Elastic Container Service

Solution Architect Associate

Developer Associate

  • A highly scalable, fast container management service that makes it easy to run, stop and manage Docker containers on a cluster of EC2 instances
  • Regional service that you can use in one or more AZs across a new or existing VPC to schedule placement of containers across your cluster
  • Eliminates the need for you to operate your own cluster management and configuration management systems, or to worry about scaling your management infrastructure
  • ECS can be used to create consistent deployment and build experiences, as well as manage and scale batch workloads
  • Amazon Elastic Container Registry (ECR) is a managed Docker registry (their version of Dockerhub)
    • Can use IAM to restrict access to repositories of images
  • Integrates with various load balancer solutions within AWS

Task Definition

  • Required to run Docker containers in ECS. Can choose between EC2 and Fargate
  • JSON files that describe one or more containers that form your application
  • Contains info on what docker image to use, networking modes, ports to map to the host, data volumes, etc.

ECS Service

  • Allows you to run and maintain a desired count of instances of a task definition
  • Kind of like Auto-Scaling groups for ECS

ECS Cluster

  • A logical group of container instances that you can place tasks on
  • You get one by default when you first use the ECS service, but you can create multiple clusters in an account
  • Clusters are region specific
  • Can use IAM to restrict access to specific clusters
  • Containers can be a member of only one cluster at a time
  • Can contain multiple different types of container instance types

ECS Scheduling

  • Service Scheduler: Ensures that a specific number of tasks are consistently running and reschedules tasks when they fail
  • Custom Scheduler: You can create your own schedulers to meet your business need, including leveraging 3rd party services

ECS Container Agent

  • Allows container instances to connect to your cluster
  • Will not work with Windows

Security

  • EC2 instances Use IAM roles to access ECS and services
  • Security groups attach at the instance level

Fargate

  • A serverless compute engine for containers that works with both ECS and EKS
  • Allows you to continue using ECS/EKS for scheduling, but AWS manages the underlying infrastructure
  • It only works with Linux workloads
  • When using Fargate, you have to define the amount of CPU and Memory to allocate to your container

EC2 vs Fargate Options

  • EC2
    • The EC2 option allows you to use the EC2 pricing model, making it more cost effective. It also excels at scenarios with long-running containers.
    • With EC2, you can put multiple containers on a single host
  • Fargate
    • With Fargate, you lose all operating system access
    • You only pay for the compute time and resource allocation that you setup within Fargate
    • Excels at short running tasks that pop up and can go away
    • Containers are all isolated

Limits

  • 1000 clusters per region
  • 1000 instances per cluster
  • 500 services per cluster
  • 1 load balancer per service
  • 1000 tasks per service
< Previous: Containers Next: Database >