Working at Nava

Adding Docker orchestration with AWS Elastic Container Service

Adoption of containerization often comes with contract and security requirement concerns. We found success with a service cluster based on AWS Elastic Container Service (ECS).

I’ve been working on large federal government cloud projects as an infrastructure engineer since 2015 and, admittedly, adoption of containerization has been slow. There have been issues/concerns with contract and security requirements but it’s also just hard to prioritize significant architecture changes when things are already working fine.

Talking to some of my colleagues in the private sector our situation is actually not so uncommon: We are running our service in AWS Autoscaling groups and deploying code by building new machine images (AWS AMI’s). On some projects we dipped our toes in the containerization waters by “baking” docker images into the machine images and starting up the application with docker on boot up. Unfortunately, deploying applications through machine image swaps is *slow*. Developers deserve better.

Recently, my colleagues, Jia Huang and Mike Smorul and I prototyped a service cluster based on AWS Elastic Container Service (ECS). Our reference architecture featured AWS and Autoscaling groups. To our delight, adding ECS into the architecture was a pretty smooth process! We did discover some gaps along the way but were able to bridge them with existing patterns and some new tooling.

I’m happy to share our prototype system and some python tooling that we’ve open sourced. It represents some of key values that Nava’s infrastructure team brings to projects: Infrastructure as code, automation, rapid deployment, high availability and security.

An example implementation of an AWS ECS cluster managed with Terraform

Scripts for managing runtime parameters and deploys in AWS ECS

Why Elastic Container Service?

Our bottom line goal was to move to a service model where product teams build container images and the infrastructure provides a very simple and fast process for deploying them. Though Kubernetes has a tremendous amount of buzz and momentum, ECS is also able to meet our bottom line goal. In addition, for environments that are already in AWS with autoscaling groups, ECS presents an incremental change to the underlying architecture. Kubernetes on AWS (and EKS, which we have not yet evaluated and was completely new at the time) is an exciting prospect but involves a larger set of changes (e.g. adopting additional networking and auth abstractions).

Tell us what you think

Take a look at our ECS prototype demo/tutorial and let us know what you think.

Nava PBC is looking for infrastructure engineers to help ensure that we continue delivering services that millions of Americans depend on. If this sounds like a good fit, take a look at our open roles.

Written by

Brendan Neutra

Senior Infrastructure Engineer

Brendan Neutra is a senior infrastructure engineer lead at Nava. Brendan worked on infrastructure for Google before being recruited to help stabilize the site in 2014.

PublishedOctober 15, 2018


Partner with us

Let’s talk about what we can build together.