} { "name": "scorekeep-api", "image":“xxx.dkr.ecr…api", "cpu": 768, "memoryReservation": 512, "portMappings" : [ { "containerPort": 5000 } ], "environment": […], #env var "logConfiguration": { "logDriver": "awslogs", "options": { “awslogs-group": "scorekeep", "awslogs-region": "us-east-1", "awslogs-stream-prefix": "scorekeep/api” } } },
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Frontend Server Container Angular + Nginx API Server Container Java Port 8080 Port 5000 Internet Sample Application - Architecture
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T AWS Services for Containerized Microservices Storage & Database Amazon DynamoDB Amazon ElastiCache Amazon Relational Database Service (Amazon RDS) Amazon Simple Storage Service (Amazon S3) Logging & Monitoring Amazon CloudWatch AWS CloudTrail AWS X-Ray Application Integration Amazon MQ Amazon Simple Notification Service (Amazon SNS) Amazon Simple Queue Service (Amazon SQS) AWS Step Functions Developer Tools AWS CodeBuild AWS CodePipeline AWS Cloud9 Networking & API Proxy Amazon API Gateway Elastic Load Balancing Amazon Route 53 Compute Amazon EKS Amazon ECS Amazon ECR Fargate AWS Elastic Beanstalk
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Investor protection Market integrity FINRA MISSION
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T brokers 12 634,000 markets/ exchanges firms 3,800 VOLUME
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T FINRA maintains 150+ applications running in AWS FINRA processes up to 135 billion market events per day FINRA processes and analyzes trillions of nodes and edges FINRA manages approximately 30 Petabytes of storage FINRA runs up to 50,000 compute nodes per day BIG DATA
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Agility ON-PREMISE AWS EC2-ELB Infrastructure costs Monthly release cycles Dependency management Scalability Parity Many microservicesHigh costs Slow build time Slow deployment time (puppet) Parity PROBLEMS
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Easily portable Faster Simple and lightweight Cost efficient Productivity FIVE MAIN BENEFITS CONTAINERS TO THE RESCUE
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T CONTAINER MANAGEMENT
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Simple and Easy to use Integration with AWS Services Low learning curve No fine grained container placement strategies Cluster scaling overheads Periodic AMI update overheads PROS CONS USE CASES Standalone Tasks Batch Jobs Web Applications – UI, API, Microservices ECS
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Serverless No Cluster Scaling overheads No AMI updates No Encrypted Storage No EFS integration ENI per task, capped by account level ENI limits PROS CONS USE CASES FARGATE Web Applications – UI, API, Microservices Standalone tasks and Batch Jobs Stateless Applications (or managing states externally using s3/RDS/DynamoDB)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Provides more flexibility Large Open Source Ecosystem Higher learning curve More engineering effort Cluster Management Complexity PROS CONS USE CASES Hybrid Applications Big Data processing Platform Applications EKS
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Simple and easy to use Good fit for majority of FINRA use cases [Web Application, MicroServices, Standalone tasks and Batch Jobs] Easy migration from EC2-ELB to ECS-ALB Cluster per business domain SOLUTION CHOSEN
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Many apps Automation Desired architecture Security and compliance Best practices Rollout SIX MIGRATION CHALLENGES
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T DESIRED ARCHITECTURE /app1 /myapp.finra.org/app3/app2 path-based routing host-based routing Springboot Microservice Service Task Identity Gateway Springboot Splunk Sidecar Angular App Service Task Identity Gateway NodeJS Splunk Sidecar ECS EC2 instance contents EC2 instance contents EC2 instance contents Daemon Collectd daemon Host metrics Daemon Collectd daemon Host metrics Daemon Collectd daemon Host metrics Monolithic App Service Task Identity Gateway Tomcat Splunk Sidecar 443/8443 listener Application Load Balancing (ALB) Amazon EC2 Container Registry (ECR) pull images Availability Zone #1 Availability Zone #2
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T FINRA ECS Optimized AMI on ECS Cluster CIS Security Specification for Docker Security scanning of Containers (Cloud Passage Halo agent) AMI Amazon ECS Optimized AMI FINRA ECS Optimized AMI
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Amazon Linux FINRA Base Linux FINRA IMAGES Reusable, compliant FINRA Base Images App images focus on packaging code and configuration My Tomcat Apps MY APPLICATION IMAGES My Springboot Apps My Angular Apps DOCKER IMAGES Java Nodejs Apache Splunk Tomcat Identity Gateway
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Provision AWS Tools and Libraries CloudFormation ECS CLI AWS SDK Best Practices FINRA Tools and Libraries DNS APIsSecrets ManagementStandards Compliance Security Defaults ECS Stack Amazon Elastic Container Service Auto Scaling ALB Stack Load Balancer Secure Listeners Default Target Groups ECR Repos Service Stack Task Definition Routing Rules Service Target Groups INFRASTRUCTURE AUTOMATION
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T ECS Cluster Pipeline Source Repository Build and Archive Infrastructure code S3 Dev Provision ECS Cluster QA Provision ECS Cluster Prod Provision ECS Cluster ALB Pipeline Source Repository Build and Archive Infrastructure code S3 Dev Provision ECS Cluster QA Provision ECS Cluster Prod Provision ECS Cluster App/Service Pipeline Source Repository Build App Code S3 Dev Provision Artifactory Build App Docker Image ECR ECR Service Stack QA ProvisionECR Service Stack Prod ECR Service Stack Build & Tag Docker Containers Once Push & Deploy Containers to any account multiple times DELIVERY PIPELINE
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T 100+ clusters 200+ EC2s 500+ active tasks 300+ services PRODUCTION METRICS
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Blue Green Deployment • ALB DNS switch • Target Group switch Zero Downtime Deployment • Rolling Update ECS DEPLOYMENT STRATEGIES
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Right size Cluster and Services Spread tasks • Availability zones - Placement Strategy • Instances - Placement Constraints Logging and monitoring BEST PRACTICES
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Serverless Adoption with Fargate EKS Adoption for Big Data Processing Open Source Provision tool (Q4 2019) FUTURE
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T http://technology.finra.org/opensource.html Temporary access to EC2/RDS Gatekeeper Secrets management in AWS Fidelius Create resources in AWS Provision Temporary token for AWS CloudPass Security group manager Portus GO API to Upload RPM to Yum yum-nginx-api Monitor AWS service limits Aphelion AVAILABLE COMING SOON FINRA OPEN SOURCE
Thank you! © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Harsha Nippani nippanih@amazon.com Latha Nagaraj Latha.NagarajSai@finra.org

