Deny privileged container mode in Amazon ECS with CloudFormation Guard policy as code
About
Amazon Elastic Container Service (ECS) is a container orchestrator that launches and manages container deployments on your behalf.
CloudFormation Guard is an open-source, general-purpose, policy-as-code evaluation tool. It helps you define policies that you can use to enforce best practice standards in your infrastructure as code.
Restrict the ability to launch ECS tasks in privileged mode, using policy as code.
Enforce non-blocking mode for awslogs logging driver, with CloudFormation Guard policy as code
About
CloudFormation Guard is a policy as code tool. It evaluates rules which enforce that your infrastructure as code adheres to your organization’s desired policies.
Ensure that applications stay online, with limited log loss, by using CloudFormation Guard policy as code to enforce non-blocking logging mode.
NGINX reverse proxy sidecar for a web container hosted with Amazon ECS and AWS Fargate
About
NGINX is a high performance HTTP server and reverse proxy which has achieved significant adoption because of its asynchronous event driven architecture which allows it to serve thousands of concurrent requests with very low memory footprint.
How to run a sidecar NGINX reverse proxy to offload static file serving and protect your dynamic application code from bad traffic.
Build, tag, and release a container image to production with Amazon ECS
Background
Container images package up your application into a single release artifact that can be deployed onto compute of your choice. But real applications have versions and a release cycle that must be tied into your orchestrator of choice. In this pattern you will learn the best practices for releasing new container images, versioning them, and defining them inside of Amazon ECS.
Best practices for building, tagging, and releasing a container image using task definition revisions for Amazon ECS.
Amazon API Gateway ingress for AWS Fargate
About
AWS Fargate provides serverless capacity to run your container images. Amazon Elastic Container Service launches and orchestrates containers that run in Fargate.
AWS Cloud Map is a cloud resource discovery service. Cloud Map provides a way to lookup a list of your dynamically changing resources, such as containers.
CloudFormation templates to setup an AWS Fargate task with serverless API Gateway ingress
Service Discovery for AWS Fargate tasks with AWS Cloud Map
About
Service discovery is a technique for getting traffic from one container to another using a direct peer to peer connection, instead of routing traffic through an intermediary like a load balancer. Service discovery is suitable for a variety of use cases: