AWS
Benefits of using Amazon Linux Container Image
Recently I started to use Amazon Linux Container Image for all my development and production workloads. And I really love it.
It is very easy to get started with containers. Development, testing and release becomes very easy. Except one thing, Security.
In this post, I am sharing my experience with Amazon Linux container Image. You can read more about Amazon Linux 2 and its benefits here.
Also you can get more technical details in this video: Amazon Linux 2 Deep Dive – AWS Service Ready Program – YouTube
Below are the main benefits I like,
- AWS provides support for Amazon Linux 2
- Amazon Linux 2 is optimized for AWS Cloud Native workloads
- The Kernel is already tuned for performance
- AWS takes care of patching security issues and releasing latest versions
- AWS provides examples to install major programming languages in Amazon Linux 2 containers (you can refer running the as containerized lambda)
- AWS Provides curated list of additional stable software – as amazon-linux-extras
- No additional charge
Experience with Python:
I love Python. In fact, I am a huge proponent of using Python instead of Shell scripts in the SRE world.
Since I work with micro services and multiple projects, sometimes I noticed issues when dealing with multiple python versions and installing packages in a global location. So during development, I prefer to use Virtual Environments.
- I used python-slim as base container – which has lot of security issues.
- Installing virtual environment brings additional tools which increases the security exposure.
- I tried to use Python full as a base builder image and copy the build results to Python Slim. But I need to activate Virtual Env during runtime – little challenging.
- I faced some error when installing virtual env in alpine – and stopped going into that rabbit hole
So, I started to use the Amazon Linux base image and at least this guarantees the base image is secure. Amazon takes care of patching the security issues. Any other security issues that are introduced by my service or its dependencies can be addressed relatively easy.
Still, I am not installing virtualenv in my containers to reduce the security exposure. Though I hate my current workflow, I am breathing peacefully because my containers are secure in production, and my workflow looks like this now,
- Use VirtualEnv during development, so that I can get the full benefits of VSCode IDE
- Pipfile is used to manage dependencies
- For packaging production containers,
- requirements.txt is used to manage dependencies
Experience with Java:
instead of using OpenJDK, AdaptJDK or any other JDK images, and worrying about licensing, I found it easier to get started with Amazon Corretto on Amaon Linux.
Installing Amazon Corretto is pretty simple, just follow this doc.
As of now, I am not happy with installing amazon-linux-extras in my container, which adds additional 100mb. Also “amazon-linux-extras” uses Python 2. I have to figure out a way to skip this step.
Other Options
Amazon Linux 2 is available as,
- Amazon Machine Image (AMI)
- Virtual machine image for
- Virtual Machine (KVM)
- Oracle VM VirtualBox
- Microsoft Hyper-V
- VMware ESXi.
So you can get more benefits by adopting it for most of your use cases.
-
AWS3 years ago
How to install NodeJS in Amazon Linux 2
-
Infrastructure3 years agoHow to test CPU, Memory and File System Performance using Sysbench
-
AWS3 years ago
How to install .Net 6 in Amazon Linux 2
-
Uncategorized3 years ago
How to install Docker in Amazon Linux 2?
-
Infrastructure3 years ago
How to get Linux OS Information using uname command
-
Infrastructure3 years ago
How to reproduce CVE-2021-44228 (Log4J vulnerability), patch it, and validate the fix
-
Uncategorized2 years agoEverything, Everywhere, All At Once
-
Linux3 years ago
How to install git in Amazon Linux 2