Amazon EKS is a hosted Kubernetes solution that helps you run your container workloads in AWS without having to manage the Kubernetes control plane for your cluster. This is a great entry point for Kubernetes administrators who are looking to migrate to AWS services but want to continue using the tooling they are already familiar with. Often, users are choosing between Amazon EKS and Amazon ECS (which we recently covered, in addition to a full container services comparison), so in this article, we’ll take a look at some of the basics and features of EKS that make it a compelling option.
Amazon EKS 101
The main selling point of Amazon EKS is that the Kubernetes control plane is managed for you by AWS, so you don’t have to set up and run your own. When you set up a new cluster in EKS, you can specify if it’s going to be just available to the current VPC, or if it will be accessible to outside IP addresses. This flexibility highlights the two main deployment options for EKS:
Fully within an AWS VPC, with complete integration to other AWS services you run in your account while being completely isolated from the outside world.
Open and accessible, which enables hybrid-cloud, multi-cloud, or multi-account Kubernetes deployments.
Both options allow you the flexibility to use your own Kubernetes management tools, like Dashboard and kubectl, as EKS gives you the API Server Endpoint once you provision the cluster. This control plane utilizes multiple availability zones within the region you choose for redundancy.
Managed Container Showdown: EKS vs. ECS
Amazon offers two main container service options in EKS and ECS, and both are using Kubernetes under the hood. The biggest difference between the two options lies in who is doing the management of Kubernetes. WIth ECS, Amazon is running Kubernetes for you, and you just decide which tasks to run and when. Meanwhile, with EKS, you’re doing the Kubernetes management of your pods.
One consideration when considering EKS vs. ECS is networking and load balancing. Both services run EC2 servers behind the scenes, but the actual network connection is slightly different. ECS has network interfaces connected to individual tasks on each EC2 instance, while EKS has network interfaces connecting to multiple pods on each EC2 instance. Similarly, for load balancing, ECS can utilize Application Load Balancers to send traffic to a task, while EKS must use an Elastic Load Balancer to send traffic to an EC2 host (which can have a proxy via Kubernetes). Neither is necessarily better or worse, just a slight difference that may matter for your workload.
Sounds Great… How Much Does It Cost?
For each workload you run in Amazon EKS, there are two main charges that will apply. First, there’s a charge of $0.20/hr (roughly $146/month) for each EKS Control Plane you run in your AWS account. Second, you’re charged for the underlying EC2 resources that are spun up by the Kubernetes controller. This second charge is very similar to how Amazon ECS charges you, and is highly dependant on the size and amount of resources you need.
Amazon EKS Best Practices
There’s no one-size-fits-all option for Kubernetes deployments, but Amazon EKS certainly has some good things going for it. If you’re already using Kubernetes, this can be a great way to seamlessly migrate to a cloud platform without changing your working processes. Also, if you’re going to be in a hybrid-cloud or multi-cloud deployment, this can make your life a little easier. That being said, for just simple Kubernetes clusters, the price of the control plane for each cluster may be too much to pay, which makes ECS a valid alternative.
Today, we’re happy to share the latest cost control functionality in ParkMyCloud: SmartParking for Google database and AWS RDS cost optimization – as well as several other improvements and updates to help you find and eliminate cloud waste.
Automatically Detect Idle Google & AWS RDS Databases
“SmartParking” is what we call automatic on/off schedule recommendations based on utilization history. ParkMyCloud analyzes your resource utilization history and creates recommended schedules for each resource to turn them off when they are typically idle. This minimizes idle time to maximize savings on cloud resources.
Like an investment portfolio, users can choose to receive SmartParking schedules that are “conservative”, “balanced”, or “aggressive” — where conservative schedules protect all historic “on” times, while aggressive schedules prioritize maximum savings.
With this release, Google Cloud SQL Databases and AWS RDS instances have been added to the list of resources that can be optimized with SmartParking – a list that also includes AWS EC2 instances, Azure virtual machines, and Google Cloud virtual machine instances.
