- ECS is a container orchestration service
- Helps you run Docker containers on EC2 machines
- Tasks
- An application can have many tasks.
- A task contains one or more (max 10) containers.
- Applications are defined using task definitions.
- You can apply a single IAM role to a task definition.
- Other task definitions include: Which docker images, CPU/memory, whether containers are linked, networking mode, ports that should be mapped/opened, whether task should continue if container finished or fails, commands to execute when container is started, environment variables to pass, data volumes.
- A task definitions can have two launch types:
- EC2 (original): Runs ECS on user-provisioned EC2 instances
- Requires installation of ECS Container Agent
- Both for Windows + Linux
- Included in the Amazon ECS optimized AMI
- Can also be installed on any EC2 instance that supports the ECS specification
- Fargate: Runs ECS tasks on AWS provisioned compute (serverless)
- EC2 (original): Runs ECS on user-provisioned EC2 instances
- Scheduling tasks
- Service scheduler for long-running stateless tasks and applications.
- Manually running tasks ideal for batch jobs that perform work and stop.
- Scheduled tasks (cron): run based on cron expression or based on CloudWatch Events rule.
- Custom schedulers: Your own schedulers or third party e.g. Blox.
- ECS Clusters
- Logical grouping of container instances that you can place tasks on.
- Clusters can contain tasks using BOTH the Fargate and EC2 launch type
- Each container instance may only be part of one cluster at a time
- Clusters are Region-specific.
- For tasks using the EC2 launch type, clusters can contain multiple different container instance types.
- Made of:
- EKS - Elastic Kubernetes Service
- Running ECS on AWS-powered Kubernetes (running on EC2)
- Pros:
- Service discovery
- Big open source ecosystem and good competence
- Internal networking & network overlay
- No vendor lock-in
- Cons: more complexity & costs
- ECR - Docker Container Registry
- Hosted by AWS
- Store, managed and deploy your containers on AWS
- Fully integrated IAM & ECS
- Sent over HTTPS (encryption in flight) and encrypted at rest
- ECS pulls from ECR with IAM role, while CodeBuild pushes images (CI/CD) to ECR.
- EKS - Elastic Kubernetes Service
- IAM security and roles at the ECS task level
- Docker
- Allows application to work the same way anywhere where docker is installed
- Containers are isolated from each other
- Control how much memory / CPU is allocated to your container
- Ability to restrict network rules
- More efficient than Virtual machines
- Scale containers up and down very quickly
- Use cases
- Run microservices
- Ability to run multiple docker containers on the same machine
- Easy service discovery features to enhance communication
- Direct integration with Application Load Balancers
- Auto scaling capability
- Run batch processing / scheduled tasks
- Schedule ECS containers to run on On-demand / Reserved / Spot instances
- Migrate applications to the cloud
- Dockerize legacy applications running on premise
- Move Docker containers to run on ECS
- Run microservices
- Concepts
- ECS cluster: Set of EC2 instances
- ECS service: Applications definitions running on EC2 cluster
- Security
- ECS IAM roles: Roles assigned to tasks to interact with AWS.
- Security groups: Can be associated to container instances.
- ALB Integration
- 📝 Application Load Balancer (ALB) has a direct integration feature with ECS called "port mapping"
- Allows you to run multiple instances of the same application on the same EC2 machine
- Dynamic port mapping is not available in classic load balancer and allows the same port to be mapped to many.
- E.g. containers on port 6789, 9586, 3748 can be exposed on port 80 /443 by application balancer.
- Use cases:
- Increased resiliency even if running on one EC2 instance
- Maximize utilization of CPU / cores
- Ability to perform rolling upgrades without impacting application uptime
- 📝 Application Load Balancer (ALB) has a direct integration feature with ECS called "port mapping"
- ECS Setup & Config file
- Run an EC2 instance, install the ECS agent with ECS config file
- Or use an ECS-ready Linux AMI (still need to modify config file)
-
Config file is at
/etc/ecs/ecs.configECS_CLUSTER=MyCluster #Assign EC2 instance to an ECS cluster ECS_ENGINE_AUTH_DATA={..} #to pull images from private registries ECS_AVAILABLE_LOGGING_DRIVERS=[..] #CloudWatch container logging ECS_ENABLE_TASK_IAM_ROLE=true #Enable IAM roles for ECS tasks
-
- Or use an ECS-ready Linux AMI (still need to modify config file)
- Run an EC2 instance, install the ECS agent with ECS config file