Container management service for Docker containers (ECS Task)
Highly scalable / high performance, lets you run applications on an EC2 cluster
Amazon Elastic Container Registry (ECR) is private repository for Docker images, the public version is Amazon ECR Public Gallery; backed by Amazon S3, access controlled through IAM
ECS Launch Types
Fargate Launch Type is serverless, managed by AWS
EC2 Launch Type gives you direct access to the instances, but you have to manage them, with ECS Agent
ECS Agent would use EC2 Instance Profile
ESC Tasks use each individual ESC Task Role, which is defined in the task definition
Mount EFS for ECS tasks, which can ensure all tasks in any AZ will share the same data; in comparison, S3 cannot be mounted as File System
ECS Task definition is metadata in JSON, up to 10 containers in one file
Image name
Port Binding for Container and Host
on EC2 Launch type, if only define container port, then the ALB would use Dynamic Host Port Mapping, then on EC2 instance’s Security Group should set allow on any port from ALB security group
each task has its unique private IP on Fargate Launch, so only define the container port
Memory and CPU required
Environment variables (Hardcoded ,SSM Parameter Store, Secrets Manager, or files stored in S3)
Networking
IAM Role (One IAM Role per Task Definition)
Logging configuration (CloudWatch)
Data Volume to share data among multiple containers (Applications and Metrics/Logs, aka sidecar)
EC2 Launch Type – using EC2 instance storage
Fargate Launch Type – using ephemeral storage (20-200 GB), data deleted when containers demolished
ECS Task Placement strategy & Task Placement constraints – Only for EC2 Launch Type
find instances meet CPU/Memory/Port requirements
find those satisfy task placement constraints
distinctInstance – place each task on different container instance
memberOf – using Cluster Query Language, placing on certain instances (like t2.*)
find those satisfy task placement strategies
Binpack – cost-saving by using least available amount of CPU or Memory as minimum instances
Random
Spread (can be AZ or instance ID)
ECS does not use EC2 Auto Scaling, instead, uses the AWS Application Auto Scaling based on
Average CPU Utilization
Average Memory Utilization – Scale on RAM
ALB Request Count Per Target
AWS Application Auto Scaling policy can be
Target Tracking – scale based on the target specific CloudWatch metric
Step Scaling – based on a specified CloudWatch Alarm
Scheduled Scaling
Under EC2 Launch Type, the way to auto-scaling EC2 instances by
Auto Scaling Group Scaling – use EC2 ASG to check instance loadings (CPU, Memory, etc.)
ECS Cluster Capacity Provider, paired with ASG
AWS Coplit is the CLI tool, running apps on AppRunner, ECS and Fargate; with CodePipeline for deployment
Amazon Elastic Kubernetes Service (EKS)
EC2 Launch for deploy worker node; Fargate for serverless
Kubernetes is cloud-agnostic
Node Types
Managed Node Groups
AWS handles EC2 instances with ASG managed by EKS
On-Demand or Spot instances
Self-Managed Nodes
Self create and manage EC2 instance with self-define ASG
On-Demand or Spot instances
AWS Fargate
Can specify StorageClass manifest on EKS cluster, leverage a Container Storage Interface (CSI) compliant driver