[01] Introduction

Question 1

Where must images be stored that are run by ECS?

Answer 1

In a registry e.g., ECR

Question 2

Do ECS container instances require inbound ports to be opened?

Answer 2

No, the ECS agent makes outbound connections to the control plane

Question 3

What command allows a user to run docker without sudo?

Answer 3

sudo usermod -a -G docker

Question 4

What does the EXPOSE command in a Dockerfile do?

Answer 4

It is purely metadata and doesn’t restrict or limit what ports can be exposed using docker run

Question 5

How many registries does ECR have per account per region?

Answer 5

One

Question 6

What does creating an EC2 capacity provider from the Console do?

Answer 6

Creates a CloudFormation stack to deploy an ASG, launch template, and capacity provider association

Question 7

What does the launch template include when creating an EC2 capacity provider?

Answer 7

User data to define which cluster the instance should join: echo ECS_CLUSTER= >> /etc/ecs/ecs.config

Question 8

What is AWS App2Container?

Answer 8

A CLI tool for containerising existing applications

Question 9

What is the credential source precedence for AWS SDKs?

Answer 9

1. Credentials that are explicitly set through the service-client constructor
2. Environment variables
3. The shared credentials file (~/.aws/credentials for Linux)
4. Credentials loaded from the ECS task metadata endpoint, 5. Credentials loaded from the EC2 IMDS

Question 10

When is the EC2 launch type recommended?

Answer 10

For large workloads which must be price optimised, or when advanced features (e.g. GPUs) are required

Question 11

What endpoints need to be configured to connect to the ECS service using PrivateLink?

Answer 11

com.amazonaws.{{region}}.ecs-agent, com.amazonaws.{{region}}.ecs-telemetry, com.amazonaws.{{region}}.ecs (these aren’t required for Fargate tasks)