[03] Architecting for ECS

Question 1

What is the dualStackIPv6 parameter used for?

Answer 1

It allows awsvpc tasks to be provided an IPv6 address in addition to the primary private IPv4 address

Question 2

What are the requirements for a task to receive an IPv6 address?

Answer 2

The task must use awsvpc network mode, be launched in a VPC configured for dual-stack mode, and the dualStackIPv6 account setting must be enabled

Question 3

What is the fargateFIPSMode parameter used for?

Answer 3

It turns on FIPS-140 compliance for Fargate tasks

Question 4

What does the tagResourceAuthorization parameter enforce?

Answer 4

It enforces the ecs:TagResource permission when calling ECS API actions which create resources with tags e.g. ECS:CreateCluster

Question 5

What is the purpose of the fargateTaskRetirementWaitPeriod parameter?

Answer 5

It controls the notice period for non-critical Fargate platform revision updates

Question 6

What does the guardDutyActivate parameter indicate?

Answer 6

It is a read-only setting which indicates whether GuardDuty Runtime Monitoring is enabled

Question 7

What accounts are opted in to using the new ARN formats by default?

Answer 7

New accounts are opted in by default

Question 8

What parameters can be used to opt-in to using the new ARN formats?

Answer 8

serviceLongArnFormat, taskLongArnFormat & containerInstanceLongArnFormat

Question 9

What does the awsvpcTrunking parameter enable?

Answer 9

It enables ENI trunking for certain EC2 instance types

Question 10

What does the containerInsights parameter determine?

Answer 10

It determines whether Container Insights is enabled by default for new clusters

Question 11

Can the containerInsights setting be overridden for a specific cluster?

Answer 11

Yes, it can be overridden in ecs:CreateCluster

Question 12

What options are available for latency critical applications with ECS?

Answer 12

Local Zones, Wavelength Zones, AWS Outposts

Question 13

What are Local Zones?

Answer 13

An extension of an AWS region

Question 14

What are Wavelength Zones?

Answer 14

Colocated with infrastructure used for carriers’ 5G networks

Question 15

What is AWS Outposts?

Answer 15

Allows AWS infrastructure to be deployed on premises

Question 16

What is a limitation of Local Zones, Wavelength Zones, and AWS Outposts?

Answer 16

Other AWS services are limited in these environments e.g. only some Local Zones support ALBs

Question 17

Where does the ECS control plane run for Local Zones, Wavelength Zones, and AWS Outposts?

Answer 17

In the region

Question 18

What is the recommended agent configuration setting when running the agent outside a region?

Answer 18

ECS_IMAGE_PULL_BEHAVIOR=prefer-cached

Question 19

What is the default setting for the ECS_IMAGE_PULL_BEHAVIOR agent configuration?

Answer 19

Not prefer-cached

Question 20

What are shared subnets supported for?

Answer 20

EC2 and Fargate tasks

Question 21

What security group restriction applies when using shared subnets?

Answer 21

The security group(s) used must belong to the current account

Question 22

For Fargate tasks, what conditions allow tasks to have public IPs?

Answer 22

The network mode is awsvpc, the assignPublicIP is ENABLED in the service definition, and the subnet supports it

Question 23

For EC2 tasks, what network modes allow tasks to have public IPs?

Answer 23

bridge or host

Question 24

What other condition is required for EC2 tasks to have public IPs?

Answer 24

The EC2 container instance has a public IP