Blog Posts

With this release, Amazon ECS integrates with AWS Private CA and automates the process of issuing, distributing, and rotating certificates, making it simple for customers to secure traffic between services without adding extra operational workload. Now Amazon ECS Service Connect customers can encrypt service-to-service communication using TLS without modifying their application code, as well as without requiring any extra network infrastructure or operating service mesh solutions. You can enable traffic encryption when at a per-Service Connect enabled service level within an existing namespace. First, you choose an existing or create a new AWS Private Certificate Authority, and then select it in the AWS Console, or provide its Amazon Resource Name (ARN) via CLI, to be used with your Amazon ECS Service Connect namespace. This CA is used for signing your certificates and will also be used as the root of trust. By default, Amazon ECS uses AWS managed symmetric encryption key to store the private key into customer’s secret manager. Optionally, you can provide your own symmetric keys for compliance reasons.

Hi! I’m Jeramiah Dooley, and I manage the team of Developer Advocates that support ECS, App Mesh, Service Connect and the rest of the components and tools that are used to deploy containerized applications.

Well, well, well. Look what we have here.

You have no idea how pleased I am to present to the world the newest resources for AWS Builders using Amazon Elastic Container services. We talk a lot about the mind-numbing size and popularity of ECS, including: