CIS Hardened Image Level 1 on EKS-Optimized Amazon Linux 2

We are migrating our services into container services. We build websites and all of our products' backends are based on Amazon EKS.

The simplicity and management portal make it a neat solution. You don't have to fiddle around with too many open source tools, as it's just a comprehensive solution.

We use the pipeline, which is critical for us to deploy automatically. This eliminates manual intervention, which is really helpful.

We initially had some issues getting the logging out of it, because what they're providing into CloudTrail is what we get. If we wanted to go in-depth, we had to deploy third-party tools. We did try the sidecar way of getting the logs. Ideally, if the platform was able to provide those kinds of valuable logs, that would be beneficial. Adding enhanced logging capabilities would be a nice improvement.

We have been using the solution for three plus years.

Time to value is good with fast deployment and very good documentation that is really helpful.

I don't personally deal with the costing part, but I think it's a fair amount. That's the only reason we're using it continuously, as otherwise we would have moved somewhere else.

The implementation was done in-house.

On a scale of 1-10, I rate this solution a 9.

Public Cloud

Amazon Web Services (AWS)

The use cases for the product involve provisioning of infrastructure and auto provisioning of infrastructure.

I have managed on-premise deployments in my use case with a Helm chart.

The biggest advantages of Amazon EKS  include load balancing, auto scalability, and platform integration.

The solution includes automated node provisioning features.

The integration with AWS  services involves platform services only.

We usually get deployed and only need to tweak the source code; however, I think the monitoring part and observability part could be improved.

I have been selling it for almost two years.

The scalability of Amazon EKS  deserves a perfect rating of ten.

The technical support from Amazon deserves a rating of ten.

Positive

I would rate the ease of installing Amazon EKS in the middle area, giving it a five.

I have moved to pre-sales activity now.

I am selling Kubernetes  Engine from Amazon.

I can rate Amazon EKS as nine because I just need to see some improvement.

I want to be a reference for Amazon.

The overall rating for Amazon EKS is 9 out of 10.

Public Cloud

Amazon Web Services  (AWS)

Our typical use case for Amazon EKS  is that we have a number of applications and microservices that we host in EKS. We have a separate code base for the infrastructure platform, and the microservice team and the application team will be deploying their microservices on their own. We have configured it in a way that it could be easily accessible for developers as well as the platform engineers; we just platformize things. Earlier, I was using ECS, and the reason we use Amazon EKS  is for better adaptation of Kubernetes , fitting our multi-tenant model.

The best features of Amazon EKS are that it is very plain by itself, but we use a number of optimizations, such as Carpenter for scaling and node auto-scaling, and Keda for application and microservices auto-scaling, as an event-based auto-scaler. Additionally, we use Portainer  less, and for configuration, we utilize Cert Manager and Istio . It's not only Amazon EKS but a combination of various components within it.

By default, if you just install Amazon EKS, you can deploy your application, but to have it enterprise-ready, you have to configure a number of other things that will boost productivity.

Amazon EKS's deep integration with AWS  services, such as IAM  and elastic load balancing, has created some challenges. For example, we have something in place already, and there are some issues with enabling FIPS, which is FedRAMP compliant for the load balancers. You cannot change the SSL policy for the load balancer; I am not sure if it has been patched by AWS  yet. However, apart from that, we use it effectively, and it is more flexible.

Regarding built-in observability in Amazon EKS, there is CloudWatch and CloudTrail . However, you cannot profile the applications; we can collect logs in S3 , but there is no streaming solution available. Only CloudWatch exists, so we use other tools for observability and do not depend solely on CloudWatch, only relying on it for crucial workloads and infrastructure logs.

Amazon EKS can be improved by having the maintenance of Kubernetes  versions managed better, as everything is handled by the Kubernetes team and possibly a separate team at AWS. We have to constantly maintain upgrades and ensure EKS add-ons are up-to-date, requiring us to upgrade the Kubernetes version and releases. They could provide a managed service in the backend instead of making customers handle it; we are currently doing it, but it's a regular activity we do per quarter.

I have around six years of experience with Amazon EKS.

Amazon EKS is a stable solution, as it is only available in AWS alone.

It is a scalable solution for us.

Before using Amazon EKS, I was using ECS. I switched from ECS to Amazon EKS because our product design changed. With numerous small services that you don't want to manage the backend infrastructure for, you can easily deploy and let it be with ECS; it is a more straightforward solution. However, considering cost with Amazon EKS, it may be pretty high, but it serves its purpose very effectively without management overhead.

If you are going with Amazon EKS, you must change your deployment strategy and develop applications for Kubernetes, writing deployments and pods, or stateful sets, which provides more flexibility. There are pros and cons to both solutions, and you have to evaluate which will suit your use case. In our situation, we had some applications in ECS as in Amazon EKS, and that was an architectural decision discussed internally within teams.

The initial setup with Amazon EKS was hard initially, but being accustomed to it now, it's not that difficult; it's relatively easy.

