All  | SeriesTagsYearsAuthors

 

All Posts From (73 Total) Page 1 of 13

Deny root user for Amazon ECS and AWS Fargate tasks

What and why?

Amazon Elastic Container Service (ECS) is a container orchestrator that launches and manages container deployments on your behalf. It launches applications as containerized processes. One aspect of a containerized process that you can control is the user that the process runs as.

Prevent container tasks from running as root on Amazon ECS and AWS Fargate

Mar 21, 2024 - 6 min read

Deny Linux kernel capabilities for Amazon ECS and AWS Fargate tasks

What and why?

Amazon Elastic Container Service (ECS) is a container orchestrator that launches and manages container deployments on your behalf. It configures the settings that are used when running the application container. One of those settings that can be configured is the Linux capabilities of the application container.

Use policy as code to restrict Linux kernel capabilities for a container task

Mar 18, 2024 - 3 min read

Dockerfile for a Node.js container on AWS Fargate with Amazon ECS

The following files can be used as a template to build your own Node.js application that runs as a container on AWS Fargate.

File: Dockerfile Language: Dockerfile 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

# Build stage, includings NPM and tools necessary for the build
FROM public.ecr.aws/docker/library/node:20 as build
WORKDIR /srv

# Install dependencies based on the `package.json` and `package-lock.json`
# files in the host folder
RUN --mount=type=bind,source=package.json,target=package.json \
    --mount=type=bind,source=package-lock.json,target=package-lock.json \
    --mount=type=cache,target=/root/.npm \
    npm ci --omit=dev


# Production stage, only includes what is needed for production
FROM public.ecr.aws/docker/library/node:20-slim

ENV NODE_ENV production
USER node

COPY --from=build /srv .
ADD . .

# Specify the command to run when launching the container
EXPOSE 3000
CMD node index.js

The Dockerfile defines how to build the Node.js application.

How to write a Dockerfile that runs a Node.js application

Mar 15, 2024 - 3 min read

Dual-stack IPv6 networking for Amazon ECS and AWS Fargate

Terminology

Amazon Elastic Container Service (Amazon ECS) is a serverless orchestrator that manages container deployments on your behalf. As an orchestrator it not only launches application containers for you, but also configures various connectivity aspects, including networking, load balancer attachments, and other AWS integrations.

Start rolling out IPv6 for your Fargate hosted service, while retaining IPv4 support as well.

Mar 6, 2024 - 20 min read

Amazon ECS cluster with isolated VPC and no NAT Gateway

Terminology

Amazon Elastic Container Service (ECS) is a serverless orchestrator that manages container deployments on your behalf.

Amazon Virtual Private Cloud (VPC) helps you define and launch AWS resources in a logically isolated virtual network.

Run an isolated ECS cluster with no internet access, only PrivateLink endpoints

Mar 1, 2024 - 14 min read

Network Load Balancer Ingress for Application Load Balancer fronted AWS Fargate service

Terminology

Amazon Elastic Container Service (ECS) deploys application containers on your behalf, and helps you connect them to a wide range of other AWS services.

An AWS Cloud Development Kit app showing how to load balance an AWS Fargate service with an internal ALB, while providing public ingress via NLB.

Feb 16, 2024 - 8 min read