Automate-it-logo
Comenzar

Send an agregated security report from AWS Security Hub

blog image

Problem statement AWS Security Hub is an excellent service that collects and aggregates security findings from many AWS services (e.g. Amazon GuardDuty, Amazon Inspector, Patch Manager, AWS Config, Amazon Macie, etc.) and different third-party tools. It works with multi-account environments and provides informative dashboards in AWS Web Console, but some security standards require continuous monitoring […]

Overview of third-party addons for EKS (Datree, GuardDuty EKS Runtime Monitoring)

Automat-it branded element design

This is the third post where we continue the discovery of EKS add-ons. The first one was about Kubecost, Dynatrace, and Istio. The second one was about Teleport. In this one, we will take a look at Datree. Datree secures your Kubernetes by blocking the deployment of misconfigured resources. Amazon GuardDuty EKS Runtime Monitoring will […]

Overview of third-party addons for EKS (Teleport)

In the previous post we checked several EKS addons (Kubecost, Dynarace and Istio), but we still have others. In this post we will look at Teleport. Teleport is an identity-aware, multi-protocol access proxy which understands SSH, HTTPS, RDP, Kubernetes API, MySQL, MongoDB and PostgreSQL wire protocols. Add-on installation Teleport can be installed into your EKS […]

Overview of third-party addons for EKS (Teleport)

blog image

In the previous post we checked several EKS addons (Kubecost, Dynarace and Istio), but we still have others. In this post we will look at Teleport. Teleport is an identity-aware, multi-protocol access proxy which understands SSH, HTTPS, RDP, Kubernetes API, MySQL, MongoDB and PostgreSQL wire protocols. Add-on installation Teleport can be installed into your EKS […]

Overview of third-party addons for EKS (Kubecost, Dynarace, Istio)

Automat-it branded element design

AWS introduced EKS addons in the EKS v1.20. Just a few add-ons appeared back then, e.g. VPC CNI plugin, CoreDNS, and Kube-proxy. All Amazon EKS add-ons include the latest security patches, bug fixes, and are validated by AWS to work with Amazon EKS. Amazon EKS add-ons allow you to consistently ensure that your Amazon EKS […]

Egress traffic inspection using Palo Alto VM-series firewall in multi-account AWS environment

Problem statement Centralized network security may be challenging but absolutely required by some companies. Auditors might need evidence, that network traffic undergoes an inspection, and the tool/appliance that fulfills this function is strictly isolated and protected. We can achieve this by placing the tool in the dedicated AWS account, according to the best security practices. […]

Optimizing CI/CD process for machine learning application in Kubernetes

Problem statement Sometimes companies are so focused on product development and feature release, which may result in flaws in security, velocity, and cost-optimization (especially for startups). Automat-it as a company of DevOps experts not only implements customer requests, we also analyze environments and prepare recommendations regarding possible improvements. One of our customers had a Docker […]

Using Epsagon for tracing and monitoring in AWS

Problem statement A modern microservices architecture allows a large application to be separated into smaller independent parts, with each part having its functionality and responsibility. To serve a single user request, a microservices-based application can call on many internal microservices to compose its response. The advantage here is that different teams/developers can work on their […]

Custom Kubernetes scheduler with EKS and Step Functions for machine learning workloads.

headline image

Problem statement Sometimes companies have complicated business logic that requires a custom scheduler or autoscaler in a Kubernetes cluster. The initial machine learning application design included 3 pods: web application (platform), pre-processing pod (preliminary data preparation), and processing pod with ML application. The main problem here was that the solution was NOT scalable and cost-effective. […]