Recomendados

Containers on AWS: An Introduction
Containers on AWS: An IntroductionContainers on AWS: An Introduction
Containers on AWS: An Introduction
Amazon Web Services
 
Deep dive ECS & Fargate Deep Dive
Deep dive ECS & Fargate Deep DiveDeep dive ECS & Fargate Deep Dive
Deep dive ECS & Fargate Deep Dive
Amazon Web Services
 
Deep Dive on Amazon Elastic Container Service (ECS) | AWS Summit Tel Aviv 2019
Deep Dive on Amazon Elastic Container Service (ECS) | AWS Summit Tel Aviv 2019Deep Dive on Amazon Elastic Container Service (ECS) | AWS Summit Tel Aviv 2019
Deep Dive on Amazon Elastic Container Service (ECS) | AWS Summit Tel Aviv 2019
AWS Summits
 
AWS Containers Day.pdf
AWS Containers Day.pdfAWS Containers Day.pdf
AWS Containers Day.pdf
Amazon Web Services
 
Build an Infra Product with AWS Fargate
Build an Infra Product with AWS FargateBuild an Infra Product with AWS Fargate
Build an Infra Product with AWS Fargate
Will Button
 
Getting Started with Kubernetes on AWS
Getting Started with Kubernetes on AWSGetting Started with Kubernetes on AWS
Getting Started with Kubernetes on AWS
Amazon Web Services
 
Running Containers without Servers: Introduction to AWS Fargate - SRV214 - To...
Running Containers without Servers: Introduction to AWS Fargate - SRV214 - To...Running Containers without Servers: Introduction to AWS Fargate - SRV214 - To...
Running Containers without Servers: Introduction to AWS Fargate - SRV214 - To...
Amazon Web Services
 
Running Kubernetes on AWS.pdf
Running Kubernetes on AWS.pdfRunning Kubernetes on AWS.pdf
Running Kubernetes on AWS.pdf
Amazon Web Services
 

Recomendados

Containers on AWS: An Introduction
Containers on AWS: An IntroductionContainers on AWS: An Introduction
Containers on AWS: An Introduction
Amazon Web Services
 
Deep dive ECS & Fargate Deep Dive
Deep dive ECS & Fargate Deep DiveDeep dive ECS & Fargate Deep Dive
Deep dive ECS & Fargate Deep Dive
Amazon Web Services
 
Deep Dive on Amazon Elastic Container Service (ECS) | AWS Summit Tel Aviv 2019
Deep Dive on Amazon Elastic Container Service (ECS) | AWS Summit Tel Aviv 2019Deep Dive on Amazon Elastic Container Service (ECS) | AWS Summit Tel Aviv 2019
Deep Dive on Amazon Elastic Container Service (ECS) | AWS Summit Tel Aviv 2019
AWS Summits
 
AWS Containers Day.pdf
AWS Containers Day.pdfAWS Containers Day.pdf
AWS Containers Day.pdf
Amazon Web Services
 
Build an Infra Product with AWS Fargate
Build an Infra Product with AWS FargateBuild an Infra Product with AWS Fargate
Build an Infra Product with AWS Fargate
Will Button
 
Getting Started with Kubernetes on AWS
Getting Started with Kubernetes on AWSGetting Started with Kubernetes on AWS
Getting Started with Kubernetes on AWS
Amazon Web Services
 
Running Containers without Servers: Introduction to AWS Fargate - SRV214 - To...
Running Containers without Servers: Introduction to AWS Fargate - SRV214 - To...Running Containers without Servers: Introduction to AWS Fargate - SRV214 - To...
Running Containers without Servers: Introduction to AWS Fargate - SRV214 - To...
Amazon Web Services
 
Running Kubernetes on AWS.pdf
Running Kubernetes on AWS.pdfRunning Kubernetes on AWS.pdf
Running Kubernetes on AWS.pdf
Amazon Web Services
 
Deep Dive on Amazon Elastic Container Service (ECS) and Fargate
Deep Dive on Amazon Elastic Container Service (ECS) and FargateDeep Dive on Amazon Elastic Container Service (ECS) and Fargate
Deep Dive on Amazon Elastic Container Service (ECS) and Fargate
Amazon Web Services
 
