Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
Prochain SlideShare
What to Upload to SlideShare
What to Upload to SlideShare
Chargement dans…3
×
1 sur 14

Amazon Web Services - Running Containers with ECS

1

Partager

Télécharger pour lire hors ligne

Amazon ECS is a highly scalable, high-performance container service that supports Docker containers and allows you to easily run and scale containerized applications on AWS. Amazon ECS eliminates the need for you to install and operate your own container software, manage and scale a cluster of virtual machines, or schedule containers on those virtual machines. Want to learn more? https://eagledream.com/cloud/

Amazon Web Services - Running Containers with ECS

  1. 1. Amazon Web Services – Running Containers with ECS Scott Weber – Director, Cloud Solutions at EagleDream Technologies
  2. 2. 2 DREAM BUILD SOAR Confidential | eagledream.com SECURITY CLOUD DEVELOPMENT WEB DESIGN COMPLIANCE COMMUNICATIONS
  3. 3. 3 • Compute Options in AWS • Why Containers? • Amazon EC2 Container Service • Architecture • Security • Scaling Clusters • Deploying Containers Agenda Confidential | eagledream.com
  4. 4. 4 Compute Options in AWS Confidential | eagledream.com Amazon EC2 Amazon ECS AWS Lambda • Traditional VMs • Provision on the fly • Autoscaling • Pay per second of run time • IaaS • Docker Containers • Micro Services • AWS Specific Scheduler • Runs on top of EC2 • Scalable • PaaS • Nano Services • Pay for the duration of execution • FaaS • Fully AWS Managed
  5. 5. 5 Why Containers Confidential | eagledream.com • Next evolution in virtualization • Domain Driven services/Micro services • Complete packaging of running artifact – Stops the problem of “Well, it ran fine on the developer’s laptop” • Strong isolation of container to container • Infrastructure becomes a platform • Enables, “You built it, you run it”
  6. 6. 6 Amazon EC2 Container Service Confidential | eagledream.com Amazon EC2 Container Service (ECS) is a highly scalable, high performance container management service that supports Docker containers and allows you to easily run applications on a managed cluster of Amazon EC2 instances. Amazon ECS eliminates the need for you to install, operate, and scale your own cluster management infrastructure. With simple API calls, you can launch and stop Docker- enabled applications, query the complete state of your cluster, and access many familiar features like security groups, Elastic Load Balancing, EBS volumes, and IAM roles. Source: https://aws.amazon.com/ecs/
  7. 7. 7 Why ECS vs. Other Schedulers Confidential | eagledream.com • Designed for AWS by AWS • Very low technical barrier to use • Integrated with other AWS services • Hard problems are solved • Its free!
  8. 8. 8 ECS Architecture Confidential | eagledream.com Source: AWS Amazon ECR Amazon RDS Application Load Balancer ECS Cluster ECS Cluster IAM Amazon API Gateway* Amazon Route 53 Amazon CloudWatch
  9. 9. 9 Securing ECS – Security Groups Confidential | eagledream.com • Security Groups – Software defined firewalls around objects in AWS – Define inbound and outbound traffic at the port and protocol level – Security groups can reference each other – Used to define application communication patterns Amazon RDS Application Load Balancer EC2 Instance EC2 Instance
  10. 10. 10 Securing ECS – IAM Roles Confidential | eagledream.com • IAM Roles – Define access to other AWS services via policies – Each Task has its own Role – Token based and tokens are constantly changed – No more shared accounts and password changes – Implementation is fully scriptable EC2 InstanceEC2 Instance Amazon DynamoDB Amazon S3 IAM Task 1 Task 2
  11. 11. 11 Securing ECS – Managing Secrets Confidential | eagledream.com • Simple Systems Manager (SSM) Parameter Store – Leverage KMS for encryption at rest – Access controlled via IAM Roles – Separate configuration from code – Store all configuration data not just secrets – Poll for changes and dynamically change the running containers • Declare a Key • Set a parameter – Example: prod.app1.db-pass – Example: general.license-code • Setup IAM Role • Associate Role to Task/Container • Have application request the parameter https://aws.amazon.com/blogs/compute/managing-secrets-for-amazon-ecs-applications-using-parameter- store-and-iam-roles-for-tasks/ Steps:
  12. 12. 12 Scaling Clusters Confidential | eagledream.com • Must scale in 2 vectors – Dynamically alter Tasks as load changes – Dynamically alter EC2 servers as load changes • AWS natively supports scaling up both Tasks and EC2 • AWS natively supports scaling down Tasks • Scale down of EC2 is a non-trivial problem – Autoscaling will randomly choose an EC2 instance to scale down – Must interrupt the process and force the re-distribution of the running containers – AWS published solution is published on GitHub
  13. 13. 13 Code Deployment Confidential | eagledream.com Source: https://aws.amazon.com/blogs/compute/continuous-deployment-to-amazon-ecs-using-aws-codepipeline-aws- codebuild-amazon-ecr-and-aws-cloudformation/
  14. 14. 14 Primary Contact(s): Jon Providence VP of Enterprise Business Services Phone: 585-943-0084 Email: Jon.Providence@eagledream.com Contact Info Contact Us 1.888.4EAGLEDREAM info@eagledream.com Eagledream.com Headquarters | Rochester, NY 300 Trolley Blvd Rochester, NY 14606 New England | Boston, MA 300 Baker Avenue, Suite 300 Concord, MA 01742 We look forward to being your AWS Partner. EagleDream.com Confidential | eagledream.com

×