지식창고

Shard Responsibility Model AWS는 Cloud'의' 보안에 책임이 있고, 사용자는 Cloud'안의' 보안에 책임이 있다. ECS Task IAM role IAM Role을 task 에 할당할 때, trust policy의 service에 "ecs-tasks.amazonaws.com" 설정해서 각 task가 EC2의 IAM role을 상속받지 않게 하라 When you add a task role to a task definition, the Amazon ECS container agent automatically creates a token with a unique credential ID This token and the role credentials are then added t..

VPC Lattice 는 Service Mesh 가 아니다. VPC 와 account 간 간단한 연결과 안전성 제공 Istio나 Ambient mesh 처럼 Sidecar proxy 나 eBPF 형식의 agent 가 필요하지 않다. EC2, EKS, ECS, serverless 호환 가능 Traffic & access control Features Service Discovery 같은 service network 안에서 서비스들이 통신 가능. DNS 가 client-to-service나 service-to-service traffic을 route함. Route 53 Resolver가 VPC Lattice에 traffic 전송하고, destination service 파악 Connectivity Clien..

Capacity Providers determine the infrastructure to use for your task The capacity provider strategy determines how the tasks are spread across the capacity providers allows the application to define its requirements for how it uses the capacity Fargate Fargate spot uses spare compute capacity and provides up to 70% savings compared to Fargate When AWS needs the capacity back, your tasks will be ..

service mesh that provides application-level networking to make it easy for your services to communicate with each other across multiple types of compute infrastructure standardizes how your services communicate, giving you end-to-end visibility and ensuring high-availability for your applications makes it easy to run services by providing consistent visibility and network traffic controls for s..

ECS Task networking The networking behavior of Amazon ECS tasks hosted on Amazon EC2 instances is dependent on the network mode defined in the task definition Amazon ECS recommends using the awsvpc network mode unless you have a specific need to use a different network mode awsvpc The task is allocated its own elastic network interface (ENI) and a primary private IPv4 address ENI VPC에서 가상 네트워크 카..

Amazon Managed Service for Prometheus(AMP) monitoring service for metrics compatible with the open source Prometheus project easier for you to securely monitor container environments reduces the heavy lifting required to get started with monitoring applications across EKS & ECS, as well as self-managed Kubernetes clusters. automatically scales as your monitoring needs grow. It offers highly avai..

ECS란? Fully managed container orchestration service Launch compute options Fargate serverless container compute engine AWS Regions same geographical area AWS Local Zones An extension of Region. Suited to customers who need the ability to place resources in multiple locations closer to end users AWS Wavelength Ultra-low-latency mobile edge computing. 5G apps, interactive and immersive experinces,..