AWS ECS Workshop A Journey to Modern Applications
AWS ECS Workshop A Journey to Modern ApplicationsAWS ECS Workshop A Journey to Modern Applications
AWS ECS Workshop A Journey to Modern Applications
Amazon Web Services
 
Getting Started with Docker On AWS
Getting Started with Docker On AWSGetting Started with Docker On AWS
Getting Started with Docker On AWS
Amazon Web Services
 
Java on AWS
Java on AWSJava on AWS
Java on AWS
Amazon Web Services
 
Exciting world of Amazon container services with AWS Fargate and Amazon EKS
Exciting world of Amazon container services with AWS Fargate and Amazon EKSExciting world of Amazon container services with AWS Fargate and Amazon EKS
Exciting world of Amazon container services with AWS Fargate and Amazon EKS
Amazon Web Services
 
Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for Kubernetes
Amazon Web Services
 
Amazon EKS Deep Dive
Amazon EKS Deep DiveAmazon EKS Deep Dive
Amazon EKS Deep Dive
Andrzej Komarnicki
 
Serverless functions deep dive
Serverless functions deep diveServerless functions deep dive
Serverless functions deep dive
Amazon Web Services
 
Introducing AWS Fargate - Tiffany Jernigan
Introducing AWS Fargate - Tiffany JerniganIntroducing AWS Fargate - Tiffany Jernigan
Introducing AWS Fargate - Tiffany Jernigan
Amazon Web Services
 
Running kubernetes with amazon eks
Running kubernetes with amazon eksRunning kubernetes with amazon eks
Running kubernetes with amazon eks
yanaisama
 
Serverless DevOps to the Rescue
Serverless DevOps to the RescueServerless DevOps to the Rescue
Serverless DevOps to the Rescue
Amazon Web Services
 
Containers - State of the Union
Containers - State of the UnionContainers - State of the Union
Containers - State of the Union
Amazon Web Services
 
Build a Serverless Web Application in One Day
Build a Serverless Web Application in One DayBuild a Serverless Web Application in One Day
Build a Serverless Web Application in One Day
Amazon Web Services
 
Using Containers on AWS
Using Containers on AWSUsing Containers on AWS
Using Containers on AWS
Amazon Web Services
 
"Automating AWS Infrastructure with PowerShell", Martin Beeby, AWS Dev Day Ky...
"Automating AWS Infrastructure with PowerShell", Martin Beeby, AWS Dev Day Ky..."Automating AWS Infrastructure with PowerShell", Martin Beeby, AWS Dev Day Ky...
"Automating AWS Infrastructure with PowerShell", Martin Beeby, AWS Dev Day Ky...
Provectus
 
Deep Dive into Amazon ECS & Fargate
Deep Dive into Amazon ECS & FargateDeep Dive into Amazon ECS & Fargate
Deep Dive into Amazon ECS & Fargate
Amazon Web Services
 
Java Developer on AWS 在AWS上開發Java應用
Java Developer on AWS 在AWS上開發Java應用Java Developer on AWS 在AWS上開發Java應用
Java Developer on AWS 在AWS上開發Java應用
Amazon Web Services
 
Automatically scaling your Kubernetes workloads - SVC210-S - Santa Clara AWS ...
Automatically scaling your Kubernetes workloads - SVC210-S - Santa Clara AWS ...Automatically scaling your Kubernetes workloads - SVC210-S - Santa Clara AWS ...
Automatically scaling your Kubernetes workloads - SVC210-S - Santa Clara AWS ...
Amazon Web Services
 
Workshop Interstella GTC - Tiffany Jernigan.pdf
Workshop Interstella GTC - Tiffany Jernigan.pdfWorkshop Interstella GTC - Tiffany Jernigan.pdf
Workshop Interstella GTC - Tiffany Jernigan.pdf
Amazon Web Services
 
Containers on AWS - State of the Union
Containers on AWS - State of the UnionContainers on AWS - State of the Union
Containers on AWS - State of the Union
AWS Germany
 
Serverless and Containers, AWS Federal Pop-Up Loft
Serverless and Containers, AWS Federal Pop-Up LoftServerless and Containers, AWS Federal Pop-Up Loft
Serverless and Containers, AWS Federal Pop-Up Loft
Amazon Web Services
 
Fast-Track Your Application Modernisation Journey with Containers - AWS Summi...
Fast-Track Your Application Modernisation Journey with Containers - AWS Summi...Fast-Track Your Application Modernisation Journey with Containers - AWS Summi...
Fast-Track Your Application Modernisation Journey with Containers - AWS Summi...
Amazon Web Services
 

Más contenido relacionado

La actualidad más candente

AWS ECS Workshop A Journey to Modern Applications
AWS ECS Workshop A Journey to Modern ApplicationsAWS ECS Workshop A Journey to Modern Applications
AWS ECS Workshop A Journey to Modern Applications
Amazon Web Services
 
Getting Started with Docker On AWS
Getting Started with Docker On AWSGetting Started with Docker On AWS
Getting Started with Docker On AWS
Amazon Web Services
 
Exciting world of Amazon container services with AWS Fargate and Amazon EKS
Exciting world of Amazon container services with AWS Fargate and Amazon EKSExciting world of Amazon container services with AWS Fargate and Amazon EKS
Exciting world of Amazon container services with AWS Fargate and Amazon EKS
Amazon Web Services
 
Serverless DevOps to the Rescue
Serverless DevOps to the RescueServerless DevOps to the Rescue
Serverless DevOps to the Rescue
Amazon Web Services
 
