[05] Clusters & Capacity

Question 1

What must every task have to specify what capacity it should use when launched?

Answer 1

A capacity provider strategy, a launch type, or use the cluster’s default capacity provider strategy

Question 2

Can a capacity provider be directly referenced?

Answer 2

No, only a capacity provider strategy

Question 3

What tasks are not counted by capacity providers in the cluster for scaling actions?

Answer 3

Tasks using a launch type

Question 4

What do capacity provider strategies define?

Answer 4

Which capacity providers to use by specifying a weight and base for each

Question 5

Can EC2 and Fargate capacity providers be mixed?

Answer 5

No

Question 6

How are Fargate Spot interruptions sent to running tasks?

Answer 6

As a SIGTERM

Question 7

What is sent after the stopTimeout configured in the task definition for a Fargate Spot interruption?

Answer 7

A SIGKILL

Question 8

What will happen if the Auto Scaling Group (ASG) for an EC2 Auto Scaling capacity provider cannot scale out to accommodate tasks?

Answer 8

The tasks will fail to transition beyond the PROVISIONING state

Question 9

What does turning on managed scaling do for an EC2 Auto Scaling capacity provider?

Answer 9

The capacity provider creates a scaling policy

Question 10

What does managed termination protection do for an EC2 Auto Scaling capacity provider?

Answer 10

Prevents the Auto Scaling Group from terminating instances with running tasks

Question 11

What does managed draining allow for an EC2 Auto Scaling capacity provider?

Answer 11

Graceful termination of EC2 instances in an Auto Scaling Group by first stopping tasks running on the instance

Question 12

Do instances part of a warm-pool register with the cluster until they are used?

Answer 12

No

Question 13

What happens if there is not sufficient capacity to launch tasks for services?

Answer 13

The deployment will fail due to the circuit breaker. In some cases, it will launch tasks which remain in PROVISIONING (show as Pending in the Console), but in other cases it won’t try

Question 14

What happens if there is not sufficient capacity to launch standalone tasks and a launch type is used?

Answer 14

ecs:RunTask will fail

Question 15

What happens if there is not sufficient capacity to launch standalone tasks and a capacity provider is used?

Answer 15

The task will get created and be stuck in PROVISIONING

Question 16

What agents run on external instances?

Answer 16

ECS and SSM agents

Question 17

How often are IAM credentials rotated on external instances?

Answer 17

Every 30 minutes

Question 18

Do external instances support load balancing?

Answer 18

No

Question 19

What operating systems are supported on external instances?

Answer 19

Linux & Windows

Question 20

What additional services can Windows instances use on external instances?

Answer 20

FSx & gMSA

Question 21

What network connectivity is required for external instances? (Multiple Choice)

Answer 21

ecs-a-..amazonaws.com, ecs-t-..amazonaws.com, ecs..amazonaws.com, ssm., ec2messages., ssmmesages.*

Question 22

What endpoints do external instances need connectivity to?

Answer 22

ecs-a-..amazonaws.com, ecs-t-..amazonaws.com, ecs..amazonaws.com, ssm., ec2messages., ssmmesages.*

Question 23

What is the ECS agent endpoint?

Answer 23

ecs-a-*..amazonaws.com

Question 24

What is the ECS telemetry endpoint?

Answer 24

ecs-t-*..amazonaws.com

Question 25

What is the ECS service endpoint?

Answer 25

ecs..amazonaws.com

Question 26

What endpoints are required for SSM functionality?

Answer 26

ssm.*, ec2messages.*, ssmmesages.*

Question 27

What are the possible states for a container instance in ECS?

Answer 27

REGISTERING, REGISTRATION_FAILED, ACTIVE, DRAINING, INACTIVE

Question 28

What state will a container instance be in when it is ready to run tasks?

Answer 28

ACTIVE

Question 29

When a container instance is stopped but not terminated, what happens to its status and agent connection?

Answer 29

The status remains ACTIVE but the agent connection transitions to FALSE, stopping running tasks

Question 30

What are the steps to configure the ECS agent?

Answer 30

1. Stop the agent using sudo systemctl stop ecs 2. Make changes to /etc/ecs/ecs.config 3. Restart the agent using sudo systemctl start ecs

Question 31

Why should container instances be drained before updates or deregistration?

Answer 31

To gracefully replace service tasks while respecting minimumHealthyPercent and maximumPercent parameters, without affecting standalone or daemon tasks

Question 32

What happens if a container instance is deregistered without draining?

Answer 32

The tasks will become orphaned, continuing to run but not accounted for by the control plane

Question 33

How can you start a task at container instance launch time?

Answer 33

Add user data to introspect the container instance ID and then use ecs:StartTask to start a task on that instance

Question 34

What manages ENI trunking in ECS?

Answer 34

ENI trunking is fully managed by ECS, not the agent

Question 35

What is managed instance draining and what events trigger it?

Answer 35

Managed instance draining facilitates graceful draining of instances. Events that trigger it include ASG refreshes, scale-in, health check failures, Spot capacity rebalancing, and Spot interruption.

Question 36

What is the default setting for ECS_IMAGE_PULL_BEHAVIOR?

Answer 36

default

Question 37

What does the 'default' setting for ECS_IMAGE_PULL_BEHAVIOR do?

Answer 37

The image manifest will be pulled remotely first, if that fails the cached image on the instance will be used. Cached layers are still used if available.

Question 38

What does ECS create when cluster autoscaling is enabled?

Answer 38

A low metric value CloudWatch alarm, a high metric value CloudWatch alarm, and a target tracking scaling policy

Question 39

What metrics does ECS use for cluster autoscaling?

Answer 39

CapacityProviderReservation and DesiredCapacity

Question 40

What does the CapacityProviderReservation metric represent?