We have seen ROI with Amazon EKS; we have a separate team actively working on it. We have cost explorer available, and a bill forecast based on usage allows us to determine whether resources are underutilized or overutilized. You can generate reports and analyze them. I have done this for ECS, but for Amazon EKS, I haven't worked on cost savings directly, as there is a separate team responsible for that.

My experience with pricing for Amazon EKS is limited as there's a separate team for that, and I do not have much knowledge of specifics. However, the pricing is based on the instance type we use in the EKS node group, so it should cover that aspect; their pricing is generally easy to understand in terms of instances.

We are using a cloud deployment model. On a scale of one to ten, I rate Amazon EKS an eight.

Public Cloud

Amazon Web Services (AWS)

My main use cases for Amazon EKS  are securing the clusters and providing mesh gateways between the clusters.

The features that I find useful in Amazon EKS  are Istio , Webhooks, service accounts, and ReplicaSets with different service accounts and accounts that we work with.

The main benefits that I received from using Amazon EKS are that it is a managed cluster and offers simplicity.

I am not the right person to ask what could be improved in Amazon EKS to make this tool better for the next release. A continuation of the managed pieces would be beneficial because there is no integration of clusters. They are all separate with no real managed cluster type of capability.

I have been working with Amazon EKS for about 3 and 1/2 to 4 years.

The initial setup for Amazon EKS is not straightforward. Kubernetes  is not an easy technology because there are many technologies in the cluster. You need to understand infrastructure code to deploy it and understand all of the requirements alongside it. You cannot simply request deployment of EKS clusters as it does not work that way.

I would rate the setup for Amazon EKS as a three because I need to have other technologies and other tool sets to make it work. I cannot just go through Amazon's console and request a three-node cluster deployment because that does not work.

Regarding stability, Amazon EKS is stable. Once it is up, it works. I would rate it as a nine.

For scalability, Amazon EKS is scalable. I would rate it as a nine.

I have never contacted customer support for any issues on Amazon EKS.

Neutral

The solutions I evaluated before working with Amazon EKS include Grafana , Prometheus, K9s, Istio , and Consul.

The main benefits in Amazon EKS compared to those tools are that it is a different tool set completely, and they provide better visibility and connectivity.

The initial setup for Amazon EKS is not straightforward. Kubernetes  is not an easy technology because there are many technologies in the cluster. You need to understand infrastructure code to deploy it and understand all of the requirements alongside it. You cannot simply request deployment of EKS clusters as it does not work that way.

I would rate the setup for Amazon EKS as a three because I need to have other technologies and other tool sets to make it work. I cannot just go through Amazon's console and request a three-node cluster deployment because that does not work.

I suggest understanding the entire form before understanding Kubernetes. I would rate Amazon EKS as a seven out of ten because Kubernetes across all CSPs is complicated. I do not think it is an easy technology to give it anything more than a seven.

Public Cloud

Amazon Web Services  (AWS )

I use Amazon EKS  to provide the computing power for my applications. We have over thirty clusters in Amazon EKS . Our team uses Amazon EKS to deploy new applications using Helm and to manage our infrastructure. We use Amazon EKS to scale and deploy more applications using different namespaces. Amazon EKS services help us provide clusters where we deploy APIs, services, cron jobs, and other applications to support our services.

The features I find most valuable in Amazon EKS include the VPC CNI, which provides networking inside the cluster, and the EBS CSI  driver, which is an example of the add-ons used with Amazon EKS. Kube-proxy for DNS is also a valuable feature. The features we use for managing container applications, like scheduling and scaling, simplify our use of Amazon EKS.

I would like to see improvements in the management capabilities that are native to AWS  for Amazon EKS. Our current use involves using a different tool to administer the management, and I believe enhancing this aspect would be beneficial.

I have been using Amazon EKS for four or five years, mostly in financial services.

During the initial setup, I needed to learn about Docker , networking, and microservices, which was a challenge as I didn't have a background in microservices. My first application took three months to deploy, but now, with automation and CI/CD, we can deploy cycles of twenty applications swiftly. Initially, two people were required to deploy Amazon EKS.

Amazon EKS is very stable, and when properly configured, I rate it ten out of ten. In my notes, it's a nine. I did experience some challenges with network stability but was able to resolve them with AWS  technical support.

We use the Horizontal Pod Autoscaler (HPA) to provide elasticity to our applications. This allows us to scale our applications or APIs as needed, offering reliability through the automation of scaling processes. I rate the scalability as higher than eight.

Technical support from AWS for Amazon EKS is excellent. I rate it eight out of ten. Recently, we faced a network issue, and AWS technical support provided guidance to resolve the problem successfully. Their support was crucial for directing our efforts and solving our IP-related issues.

Positive

My first experience with Amazon EKS was difficult, and I would rate the initial setup as two because it was challenging without prior experience in microservices. However, after the initial setup, my perception improved, and I now rate it as five or six.

Two people were necessary to deploy my Amazon EKS.

We are making a significant effort to transform our usage of Amazon EKS, which was previously rated as eight or nine in terms of cost. Now, it stands at six or seven due to optimizing our workload.

Overall, I rate Amazon EKS as a nine out of ten. It's a very stable and reliable product.

Amazon Web Services (AWS)