"Automating AWS Infrastructure with PowerShell", Martin Beeby, AWS Dev Day Ky...
"Automating AWS Infrastructure with PowerShell", Martin Beeby, AWS Dev Day Ky..."Automating AWS Infrastructure with PowerShell", Martin Beeby, AWS Dev Day Ky...
"Automating AWS Infrastructure with PowerShell", Martin Beeby, AWS Dev Day Ky...
Provectus
 

La actualidad más candente (20)

Deep Dive on Amazon Elastic Container Service (ECS) and Fargate
Deep Dive on Amazon Elastic Container Service (ECS) and FargateDeep Dive on Amazon Elastic Container Service (ECS) and Fargate
Deep Dive on Amazon Elastic Container Service (ECS) and Fargate
 
AWS ECS Workshop A Journey to Modern Applications
AWS ECS Workshop A Journey to Modern ApplicationsAWS ECS Workshop A Journey to Modern Applications
AWS ECS Workshop A Journey to Modern Applications
 
Getting Started with Docker On AWS
Getting Started with Docker On AWSGetting Started with Docker On AWS
Getting Started with Docker On AWS
 
Java on AWS
Java on AWSJava on AWS
Java on AWS
 
Exciting world of Amazon container services with AWS Fargate and Amazon EKS
Exciting world of Amazon container services with AWS Fargate and Amazon EKSExciting world of Amazon container services with AWS Fargate and Amazon EKS
Exciting world of Amazon container services with AWS Fargate and Amazon EKS
 
Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for Kubernetes
 
Amazon EKS Deep Dive
Amazon EKS Deep DiveAmazon EKS Deep Dive
Amazon EKS Deep Dive
 
Serverless functions deep dive
Serverless functions deep diveServerless functions deep dive
Serverless functions deep dive
 
Introducing AWS Fargate - Tiffany Jernigan
Introducing AWS Fargate - Tiffany JerniganIntroducing AWS Fargate - Tiffany Jernigan
Introducing AWS Fargate - Tiffany Jernigan
 
Running kubernetes with amazon eks
Running kubernetes with amazon eksRunning kubernetes with amazon eks
Running kubernetes with amazon eks
 
Serverless DevOps to the Rescue
Serverless DevOps to the RescueServerless DevOps to the Rescue
Serverless DevOps to the Rescue
 
Containers - State of the Union
Containers - State of the UnionContainers - State of the Union
Containers - State of the Union
 
Build a Serverless Web Application in One Day
Build a Serverless Web Application in One DayBuild a Serverless Web Application in One Day
Build a Serverless Web Application in One Day
 
Using Containers on AWS
Using Containers on AWSUsing Containers on AWS
Using Containers on AWS
 
"Automating AWS Infrastructure with PowerShell", Martin Beeby, AWS Dev Day Ky...
"Automating AWS Infrastructure with PowerShell", Martin Beeby, AWS Dev Day Ky..."Automating AWS Infrastructure with PowerShell", Martin Beeby, AWS Dev Day Ky...
"Automating AWS Infrastructure with PowerShell", Martin Beeby, AWS Dev Day Ky...
 
Deep Dive into Amazon ECS & Fargate
Deep Dive into Amazon ECS & FargateDeep Dive into Amazon ECS & Fargate
Deep Dive into Amazon ECS & Fargate
 
Java Developer on AWS 在AWS上開發Java應用
Java Developer on AWS 在AWS上開發Java應用Java Developer on AWS 在AWS上開發Java應用
Java Developer on AWS 在AWS上開發Java應用
 
Automatically scaling your Kubernetes workloads - SVC210-S - Santa Clara AWS ...
Automatically scaling your Kubernetes workloads - SVC210-S - Santa Clara AWS ...Automatically scaling your Kubernetes workloads - SVC210-S - Santa Clara AWS ...
Automatically scaling your Kubernetes workloads - SVC210-S - Santa Clara AWS ...
 
Workshop Interstella GTC - Tiffany Jernigan.pdf
Workshop Interstella GTC - Tiffany Jernigan.pdfWorkshop Interstella GTC - Tiffany Jernigan.pdf
Workshop Interstella GTC - Tiffany Jernigan.pdf
 
Containers on AWS - State of the Union
Containers on AWS - State of the UnionContainers on AWS - State of the Union
Containers on AWS - State of the Union
 

Similar a Running Containers in a Hybrid Environment

Serverless and Containers, AWS Federal Pop-Up Loft
Serverless and Containers, AWS Federal Pop-Up LoftServerless and Containers, AWS Federal Pop-Up Loft
Serverless and Containers, AWS Federal Pop-Up Loft
Amazon Web Services
 
Fast-Track Your Application Modernisation Journey with Containers - AWS Summi...
Fast-Track Your Application Modernisation Journey with Containers - AWS Summi...Fast-Track Your Application Modernisation Journey with Containers - AWS Summi...
Fast-Track Your Application Modernisation Journey with Containers - AWS Summi...
Amazon Web Services
 
AWS Summit Singapore 2019 | Microsoft DevOps on AWS
AWS Summit Singapore 2019 | Microsoft DevOps on AWSAWS Summit Singapore 2019 | Microsoft DevOps on AWS
AWS Summit Singapore 2019 | Microsoft DevOps on AWS
AWS Summits
 