Answer 40

(instances needed) / (running instances)

Question 41

What does the DesiredCapacity metric represent?

Answer 41

Amount of capacity for the ASG

Question 42

What manages the minimum and maximum instance count for the ASG?

Answer 42

The ASG, not ECS

Question 43

What happens during scale-out?

Answer 43

ECS calculates how many additional instances will be required and increases the ASG's desired count by this amount

Question 44

What blocks scale-out of a capacity provider?

Answer 44

If tasks have resource requirements greater than the smallest instance type in the ASG, or for instances within the instanceWarmupPeriod

Question 45

How many instances does ECS initially scale out to if there are no container instances running?

Answer 45

Two instances

Question 46

What does ECS wait for before considering a scale-in?

Answer 46

15 minutes

Question 47

How many datapoints does the CloudWatch scale-in alarm require before starting a scale-in?

Answer 47

15 datapoints (15 minutes)

Question 48

What is the PROVISIONING state?

Answer 48

The state a task will be in while ECS is performing additional steps

Question 49

What tasks are not accounted for during capacity provider autoscaling?

Answer 49

Tasks launched using a launch type

Question 50

What linux parameters are supported on Fargate?

Answer 50

SYS_PTRACE

Question 51

What is the purpose of enabling ECS spot instance draining?

Answer 51

To automatically drain container instances when they receive a spot interruption notice.

Question 52

What is required to enable ECS spot instance draining?

Answer 52

The ECS_ENABLE_SPOT_INSTANCE_DRAINING ECS Agent configuration, which is disabled by default.

Question 53

What instance interruption behaviour is not supported for ECS spot instance draining?

Answer 53

hibernate

Question 54

What is the purpose of ecs-init?

Answer 54

Initialises the ECS agent and ensures it keeps running.

Question 55

How does the ECS agent run on Linux?

Answer 55

As a container in host mode.

Question 56

What is the default root volume size for Amazon Linux 2023?

Answer 56

30 GiB

Question 57

What is the purpose of the root volume on Amazon Linux 2023?

Answer 57

Storing the OS and Docker images etc.

Question 58

What is the default filesystem for Amazon Linux 2023?

Answer 58

xfs

Question 59

What storage driver does Docker use on Amazon Linux 2023?

Answer 59

overlay2

Question 60

What is not available for Amazon Linux 2023 GPU instances?

Answer 60

An ECS-optimised AMI.

Question 61

What services have a directive to wait for cloud-init to finish before starting?

Answer 61

The systemd units for ECS and Docker services.

Question 62

What issue can arise from starting the agent or Docker from user data?

Answer 62

A deadlock due to waiting for cloud-init to finish.

Question 63

How can the deadlock caused by cloud-init be resolved?

Answer 63

With the --no-block flag for systemctl.

Question 64

What function does Docker use to query the available memory?

Answer 64

ReadMemInfo()

Question 65

Why is the memory available to Docker less than the instance's memory?

Answer 65

Due to overhead from the kernel etc.

Question 66

What should the task's memory reservation be less than?

Answer 66

The instance type's memory.

Question 67

What parameter can be used to explicitly reserve memory for the ECS agent?

Answer 67

ECS_RESERVED_MEMORY

Question 68

What hosts should be bypassed when using a proxy for ECS on Linux?

Answer 68

169.254.169.254, 169.254.170.2 & /var/run/docker.sock

Question 69

How can the ECS agent be updated on Linux?

Answer 69

Using ecs:UpdateContainerAgent

Question 70

What allows ecs:UpdateContainerAgent to update the agent without affecting running tasks?

Answer 70

Recent agent versions save their state in ECS_DATADIR.

Question 71

What state will a task be in while ECS is performing additional steps?

Answer 71

The PROVISIONING state.

Question 72

What is the PROVISIONING state?

Answer 72

The state a task will be in while ECS is performing additional steps.

Question 73

🐈‍⬛

Answer 73

-EnableTaskENI

Question 74

What does the -EnableTaskENI parameter do?

Answer 74

It is required to support awsvpc tasks

Question 75

What is a limitation when using IAM roles for tasks on Windows?

Answer 75

The credential proxy runs on Port 80, so this port cannot be used for applications

Question 76

What special configuration is required when using IAM roles for tasks on Windows?

Answer 76

Special user data is required to configure this

Question 77

Why should you ensure the container instance has enough storage space when using Windows base images?

Answer 77

Windows base images are large (~9 GiB)

Question 78

What state will a task be in while ECS is performing additional steps?

Answer 78

PROVISIONING

Question 79

What is the PROVISIONING state?

Answer 79

The state a task will be in while ECS is performing additional steps

Question 80

What states can an ECS cluster be in?

Answer 80

ACTIVE, PROVISIONING, DEPROVISIONING, FAILED, INACTIVE

Question 81

What state will a cluster be in while ECS is creating resources for a capacity provider?

Answer 81

PROVISIONING

Question 82

What state will a cluster be in while ECS is deleting resources for a capacity provider?

Answer 82

DEPROVISIONING

Question 83

What does the FAILED cluster state indicate?

Answer 83

The resources needed for a capacity provider have failed to create

Question 84

What does the INACTIVE cluster state mean?

Answer 84

The cluster has been deleted

Question 85

Is Container Insights enabled at the cluster or service level?

Answer 85

Cluster level

Question 86

What is optionally created for a cluster?

Answer 86

A default CloudMap namespace

Question 87

How is GuardDuty Runtime Monitoring enabled for a cluster?

Answer 87

By setting the tag 'guardDutyRuntimeMonitoringManaged' to 'true'

Question 88

At what level are the VPC and subnets set when using EC2 instances?

Answer 88

Cluster level

Question 89

What comes pre-installed on ECS-optimized AMIs?

Answer 89

The SSM agent