Amazon Managed Service for Prometheus is a serverless Prometheus-compatible service that is highly resilient and scales automatically to changing storage or performance needs. It is well integrated with AWS’s container ecosystem. For our use case, we need a workspace that offers dedicated storage and querying capability for Prometheus metrics. At the time of writing, there […]
Benefits of observability – Enabling the Observability of Your Workloads
There are multiple benefits that teams get when they make their systems observable: typically spend on filling up a particular form? How many clicks does it take for a user to order an item on my website? How many users are passing wrong parameters to my APIs, and so on? Having established a foundational understanding […]
Exposing long-running tasks with ECS – Running Containers in AWS
Often, you will want to have long-running versions of your tasks. This is a common use case for web applications. ECS has a scheduler component that monitors your running tasks and reschedules them automatically when they fail. ECS also allows you to configure placement strategies and constraints if you like to customize how the scheduler […]
Software Composition Analysis – Implementing DevSecOps with AWS
A lot of modern applications these days are composed of open source code, and this is a big challenge for organizations. They need to scan all these dependencies, along with their code, to effectively manage risk. Software Composition Analysis (SCA) can track all software licenses and dependencies that have reported vulnerabilities and potential exploits. Additionally, […]
Application components – Running Containers in AWS
This is supposed to bea long-running application that will primarily consist of two containers – a web application and a database. We can define them in their respective container definitions, which can then both be mapped to a single task definition. ECS offers the service construct to manage such long-running applications, so we will use […]
Overview of the target architecture – Enabling the Observability of Your Workloads
Before we dive into the code-level changes, let’s get a visual understanding of the components we plan to add around our test application stack, and how they communicate with each other. We will focus on capabilities that help us monitor the application logs and metrics on tools of our choice. We will extend our existing […]
Improved security awareness of team members – Implementing DevSecOps with AWS
Developers and operation team members often find themselves in situations where they could easily adopt an existing open source tool or third-party library to implement functionality. While it is always a good practice to approach these decisions with a build versus buy mindset and not reinvent the wheel, usage of such external code bases can […]
Trade-offs and challenges of security – Implementing DevSecOps with AWS
Every software team can have its own unique set of challenges to solve, be it technical or cultural. Before we dive into the specifics of DevSecOps, let’s try to understand what led to the need for an iteration of existing DevOps methodologies. Along the way, we will discuss why security can sometimes be seen as […]
Deploying the stack in an AWS account – Enabling the Observability of Your Workloads
At this point, we can deploy our CDK stack in the AWS account. Alongside core infrastructure elements such as VPCs, subnets, and gateways, it will provision the ECS cluster, which contains three containers – the application, the database, and the OpenTelemetry collector. We will also deploy an independent workspace for Amazon-managed Prometheus. Toward the end, […]
Deploying a test application on ECS – Running Containers in AWS
It’s always fun to see what we’ve learned in action. Based on what we have explored so far, let’s get our hands dirty by deploying a test application on Amazon ECS. This time, we’ll create a newapplication that you can also use and customize beyond the scope of this chapter, as per your personal preferences […]