Integrate Your Favourite Microsoft DevOps Tools with AWS - AWS Summit Sydney
Integrate Your Favourite Microsoft DevOps Tools with AWS - AWS Summit SydneyIntegrate Your Favourite Microsoft DevOps Tools with AWS - AWS Summit Sydney
Integrate Your Favourite Microsoft DevOps Tools with AWS - AWS Summit Sydney
Amazon Web Services
 
Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...
Amazon Web Services
 

Similar a Running Containers in a Hybrid Environment (20)

Serverless and Containers, AWS Federal Pop-Up Loft
Serverless and Containers, AWS Federal Pop-Up LoftServerless and Containers, AWS Federal Pop-Up Loft
Serverless and Containers, AWS Federal Pop-Up Loft
 
Fast-Track Your Application Modernisation Journey with Containers - AWS Summi...
Fast-Track Your Application Modernisation Journey with Containers - AWS Summi...Fast-Track Your Application Modernisation Journey with Containers - AWS Summi...
Fast-Track Your Application Modernisation Journey with Containers - AWS Summi...
 
[Games on AWS 2019] AWS 입문자를 위한 초단기 레벨업 트랙 | AWS 레벨업 하기! : 컨테이너 - 김세호 AWS 솔루션...
[Games on AWS 2019] AWS 입문자를 위한 초단기 레벨업 트랙 | AWS 레벨업 하기! : 컨테이너 - 김세호 AWS 솔루션...[Games on AWS 2019] AWS 입문자를 위한 초단기 레벨업 트랙 | AWS 레벨업 하기! : 컨테이너 - 김세호 AWS 솔루션...
[Games on AWS 2019] AWS 입문자를 위한 초단기 레벨업 트랙 | AWS 레벨업 하기! : 컨테이너 - 김세호 AWS 솔루션...
 
Breaking the Monolith Using AWS Container Services
Breaking the Monolith Using AWS Container ServicesBreaking the Monolith Using AWS Container Services
Breaking the Monolith Using AWS Container Services
 
AWS Summit Singapore 2019 | Microsoft DevOps on AWS
AWS Summit Singapore 2019 | Microsoft DevOps on AWSAWS Summit Singapore 2019 | Microsoft DevOps on AWS
AWS Summit Singapore 2019 | Microsoft DevOps on AWS
 
Deep Dive into Amazon Fargate
Deep Dive into Amazon FargateDeep Dive into Amazon Fargate
Deep Dive into Amazon Fargate
 
AWS Fargate deep dive - MAD303 - New York AWS Summit
AWS Fargate deep dive - MAD303 - New York AWS SummitAWS Fargate deep dive - MAD303 - New York AWS Summit
AWS Fargate deep dive - MAD303 - New York AWS Summit
 
Integrate Your Favourite Microsoft DevOps Tools with AWS - AWS Summit Sydney
Integrate Your Favourite Microsoft DevOps Tools with AWS - AWS Summit SydneyIntegrate Your Favourite Microsoft DevOps Tools with AWS - AWS Summit Sydney
Integrate Your Favourite Microsoft DevOps Tools with AWS - AWS Summit Sydney
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 
AWS Summit London 2019 - Containers on AWS
AWS Summit London 2019 - Containers on AWSAWS Summit London 2019 - Containers on AWS
AWS Summit London 2019 - Containers on AWS
 
Breaking the Monolith road to containers.pdf
Breaking the Monolith road to containers.pdfBreaking the Monolith road to containers.pdf
Breaking the Monolith road to containers.pdf
 
Breaking the Monolith road to containers.pdf
Breaking the Monolith road to containers.pdfBreaking the Monolith road to containers.pdf
Breaking the Monolith road to containers.pdf
 
Interstella 8888: CICD for Containers on AWS - CON319 - re:Invent 2017
Interstella 8888: CICD for Containers on AWS - CON319 - re:Invent 2017Interstella 8888: CICD for Containers on AWS - CON319 - re:Invent 2017
Interstella 8888: CICD for Containers on AWS - CON319 - re:Invent 2017
 
CON319_Interstella GTC CICD for Containers on AWS
CON319_Interstella GTC CICD for Containers on AWSCON319_Interstella GTC CICD for Containers on AWS
CON319_Interstella GTC CICD for Containers on AWS
 
Migrating to AWS Fargate (CON311-R1) - AWS re:Invent 2018
Migrating to AWS Fargate (CON311-R1) - AWS re:Invent 2018Migrating to AWS Fargate (CON311-R1) - AWS re:Invent 2018
Migrating to AWS Fargate (CON311-R1) - AWS re:Invent 2018
 
Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...
 
Breaking the Monolith using AWS Container Services
Breaking the Monolith using AWS Container ServicesBreaking the Monolith using AWS Container Services
Breaking the Monolith using AWS Container Services
 
Well Archictecture Framework dotNET.pdf
Well Archictecture Framework dotNET.pdfWell Archictecture Framework dotNET.pdf
Well Archictecture Framework dotNET.pdf
 
Best-Practices-for-Running-Windows-Workloads-on-AWS
Best-Practices-for-Running-Windows-Workloads-on-AWSBest-Practices-for-Running-Windows-Workloads-on-AWS
Best-Practices-for-Running-Windows-Workloads-on-AWS
 
CON209_Interstella 8888 Learn How to Use Docker on AWS
CON209_Interstella 8888 Learn How to Use Docker on AWSCON209_Interstella 8888 Learn How to Use Docker on AWS
CON209_Interstella 8888 Learn How to Use Docker on AWS
 

