Containers

Category: Amazon EC2 Container Registry

Introducing multi-architecture container images for Amazon ECR

Containers are a de facto standard in cloud application development and deployment. Publishing software in container images provides developers an integrated packaging solution, bundling software and all required dependencies into a portable image format. This image can then be run anywhere, abstracting away the infrastructure-specific aspects of deployment. However, the promise of running anywhere only […]

Access Logging Made Easy with AWS App Mesh and Fluent Bit

NOTICE: October 04, 2024 – This post no longer reflects the best guidance for configuring a service mesh with Amazon ECS and Amazon EKS, and its examples no longer work as shown. For workloads running on Amazon ECS, please refer to newer content on Amazon ECS Service Connect, and for workloads running on Amazon EKS, […]

Game DevOps made easy with AWS Game-Server CD Pipeline

This is a guest post by Anita Buehrle of Weaveworks. The biggest challenge faced by game publishers is the ability to deliver new features to players as quickly as possible. Not only do new features have to arrive quickly and reliably, but they also need to be delivered in a way that optimizes costs and […]

Results of the 2019 AWS Container Security Survey

Security is a top priority in AWS, and in our service team we naturally focus on container security. In order to better assess where we stand, we conducted an anonymous survey in late 2019 amongst container users on AWS. Overall, we got 68 responses from a variety of roles, from ops folks and SREs to […]

Scanning images with Trivy in an AWS CodePipeline

This post was contributed by AWS Container Hero, Liz Rice, VP Open Source Engineering at Aqua Security. If you’re working with containers, it’s important to scan your images for known vulnerabilities, so that you don’t deploy code that an attacker can easily exploit. A good way of ensuring that all your deployed images get this […]

Using VPC endpoint policies to control Amazon ECR access

In January 2019, AWS announced support for AWS PrivateLink on Amazon ECR. AWS PrivateLink is a networking technology designed to keep all network traffic within the AWS network. When you enable AWS PrivateLink for Amazon ECR, VPC endpoints appear as elastic network interfaces with a private IP address inside your VPC. For more details on […]

Native Container Image Scanning in Amazon ECR

By Richard Nguyen and Michael Hausenblas Container security comprises a range of activities and tools, involving developers, security operations engineers, and infrastructure admins. One crucial part in the cloud native supply chain is to scan container images for vulnerabilities and being able to get actionable insights from it. We learned in Issue 17 of the […]

ECR PrivateLink architectural diagram

AWS PrivateLink ECR cross account Fargate deployment

AWS PrivateLink is a networking technology designed to enable access to AWS services in a highly available and scalable manner. It keeps all the network traffic within the AWS network. When you create AWS PrivateLink endpoints for Amazon Elastic Container Registry (ECR) and Amazon Elastic Container Service (ECS), these service endpoints appear as elastic network […]

Containers and infrastructure as code, like peanut butter and jelly

Infrastructure as code tools like AWS CloudFormation and HashiCorp Terraform enable teams to describe and automate provisioning of cloud infrastructure resources, including container-related resources like Amazon ECS services and Amazon EKS clusters. In this post, I cover why I believe infrastructure as code is especially important for containerized applications, how we use infrastructure as code with […]

Welcome to the AWS Containers Blog

Welcome to the AWS Containers Blog! We’re excited to start this channel to give builders a closer look under the hood of all things container-related at AWS. In the past, we’ve published on other popular blog channels at AWS such as the compute blog, the architecture blog, and open source blog. Now with the containers […]