Containerized workloads on Amazon EKS often need access to sensitive credentials. A pod running a backend service might need a database connection string. A payment processor might require API keys. A message consumer might need authentication tokens for an external queue. In each case, the workload needs a way to retrieve secrets securely at runtime … Continue reading Integrate AWS Secrets Manager with Amazon EKS using the Secrets Store CSI Driver
Category: Container
Configure EKS Pod Identity for Secure AWS Access using Terraform
Containerized workloads running on Amazon EKS frequently need to interact with other AWS services. A pod running a web application might need to read secrets from AWS Secrets Manager. A monitoring agent might push metrics to CloudWatch. An autoscaler like Karpenter needs permissions to launch and terminate EC2 instances. In each case, the pod needs … Continue reading Configure EKS Pod Identity for Secure AWS Access using Terraform
Secure EKS API Access with Authentication and Authorization Controls using Terraform
Amazon EKS hosts containerized workloads, but any entity that needs to communicate with the cluster, whether to install addons, deploy applications via Helm, or check pod statuses with kubectl, must first have access to the cluster. By default, the IAM principal that creates the cluster receives implicit administrative access. However, for subsequent operations, a different … Continue reading Secure EKS API Access with Authentication and Authorization Controls using Terraform
Deploy Karpenter and Metrics Server on Amazon EKS using Terraform and Helm
Amazon EKS manages the control plane, but managing the data plane, the EC2 instances on which pods run, is the customer's responsibility. To provision data plane capacity, you create managed node groups backed by Auto Scaling Groups (ASGs), with a launch template that locks in instance types, capacity type (on-demand or spot), and scaling limits. … Continue reading Deploy Karpenter and Metrics Server on Amazon EKS using Terraform and Helm
Deploy AWS Load Balancer Controller with Multi-Configuration Terraform and Helm
Amazon EKS excels at running containerized workloads, but getting traffic to them requires thoughtful load-balancer architecture. The AWS Load Balancer Controller bridges this gap by automatically provisioning Application Load Balancers (ALBs) and Network Load Balancers (NLBs) based on Kubernetes resource definitions, eliminating manual infrastructure management. In this article, I'll deploy the AWS Load Balancer Controller using … Continue reading Deploy AWS Load Balancer Controller with Multi-Configuration Terraform and Helm
Provision a secure Amazon EKS cluster using Terraform and GitHub Actions
Amazon EKS is a managed Kubernetes service from AWS that closely follows the open source Kubernetes release cycle and eliminates the operational overhead of running control plane components. While cloud engineers maintain full control over worker nodes and applications, AWS handles the control plane infrastructure, scaling, and high availability — but the engineering team controls … Continue reading Provision a secure Amazon EKS cluster using Terraform and GitHub Actions
Setup cross-account Amazon Elastic Container Registry (ECR) access using Terraform and GitHub Actions
Amazon Elastic Container Registry (ECR) is a fully managed Docker container registry that allows developers to store container images securely. It does so by storing them in an ECR repository, a logical separation for storing, organizing, and versioning the Docker images inside an ECR repository. In a typical containerized application CI/CD pipeline, the Continuous Integration … Continue reading Setup cross-account Amazon Elastic Container Registry (ECR) access using Terraform and GitHub Actions
Blue-Green Deployments for Amazon ECS Fargate with CodeDeploy, Terraform, and GitHub Actions
Blue-green deployment is a software release strategy that minimizes downtime and risk by running two identical environments, "blue" and "green." At any given time, one environment (e.g., blue) is live and serving traffic, while the other (green) is idle and used for staging new updates. Once the updates are tested and validated in the green … Continue reading Blue-Green Deployments for Amazon ECS Fargate with CodeDeploy, Terraform, and GitHub Actions
Protecting Credentials and Variables in AWS Fargate Containers using AWS Secrets Manager
Credentials and sensitive variables allow access to confidential data and must be protected from unauthorized access so only permitted entities can access them. AWS Fargate is a technology that can be used with Amazon ECS to run containers. AWS Fargate is commonly used to run workloads to interact with databases or access confidential data or … Continue reading Protecting Credentials and Variables in AWS Fargate Containers using AWS Secrets Manager
Enabling Health Checks and CloudWatch Logs for AWS Fargate Tasks
In Amazon Elastic Container Service (ECS), HealthCheck is a mechanism for monitoring the health status of containerized applications running in tasks. It helps ensure that only healthy containers (with health check passing) serve traffic and unhealthy containers are replaced automatically. Configuring the ECS Managed Healthcheck is crucial for maintaining the availability, reliability, and scalability of … Continue reading Enabling Health Checks and CloudWatch Logs for AWS Fargate Tasks