Más de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
 

Más de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Come costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSCome costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWS
 

Running Containers in a Hybrid Environment

  • 1. P U B L I C S E C T O R S U M M I T WASHINGTON, DC
  • 2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Running Containers in a Hybrid Environment Harsha Nippani Solutions Architect Amazon Web Services 2 9 9 9 4 6 Latha Nagaraj Principal Application Architect FINRA
  • 3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Agenda • Containers and Docker • Amazon Elastic Container Registry (Amazon ECR) • Amazon Elastic Container Service (Amazon ECS) • AWS Fargate • Customer Use Case - FINRA
  • 4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T
  • 5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T The Problem • Different application stacks • Different hardware deployment environments • How to run all applications across different environments? • How to easily migrate from one environment to another? Static website Web fronted Background workers User DB Analytics DB Queue Dev VM QA Server Single Prod Server Onsite Cluster Public Cloud Contributor ’s laptop Customer Servers
  • 6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T The Solution • Unit of software delivery • Lightweight, portable, consistent • Deploy and run everywhere • Deploy and run anything Static website Web fronted Background workers User DB Analytics DB Queue Dev VM QA Server Single Prod Server Onsite Cluster Public Cloud Contributor ’s laptop Customer Servers
  • 7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Docker container image bootfs kernel Base image Image Image Container References parent image Read only image that is used as a template to launch a container. Start from base images that have your dependencies, add your custom code. Docker file for easy, reproducible builds.
  • 8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Virtual Machines Vs Containers Server (Host) Host OS Hypervisor App 2 Guest OS Guest OS Guest OS Bins/Libs Bins/Libs Bins/Libs App 1 App 2 App 3 VM Server (Host) Host OS Docker Bins/Libs Bins/Libs Bins/Libs App 1 App 2 App 3 Container
  • 9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Docker Images Packaged Application Code Reproducible Immutable Portable
  • 10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T AWS Container Services Landscape MANAGEMENT Deployment, Scheduling, Scaling & Management of containerized applications HOSTING Where the containers run Amazon ECS Amazon Elastic Container Service for Kubernetes (Amazon EKS) Amazon EC2 AWS Fargate IMAGE REGISTRY Container Image Repository Amazon ECR
  • 11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Amazon Elastic Container Registry Fully Managed * Tight Integration with Amazon ECS * Integration with Docker Toolset * Management Console and AWS Command Line Interface (AWS CLI) Highly Available * Amazon Simple Storage Service (Amazon S3) backed* Regional endpoints Secure * AWS Identity and Access Management (IAM) Resource-based Policies * AWS CloudTrail Audit Logs * Images encrypted at transit and at rest
  • 12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Evolution of Compute on AWS AWS Cloud AWS Cloud AWS Cloud EC2 Instance Amazon EC2 Amazon ECS Containers in the cloud (no servers to manage) Container EC2 Instance   Container VMs in the cloud Containers in Amazon EC2 instances in the cloud AWS Fargate (EC2 launch type)
  • 13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Amazon EC2 Instance TaskTask Task Task Amazon EC2 Instance TaskTask Task Task Amazon EC2 Instance TaskTask Task Task Amazon EC2 Instance TaskTask Task Task Amazon EC2 Instance TaskTask Task Task RUNNING CONTAINERS
  • 14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T ECS Service Amazon ECS—Task & Service AMAZON EC2 INSTANCES LOAD BALANCER Internet ECS AGENT TASK Container TASK Container ECS AGENT TASK Container TASK Container AGENT COMMUNICATION SERVICE Amazon ECS API CLUSTER MANAGEMENT ENGINE KEY/VALUE STORE ECS AGENT TASK Container TASK Container LOAD BALANCER
  • 15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Define application containers: Image URL, CPU & Memory requirements, etc. register Task Definition create Cluster • Infrastructure Isolation boundary • IAM Permissions boundary run Task • A running instantiation of a task definition create Service Elastic Load Balancer (ELB) • Maintain n running copies • Integrated with ELB • Unhealthy tasks automatically replaced CONSTRUCTS
  • 16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Scheduling and Orchestration Cluster Manager Placement Engine RUNNING CONTAINERS AT SCALE WITH ECS Availability Zone #1 Availability Zone #2 Availability Zone #3
  • 17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T PRODUCTION WORKLOADS ON ECS Amazon Virtual Private Cloud (Amazon VPC) networking mode Advanced task placement Deep integration with AWS services Amazon ECS AWS CLI …{ } Global footprint Powerful scheduling engines Auto scaling Amazon CloudWatch metrics Load balancers
  • 18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Scheduling and Orchestration Cluster Manager Placement Engine ECS AMI Docker agent ECS agent Amazon EC2 Instance ECS AMI Docker agent ECS agent Amazon EC2 Instance ECS AMI Docker agent ECS agent Amazon EC2 Instance ECS and Fargate
  • 19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T No clust er s t o manage M anages under lying inf r ast r uctur e Easy t o r un, easy t o scale AWS FARGATE
