Hinweis
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, sich anzumelden oder das Verzeichnis zu wechseln.
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, das Verzeichnis zu wechseln.
Before you migrate the sample web application to Azure, make sure you have a solid understanding of the operational differences between the AWS and Azure platforms.
This article walks through some of the key concepts for this workload and provides links to resources for more information. For a comprehensive comparison between Azure and AWS services, see AWS to Azure services comparison.
Deployment
Both AKS and EKS provide multiple options for deploying a managed Kubernetes cluster on Azure and AWS. These options include native solutions and provisioning solutions based on third-party systems or open-source technologies.
| Deployment Options | EKS | AKS |
|---|---|---|
| Portal | AWS Management Console | Azure portal |
| Native Infrastructure as Code | AWS Cloud Formation | Bicep and Azure Resource Manager (ARM) |
| Native CLI | AWS CLI and EKS CLI | Azure CLI, Azure Developer CLI, and PowerShell |
| Terraform | EKS module | AzureRM Provider |
| Pulumi | EKS Cluster | AKS ManagedCluster |
| Crossplane | Yes | Yes |
| Cluster API | Yes | Yes |
The Azure CLI is designed for simplicity and ease of use. You can create, upgrade, or delete a cluster with a single command. This streamlined approach reduces complexity of managing Kubernetes clusters on Azure. For more information, see az aks commands. By contrast, the EKS CLI uses a more manual approach that requires multiple steps in conjunction with using kubectl.
Monitoring
Effective monitoring is essential for identifying and resolving issues in Kubernetes clusters. The following information outlines how AKS and EKS handle monitoring:
| Monitoring Options | EKS | AKS |
|---|---|---|
| Native Monitoring | Amazon CloudWatch | Azure Monitor |
| Managed Prometheus and Grafana | Amazon Managed Service for Prometheus and Amazon Managed Grafana | Azure Monitor managed service for Prometheus and Azure Managed Grafana |
| Datadog | Yes | Yes |
| Dynatrace | Yes | Yes |
Support for open source projects
Both AKS and EKS provide support for open-source projects, enabling you to utilize more capabilities and features. AKS provides managed capabilities for both KEDA and Karpenter as detailed below.
| Open source projects | EKS | AKS |
|---|---|---|
| Kubernetes Event-driven Autoscaling (KEDA) | Yes | Yes |
| Karpenter | Yes | Node Autoprovisioning and AKS Karpenter Provider |
Load balancing
Azure Application Gateway and AWS Application Load Balancer are two popular layer 7 load balancing solutions offered by Microsoft Azure and Amazon Web Services, respectively. These services play a crucial role in distributing incoming network traffic across multiple servers to ensure high availability and improved performance for applications.
AWS Application Load balancer
An AWS Application Load Balancer (ALB) is a component of Elastic Load Balancing in Amazon Web Services (AWS). ALB ensures traffic is routed only to healthy targets and scales with incoming traffic. It supports various load balancers, including Application, Network, Gateway, and Classic Load Balancers.
Azure Application Gateway
Azure Application Gateway is a layer 7 web traffic regional load balancer that enables customers to manage the inbound traffic to multiple downstream web applications and REST APIs. Azure Application Gateway is designed to optimize the delivery of web applications and provide enhanced security through features like Azure Web Application Firewall and Application Gateway Ingress Controller for Azure Kubernetes Service (AKS). It distributes incoming application traffic across multiple backend pools, which include public and private Azure Load Balancers, Azure virtual machines (VMs), Azure Virtual Machine Scale Sets (VMSSs), hostnames, Azure App Service, and on-premises/external servers.
Compare Azure Application Gateway and AWS ALB
Azure Application Gateway and AWS Application Load Balancer provide a comparable feature set. The following table provides a comparison of the solutions:
| Feature | Azure Application Gateway | AWS Application Load Balancer |
|---|---|---|
| Secure Sockets Layer (SSL/TLS) Termination | Supported | Supported |
| Autoscaling | Supported | Supported |
| Zone redundancy | Supported | Supported |
| Static VIP | Supported | Supported with AWS Global Accelerator |
| Web Application Firewall | Supported | Supported |
| Ingress controller | Supported | Supported |
| URL-based routing | Supported | Supported |
| Multiple-site hosting | Supported | Supported |
| Redirection | Supported | Supported |
| Session affinity | Supported | Supported |
| WebSocket and HTTP/2 traffic | Supported | Supported |
| Mutual TLS authentication | Supported | Supported |
| Connection draining | Supported | Supported |
| Custom error pages | Supported | Supported |
| Rewrite HTTP headers and URL | Supported | Supported with AWS WAF |
| Sizing | Multiple sizes available | Multiple sizes available |
Web Application Firewall
Ensuring web application security is crucial to protect against evolving cyber threats. Fully managed web application firewall services provide robust protection for web applications against threats and malicious attacks.
AWS Web Access Firewall (WAF)
AWS Web Access Firewall (WAF) is a web application firewall that monitors HTTP and HTTPS requests to your web applications. It protects multiple AWS resources, including those exposed via the AWS Application Load Balancer.
Azure Web Application Firewall (WAF)
Azure Web Application Firewall (WAF) that provides centralized protection of web applications from common exploits and vulnerabilities. WAF can be deployed with Azure Application Gateway, Azure Front Door, and Azure Content Delivery Network (CDN) service from Microsoft.
The Azure WAF comes with a preconfigured, platform-managed OWASP (Open Web Application Security Project) ruleset that provides protection against various types of attacks, including cross-site scripting and SQL injection. As a WAF administrator, you have the option to write your own custom rules to enhance the core rule set (CRS) rules. Azure WAF also supports a Bot Protection ruleset that you can use to prevent bad bots from scraping, scanning, and looking for vulnerabilities in your web application. The Azure WAF can be configured to run in the following two modes:
- Detection mode: Monitors and logs all threat alerts. You turn on logging diagnostics for Application Gateway in the Diagnostics section. You must also make sure that the WAF log is selected and turned on. Web application firewall doesn't block incoming requests when it's operating in Detection mode.
- Prevention mode: Blocks intrusions and attacks that the rules detect. The attacker receives a "403 unauthorized access" exception, and the connection is closed. Prevention mode records such attacks in the WAF logs.
Azure Web Application Firewall (WAF) monitoring and logging are provided through logging and integration with Azure Monitor and Azure Monitor logs. You can configure your Azure Application Gateway, Azure Front Door, and Azure Content Delivery Network (CDN) to use Azure Web Application Firewall (WAF) and store diagnostic logs and metrics to a Log Analytics workspace. You can use the Azure Monitor Metrics Explorer to analyze the Azure WAF metrics and the Kusto Query Language to create and run queries against the diagnostics logs collected in the Log Analytics workspace.
Next steps
For more information about the differences between AKS and EKS, see the following articles:
- Migrate from Amazon EKS to Azure Kubernetes Service (AKS)
- AKS for Amazon EKS professionals
- Identity and access management
- Cluster logging and monitoring
- Secure network topologies
- Storage options
- Cost optimization and management
- Agent node and node pool management
- Cluster governance
- Workload migration
Contributors
This article is maintained by Microsoft. It was originally written by the following contributors:
Principal author:
- Paolo Salvatori | Principal Customer Engineer
Other contributors:
- Ken Kilty | Principal TPM
- Russell de Pina | Principal TPM
- Erin Schaffer | Content Developer 2
Zusammenarbeit auf GitHub
Die Quelle für diesen Inhalt finden Sie auf GitHub, wo Sie auch Issues und Pull Requests erstellen und überprüfen können. Weitere Informationen finden Sie in unserem Leitfaden für Mitwirkende.
Azure Kubernetes Service