Why not Azure? At this time, Azure databases can’t be “turned off” in the same way that AWS and Google Cloud databases can. If Azure releases this capability in the future, we will follow with parking and SmartParking capability shortly thereafter.
What Else is New?
In this release, other updates to the ParkMyCloud platform include:
Configurable notifications – users now have the option for configurable shutdown warning notification times, from 0.25 hours to 24 hours in advance. Notifications can be received through email, Slack, Microsoft Teams, Google Hangouts, or custom webhook.
Usability updates to Single Sign-On configuration, Google Cloud Credentials add/edit screen, and filtering actions.
It’s easy to get started with Google database and RDS cost optimization! If you haven’t tried out ParkMyCloud yet, get started with a 14-day free trial. During the trial, you’ll have access to the Enterprise tier, which lets you try out all the features listed above. After your trial is over, you can choose to subscribe to the tier that works for you – or keep using our free tier for as long as you like. See pricing details for more information.
If you already use ParkMyCloud, just log in and head over to the Recommendations tab. Depending on the time-window configured for your SmartParking settings, it may take several days or weeks to accumulate enough metrics data to make good recommendations. To configure the time window for recommendations, navigate to Recommendations and select the gear icon in the upper-right, and choose SmartParking Recommendation Settings. Then, sit back while we collect and analyze your data, and your databases will be SmartParking before you know it.
Automated Cloud Cost Optimization Now Available for Public Sector Cloud Users on Amazon Web Services
February 26, 2019 (Dulles, VA) – ParkMyCloud, provider of the leading enterprise platform for continuous cost control in public cloud, announced today that it now supports AWS GovCloud (US). ParkMyCloud provides automated cost optimization through resource “rightsizing” and automated scheduling based on usage, which together can help cloud users eliminate wasted spend and reduce costs by 65%. In addition to AWS GovCloud, ParkMyCloud supports Amazon Web Services (AWS) commercial regions, Microsoft Azure, Google Cloud Platform, and Alibaba Cloud.
AWS GovCloud (US) is Amazon’s cloud region for sensitive data and regulated workloads. It is used by government customers, organizations in government-regulated industries, and other entities that meet security requirements. The region is highly secure, subject to FedRAMP baselines, operated by employees who are U.S. citizens on U.S. soil, and requires customers to pass a screening process.
ParkMyCloud for AWS GovCloud resides in a standalone ParkMyCloud SaaS deployment within AWS GovCloud. All ParkMyCloud products meet users’ security guidelines by requiring least-privilege access to cloud resources, so only the state of the resource can be accessed or managed – never the contents. Support includes both regions of AWS GovCloud: the US-West region that was launched in 2011, and the US-East region that was announced in November 2018.
“We currently use ParkMyCloud to manage our AWS commercial resources, which saves us about 45% of the cost,” said Pratap Chilukuri, Lead Enterprise Architect at an IT service management company. “We’ve been looking forward to ParkMyCloud’s AWS GovCloud support so we can achieve the same savings on our GovCloud resources.”
“AWS GovCloud customers have not had a lot of available options for automated cloud cost control and governance,” said ParkMyCloud CEO Jay Chapel. “We’ve received a growing number of requests for this support over the past several months, and we’re happy to deliver it.”
ParkMyCloud provides an easy-to-use platform that helps enterprises automatically identify and eliminate wasted cloud spend. More than 800 enterprises around the world – including Unilever, Sysco, Hitachi ID Systems, Sage Software, and National Geographic – trust ParkMyCloud to cut their cloud spend by millions of dollars annually. ParkMyCloud’s SaaS offering allows enterprises to easily manage, govern, and optimize their spend across multiple public clouds. For more information, visit www.parkmycloud.com.
