Run Mule Runtime Containers at scale on AWS
There are several ways you can run mule containers on the cloud. In this article we will show you Infotiate’s unique and highly secure approach towards running Mule containers at scale on AWS. Infotiate provides complete production ready solution with following capabilities:
- Enterprise Mule Gateway at scale that can be used to run APIs or Event based workloads at scale on AWS
- Ability to dynamically create and destroy mule runtimes on-demand on AWS and Azure
- Ability to utilize cloud native features such as Auto scaling, spot instances, flexibility to use instance types, centralized logging and monitoring
- Ability to auto register and deregister mule runtime container instance with Anypoint.
- Highly secure, strict IAM controls & networking configuration, scalable and available solution
How it works
- Developers check-in the mule app code to the source control system.
- Jenkins or AWS Code build pipeline detects the change and builds the Mule deployable and packages the Mule app, Mule runtime, Infotiate mule registration script, JDK, and other required packages and OS into a Docker image. The docker image is scanned and any vulnerabilities found will be reported with the option to stop the deployment based on the vulnerabilities thresholds configured. Following packaging and deployment options can be configured
- Package mule app along with docker image
- Package mule app separately and deploy to existing server group or mule cluster
- CD pipeline deploys the fully packaged image onto Amazon ECS, EKS or Kubernetes cluster.
- The Docker image upon startup automatically registers with ARM via ARM APIs, which is configured as the bootstrap entry point in the Dockerfile. The registration script registers Mule runtime engine with Anypoint Runtime Manager by executing a lambda function. Lambda functions executes series of Runtime Manager API calls to obtain server registration token via Mule Connected app token endpoint.
- Once the Mule runtime engine is completely started and registered with ARM, the API automatically gets discovered by Anypoint API Manager via API Auto Discovery.
- In case containers are scaled down or terminated, cloud watch triggers a lambda function which removes the container instance from Runtime Manager
- Connected apps with scope controls, no need to create anypoint account
- AWS secrets manager to store configuration parameters e.g. client id and secret
- Access to secrets manager is controlled via IAM resource policies to allow only specific lambda function access to the secret
- Access to lambda functions is controlled via resource based access policies, only mule runtime containers can invoke lambda functions to obtain mule runtime registration token
- VPC endpoints, Strict NACLs and security group – Open only the required ports