[SAA + SAP] 06. Containers on AWS: ECS, Fargate, ECR & EKS
2023-09-14 08:59:12 时间
SAA
Overview
For each container, there is ECS Agent attached to it. ECS Agent talk to ECS Service, ECR to pull image and send log to CloudWatch.
There are two types of IAM roles:
- For EC2 instance, ECS Agent
- For Task defintion
For each Task, will attach ENI to bind network IP.
ECS Services & Tasks, Load Balancing
- In a Cluster, you can have multi services
- In a Service, you can run multi Tasks
- You can attach Application Load Balacner
- If you have Multi containers running in one Task
- You can using Dynamic Port mapping, (give 0 in Port input), it randomlly assign port
- ALB will connect to each ports
- EC2 instance SG should allow ANY PORT from the ALB security Group (because port are dynamic)
- ECS tasks can be invoked automaticlly by EventBridge or CloudWatch Event
ECS Scaling
- There are two types of scalings
- Auto scaling group to add new Task to handle increase traffic
- Scaling SEC Capacity Proivders to upgrade EC2 instance, in order to Launch more Tasks in EC2 instances
SAP
ECS - Security & Networking
- IAM Security
- EC2 instance Role must have basic ECS permissions
- ECS Task level should have an IAM Task Role (maximum security)
- Secrets and Configuration injection into parameters, environmnet variables
- Integration with SSM Parameter Store & Secret Manager
- Task Networking
- none: no network connectivity, no port mapping
- bridge: uses Docker's virtual container-based network
- host: bypass Docker's netowkr, uses the underlying host netowrk interface
- awsvpc:
- Every tasks launched on instance gets its own ENI and private IP address
- Simplified networking, enhanced security, security groups, monitoring, VPC flow logs
- Default mode for Fargate
相关文章
- SAP UI5 sap.ui.core.Element 的概要介绍
- aws s3 java SDK使用[通俗易懂]
- SAP UI5 sap.ui.Device.media 公有方法介绍
- Matano:一款针对AWS的开源安全湖平台
- AWS WAF bypass
- 实战教程:在AWS上构建一个情感分析「机器人」
- MySQL Error number: MY-011428; Symbol: ER_KEYRING_AWS_INIT_FAILURE; SQLSTATE: HY000 报错 故障修复 远程处理
- Oracle 视图 DBA_AWS 官方解释,作用,如何使用详细说明
- Oracle购买SAP: 开启新数据时代(oracle收购sap)
- 深入比较:SAP vs Oracle(sap和oracle)
- 比较:Oracle与SAP的对比(oracle和sap)
- AWS、Azure 客户证实 Intel 漏洞导致服务器变慢
- 年收入540亿美元,AWS带来8字『中国战略』
- azure sql比较分析AWS MySQL 与 Azure SQL的区别(aws mysql 还是)
- 云服务器上MySQL的迁移AWS解决之道(aws mysql 迁移)
- AWS MySQL服务价格深度剖析(aws mysql 价格)
- 利用AWS拉取MySQL日志,轻松掌控数据安全(aws拉取mysql日志)
- 展望未来Oracle与SAP的合作结盟前景(oracle、sap)