  • 20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Define application containers: Image URL, CPU & Memory requirements, etc. register Task Definition Create Cluster • Infrastructure Isolation boundary • IAM Permissions boundary run Task • A running instantiation of a task definition • Use AWS FARGATE launch type create Service Elastic Load Balancer • Maintain N running copies • Integrated with ELB • Unhealthy tasks automatically replaced FARGATE CONSTRUCTS
  • 21. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Bridge networking mode Any non-local traffic to/from the containers must transit through eth0 Traffic between containers within the same task transit through docker- 0 docker-0 bridge eth0 network interface default network namespace c1 namespace c2 namespace task Amazon EC2 Instance c1 c2
  • 22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T awsvpc networking mode Containers within the task are in the same namespace can talk over local host All traffic transits through the task Elastic Network Interface (ENI). No dependence on host’s eth0 eth0 network interface default namespace task namespace EC2 Instance c1 c2 task task network interface local host
  • 23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T VPC INTEGRATION 172.31.0.0/16 Subnet 172.31.1.0/24 Internet Other Entities in VPC EC2 LB DB etc. Private IP 172.31.1.164 Launch your Fargate Tasks into subnets Under the hood : • We create an ENI • The ENI is allocated a private IP from your subnet • The ENI is attached to your task • Your task now has a private IP from your subnet! You can assign public IPs to your tasks Configure security groups to control inbound & outbound traffic ENI Fargate TaskPublic / 208.57.73.13 /
  • 24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Policy Before Task Roles Tasks rely on the Instance Role for permissions Instance Role must have the superset of all permissions. Violates principle of least privilege. EC2 Instance Role ... { "Action": [”ddb:*”], "Effect": "Allow", } ... { "Action": [”s3:*”], "Effect": "Allow", } task 1 AWS SDK/CLI task 2 AWS SDK/CLI
  • 25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Task Roles No reliance on Instance Role for permissions EC2 Instance RoleTask 1 Policy task 1 AWS SDK/CLI task 2 AWS SDK/CLI { "Action": [”ddb:*”], "Effect": "Allow", } Task1 Role Task 2 Policy { "Action": [”s3:*”], "Effect": "Allow", }Task2 Role
  • 26. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Architecture Reference: Private Task Setup Public subnet Private subnet Fargate TaskENI Private IP 172.31.1.164 NAT Gateway Public EIP 34.214.162.237 Internet Gateway 172.31.0.0/16 172.31.2.0/24 172.31.1.0/24 Destination Target 172.31.0.0/1 6 local 0.0.0.0/0 NAT Gateway Destination Target 172.31.0.0/1 6 local 0.0.0.0/0 Internet Gateway Route Tables Attach Internet Gateway to Amazon VPC Setup a Public Subnet with • Route to Internet Gateway • NAT Gateway Setup Private Subnet with • Fargate Task • Route to NAT Gateway Security Group to allow outbound traffic Type Port Destination All Traffic ALL 0.0.0.0/0 Outbound Security Group Rules
  • 27. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Architecture Reference: Internet facing ELB w/ VPC Public subnet Private subnet Fargate TaskENI Private IP 172.31.1.164 :8080 ALB Public IP 208.57.73.13 :80 172.31.0.0/16 172.31.2.0/24 172.31.1.0/24 Task in private subnet with private IP ALB in public subnet with public IP Make sure the AZs of the two subnets match ALB security group to allow inbound traffic from internet Task security group to allow inbound traffic from the ALB’s security group Task Security GroupALB Security Group Type Port Source HTTP 80 0.0.0.0/0 Inbound Rule Type Port Source Custom TCP 808 0 ALB Security Group Inbound Rule us-east-1a us-east-1a
  • 28. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Sample Application – Task Definition Amazon ECS Task Definition: Visibility { "family": "scorekeep", "cpu": "1 vCpu", "memory": "2 gb", "networkMode":"awsvpc", "taskRoleArn": "arn:aws:…", "executionRoleArn”: “arn:…” "requiresCompatibilities": [ "FARGATE" ], "containerDefinitions": [ { "name": "scorekeep-frontend", "image":“xxx.dkr.ecr…frontend", "cpu": 256, "memoryReservation": 512, "portMappings" : [ { "containerPort": 8080 } ], "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-group": "scorekeep", "awslogs-region": "us-east-1", "awslogs-stream-prefix": "scorekeep/frontend” } } } ]} { "name": "scorekeep-api", "image":“xxx.dkr.ecr…api", "cpu": 768, "memoryReservation": 512, "portMappings" : [ { "containerPort": 5000 } ], "environment": […], #env var "logConfiguration": { "logDriver": "awslogs", "options": { “awslogs-group": "scorekeep", "awslogs-region": "us-east-1", "awslogs-stream-prefix": "scorekeep/api” } } },
  • 29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Frontend Server Container Angular + Nginx API Server Container Java Port 8080 Port 5000 Internet Sample Application - Architecture
  • 30. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T AWS Services for Containerized Microservices Storage & Database Amazon DynamoDB Amazon ElastiCache Amazon Relational Database Service (Amazon RDS) Amazon Simple Storage Service (Amazon S3) Logging & Monitoring Amazon CloudWatch AWS CloudTrail AWS X-Ray Application Integration Amazon MQ Amazon Simple Notification Service (Amazon SNS) Amazon Simple Queue Service (Amazon SQS) AWS Step Functions Developer Tools AWS CodeBuild AWS CodePipeline AWS Cloud9 Networking & API Proxy Amazon API Gateway Elastic Load Balancing Amazon Route 53 Compute Amazon EKS Amazon ECS Amazon ECR Fargate AWS Elastic Beanstalk
  • 31. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T
  • 32. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Investor protection Market integrity FINRA MISSION
  • 33. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T brokers 12 634,000 markets/ exchanges firms 3,800 VOLUME
