Integrating ROSA Applications with AWS Services (CS221)

Integrate applications on ROSA with AWS services while keeping a good security posture.

Course Description

• Integrate applications deployed on ROSA with AWS services in a way that cluster administrators and platform engineers retain control of credentials and roles required by applications to access AWS services instead of exposing those credentials to application developers.
• Note: This course is offered as a two day in person class, a three day virtual class or is self-paced. Durations may vary based on the delivery. For full course details, scheduling, and pricing, select your location then get started on the right hand menu.

Course Content Summary

• Integrate with external container registries such as ECR and Quay.io to deploy applications from private image repositories
• Configure storage classes to enable application access to different EBS volume types
• Configure storage classes and security contexts to enable application access to shared EFS storage volumes
• Configure pod identity using STS/IRSA to enable application access to AWS services such as database (Aurora), integration (SQS), and object storage (S3)
• Provision AWS services for applications using the AWS Controllers for Kubernetes (ACK)
• Federate and query application metrics (application workload monitoring) with Amazon Managed Prometheus Service
• Aggregate and query structured application logs with Amazon CloudWatch
• Configure custom domains and TLS certificates for secure public access to applications

Module 1: Deploy Applications From External Registries

• Deploy applications on Red Hat OpenShift Service on AWS (ROSA) from private container image repositories in external centralized container image registries.

Module 2: Provide Amazon Storage Volumes for Applications

• Configure Amazon Elastic Block Storage (EBS) or Amazon Elastic File System (EFS) volumes that meet the cost, performance, and sharing requirements of their applications.

Module 3: Configure Application Access to AWS Services

• Configure applications for access to shared AWS services by using Kubernetes service accounts, and provision dedicated AWS services by using Kubernetes custom resources.

Module 4: OpenShift and AWS Application Observability

• Configure ROSA clusters to forward application logs to Amazon CloudWatch and application metrics to Amazon Managed Service for Prometheus.

Module 5: Custom Domains for ROSA Applications

• Expose applications to internet users with secure URLs by using human-readable DNS domains.

Recommended training

• CS220 - Create and Configure Production Red Hat OpenShift on AWS (ROSA) Clusters or equivalent experience: I know how to create and access a private ROSA cluster
• AWS administration at the level of either AWS Certified SysOps Administrator - Associate or AWS Certified Solutions Architect - Associate, or equivalent experience: I know how to manage AWS infrastructure services
• Basic knowledge of OpenShift from DO080 Technical Overview: I know basic concepts of OpenShift and containers
• It is recommended that learners also enroll in the Red Hat Certified OpenShift Administration certification courses in addition to taking CS220 and CS221

Target Audience

• Primary: ROSA Administrators, Platform Engineers, Cloud Administrators, System Administrators and other infrastructure-related IT roles who are responsible for providing and supporting infrastructure for applications deployed on AWS
• Secondary: Enterprise Architects, Site Reliability Engineers, DevOps Engineers, and other application-related IT roles who are responsible for designing infrastructure for applications deployed on AWS