Lately, many of our AWS customers (especially those purchasing through the AWS marketplace) have mentioned that they are using an AWS EDP, which stands for Amazon Web Services Enterprise Discount Program. Essentially, this is AWS’s way to provide enterprises a discount off its services based on a volume (consumption) commitment.
How does an AWS EDP work?
A simple application of an AWS EDP would work as follows: for the next 3 years, you commit to spend $5MM on AWS services, and receive a 13% discount. Even if you don’t spend $5MM you still owe them $5MM, and of course if you go over you would get billed for the overage.
AWS’s website does not provide a lot of information about these agreements. Here’s what they say: “Customers also have the option to enroll in an Enterprise Agreement with AWS. Enterprise Agreements give customers the option to tailor agreements that best suit their needs. For additional information on Enterprise Agreements please contact your sales representative.”
What Other Agreements Compare to an AWS EDP?
Going back to my days at IBM, we used to generally refer to discount contracts as Enterprise License Agreements (ELAs). An ELA is a software site license that is sold to large enterprises. It typically allows for unlimited use of a single or multiple software products throughout the organization, although there were often some restrictions and limitations. During my time at IBM, these were sold upfront for a set dollar amount and term, generally 3 to 5 years and usually had a cap on usage, so at some point overages could kick in – which would help with the renegotiation, of course.
Other terms used with a similar concept include Site License, Enterprise Agreement (this is a common Microsoft term – EA), Volume Purchase Agreement (VPA) and All You Can Eat (AYCE). What all of these have in common is that the vendor gets a large revenue/spend commit, and the enterprise gets discounting and flexibility.
How Else can you Get Discounts on AWS?
AWS does provide enterprises with multiple ways to consume its services based on their business needs and get volume discounts. Traditional on-demand instances allow you to pay for capacity by the hour without any long-term commitments or upfront payments. Reserved instances are ideal for applications with steady-state or predictable usage and can provide up to a 75% discount compared to on-demand pricing. And of course they promote scale groups, spot instances, and other optimization efforts to reduce spend and waste but those are more cost control opportunities then they are discounts. Plus, you can always wait for better pricing.
Should You Use an AWS EDP?
Before committing to an AWS EDP, ensure that your organization will consume the amount of resources you are committing too. Keep in mind that this can also include the AWS Marketplace. The third party solutions you can buy on the AWS Marketplace also count against your AWS EDP, and leverage that discount structure — so before completing a third-party transaction, make sure you check the Marketplace to see if the cloud solution you buy is listed there.
Among several exciting announcements we heard at AWS re:Invent 2018 was one that hit close to our Loudoun County home – the new AWS GovCloud (US-East) Region. Joining GovCloud (US-West), the first of its kind, the East region is the second for AWS GovCloud and the 19th AWS region in the world. This announcement is significant, particularly to the Washington DC area of the east coast, home to the ParkMyCloud headquarters and a significant number of U.S. government departments and agencies.
The US-East region adds three more Availability Zones to AWS GovCloud, doubling the three total that were previously included with the existing infrastructure. This is great news for U.S. customers in the public and commercial sector in highly regulated industries that must meet stringent compliance requirements, including those for disaster recovery and continuity of operations. The new region is compatible with EC2, S3, and RDS instance types, among more.
Why does AWS GovCloud matter?
The advantages of scalability, security, and agility in the cloud are alluring. But for customers with sensitive data and strict compliance and security requirements, like government agencies, using the cloud is a tricky process with a huge checklist to follow. To provide the same benefits of cloud services while meeting even the most stringent U.S. government requirements, Amazon designed an isolated cloud region only for those users – AWS GovCloud.
What’s Different in AWS GovCloud?