  • 34. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T FINRA maintains 150+ applications running in AWS FINRA processes up to 135 billion market events per day FINRA processes and analyzes trillions of nodes and edges FINRA manages approximately 30 Petabytes of storage FINRA runs up to 50,000 compute nodes per day BIG DATA
  • 35. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Agility ON-PREMISE AWS EC2-ELB Infrastructure costs Monthly release cycles Dependency management Scalability Parity Many microservicesHigh costs Slow build time Slow deployment time (puppet) Parity PROBLEMS
  • 36. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Easily portable Faster Simple and lightweight Cost efficient Productivity FIVE MAIN BENEFITS CONTAINERS TO THE RESCUE
  • 37. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T CONTAINER MANAGEMENT
  • 38. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Simple and Easy to use Integration with AWS Services Low learning curve No fine grained container placement strategies Cluster scaling overheads Periodic AMI update overheads PROS CONS USE CASES Standalone Tasks Batch Jobs Web Applications – UI, API, Microservices ECS
  • 39. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Serverless No Cluster Scaling overheads No AMI updates No Encrypted Storage No EFS integration ENI per task, capped by account level ENI limits PROS CONS USE CASES FARGATE Web Applications – UI, API, Microservices Standalone tasks and Batch Jobs Stateless Applications (or managing states externally using s3/RDS/DynamoDB)
  • 40. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Provides more flexibility Large Open Source Ecosystem Higher learning curve More engineering effort Cluster Management Complexity PROS CONS USE CASES Hybrid Applications Big Data processing Platform Applications EKS
  • 41. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Simple and easy to use Good fit for majority of FINRA use cases [Web Application, MicroServices, Standalone tasks and Batch Jobs] Easy migration from EC2-ELB to ECS-ALB Cluster per business domain SOLUTION CHOSEN
  • 42. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Many apps Automation Desired architecture Security and compliance Best practices Rollout SIX MIGRATION CHALLENGES
  • 43. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T DESIRED ARCHITECTURE /app1 /myapp.finra.org/app3/app2 path-based routing host-based routing Springboot Microservice Service Task Identity Gateway Springboot Splunk Sidecar Angular App Service Task Identity Gateway NodeJS Splunk Sidecar ECS EC2 instance contents EC2 instance contents EC2 instance contents Daemon Collectd daemon Host metrics Daemon Collectd daemon Host metrics Daemon Collectd daemon Host metrics Monolithic App Service Task Identity Gateway Tomcat Splunk Sidecar 443/8443 listener Application Load Balancing (ALB) Amazon EC2 Container Registry (ECR) pull images Availability Zone #1 Availability Zone #2
  • 44. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T FINRA ECS Optimized AMI on ECS Cluster CIS Security Specification for Docker Security scanning of Containers (Cloud Passage Halo agent) AMI Amazon ECS Optimized AMI FINRA ECS Optimized AMI
  • 45. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Amazon Linux FINRA Base Linux FINRA IMAGES Reusable, compliant FINRA Base Images App images focus on packaging code and configuration My Tomcat Apps MY APPLICATION IMAGES My Springboot Apps My Angular Apps DOCKER IMAGES Java Nodejs Apache Splunk Tomcat Identity Gateway
  • 46. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Provision AWS Tools and Libraries CloudFormation ECS CLI AWS SDK Best Practices FINRA Tools and Libraries DNS APIsSecrets ManagementStandards Compliance Security Defaults ECS Stack Amazon Elastic Container Service Auto Scaling ALB Stack Load Balancer Secure Listeners Default Target Groups ECR Repos Service Stack Task Definition Routing Rules Service Target Groups INFRASTRUCTURE AUTOMATION
  • 47. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T ECS Cluster Pipeline Source Repository Build and Archive Infrastructure code S3 Dev Provision ECS Cluster QA Provision ECS Cluster Prod Provision ECS Cluster ALB Pipeline Source Repository Build and Archive Infrastructure code S3 Dev Provision ECS Cluster QA Provision ECS Cluster Prod Provision ECS Cluster App/Service Pipeline Source Repository Build App Code S3 Dev Provision Artifactory Build App Docker Image ECR ECR Service Stack QA ProvisionECR Service Stack Prod ECR Service Stack Build & Tag Docker Containers Once Push & Deploy Containers to any account multiple times DELIVERY PIPELINE
  • 48. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T 100+ clusters 200+ EC2s 500+ active tasks 300+ services PRODUCTION METRICS
  • 49. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Blue Green Deployment • ALB DNS switch • Target Group switch Zero Downtime Deployment • Rolling Update ECS DEPLOYMENT STRATEGIES
  • 50. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Right size Cluster and Services Spread tasks • Availability zones - Placement Strategy • Instances - Placement Constraints Logging and monitoring BEST PRACTICES
  • 51. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Serverless Adoption with Fargate EKS Adoption for Big Data Processing Open Source Provision tool (Q4 2019) FUTURE
  • 52. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T http://technology.finra.org/opensource.html Temporary access to EC2/RDS Gatekeeper Secrets management in AWS Fidelius Create resources in AWS Provision Temporary token for AWS CloudPass Security group manager Portus GO API to Upload RPM to Yum yum-nginx-api Monitor AWS service limits Aphelion AVAILABLE COMING SOON FINRA OPEN SOURCE
  • 53. Thank you! © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Harsha Nippani nippanih@amazon.com Latha Nagaraj Latha.NagarajSai@finra.org