Think of AWS GovCloud as Amazon’s “gated community.” GovCloud vets all of its government customers and their partners to create secure cloud solutions, meeting compliance requirements for FedRAMP, the DOJ’s Criminal Justice Information Systems (CJIS), U.S. International Traffic in Arms Regulations (ITAR), Export Administration Regulations (EAR), Department of Defense (DoD) Cloud Computing Security Requirements Guide (SRG), FIPS 140-2, IRS-1075, and more. This specialized region allows for customers to host sensitive Controlled Unclassified Information (CUI) that includes data in categories such as agriculture, patent, export, critical infrastructure, immigration, law enforcement, proprietary business info, statistical, tax, financial, and transportation, to name a few. GovCloud is ideal for government agencies at the federal, state, and local level, as well as organizations in regulated industries including financial, technology, energy, healthcare, law enforcement, defense, enterprise, and aerospace.
How do I qualify to be a GovCloud customer?
GovCloud is only available to vetted U.S. entities and root account holders with U.S. citizenship. AWS ensures address compliance in the cloud with network, data, and virtual machines that are isolated from all other AWS cloud regions. GovCloud features a separate identity and access management stack with unique credentials that work only within the AWS GovCloud region. In addition, the region is managed solely by AWS personnel of U.S. citizenship, on U.S. soil, and users get their own separate management console. The region also has endpoints specific to its region, including the option to use designated endpoints, meeting FIPS 100-2 compliance requirements.
Why go GovCloud?
Whether it’s Personally Identifiable Information (PII), patient medical records, financial data, law enforcement data, or other forms of CUI, AWS GovCloud allows users to meet compliance requirements on their cloud journey. Government agencies have an opportunity with Amazon to support mission critical workloads for enterprise applications, high performance computing, big data, storage & disaster recovery. For a U.S. cloud with vetted access, that meets compliance, guards data, improves identity management, protects workloads, and enhances cloud visibility, AWS GovCloud is the way to go.
Amidst the truckload of announcements from AWS around re:Invent this year, one that caught my attention was the ability to perform EC2 instance hibernation. This isn’t going to be directly applicable to all workloads or all businesses, but it provides a needed way to bridge the gap between On-Demand EC2 and Spot instances. By having this option, it should be easier to go between both compute choices to solve more business cases.
Spot Instances 101
One way AWS helps you save money is by letting you utilize spare compute resources as instances called Spot. There’s a whole economy around Spot Instances, as the price can go up or down based on free resources in AWS data centers. To purchase Spot Instances, you establish your bid price, and if the price of your desired instance goes under the bid, then you get the resources. The biggest catch is that once the price goes above your bid price, your gets stopped in the middle of what it was doing.
This behavior means that you need to have workloads that can be paused. One big consideration is that you don’t want to have time-sensitive workloads operating in this environment, as it may take longer to complete the overall task if the processes keep getting interrupted. This also means that you’ll want to build your subtasks and processes in a way that they can be interrupted without breaking horribly.
Interruptible Workloads On-Demand
Now, with the ability to perform EC2 instance hibernation, the processes that you’ve already made interruptible can run on demand, with you choosing when to pause those workloads. By having this flexibility, you can eliminate the concern of not finishing a task before a desired date that comes with Spot instances, but still have the ability to switch to Spot (or out of Spot) if desired. This combines some of the best aspects of Spot and On-Demand Instances.
In addition to the benefit of workloads completing on your timetable, you can also utilize hibernation to pre-warm EC2 instances that have apps that might take a while to spin up. This can be especially true for memory-intensive applications, as any data that was in memory prior to hibernation will be immediately available upon restart. You could even use this as a workaround to long warm-up times for AWS Lambda functions, as instead of waiting for the Lambda to spin up, your instance could be running your function locally with everything pre-loaded.
EC2 Instance Hibernation: Supercharging Spot
Last year, AWS added the ability to hibernate Spot instances, which changed the game on how you plan your Spot workloads. Now, with EC2 Instance hibernation, you can take your workload management to the next level by having a wider array of options available to you.
This kind of hibernation seems like a great fit for image processing, video encoding, or after-hours high performance computing. Got any other good ideas or use-cases for EC2 instance hibernation? Let us know what you think!