Containers on AWS: ECS, Fargate, ECR & EKS Flashcards
Amazon ECS - EC2 Launch Type
Elastic Container Service
Launch docker containers on AWS
= Launch ECS Tasks on ECS clusters
EC2 Launch Type - Provision & maintain the infrastructure (EC2 instances)
Each EC2 instance needs ECS agent to register in the ECS cluster
AWS starts/stops containers
ECS Architecture - EC2 Launch Type
ECS Cluster -> EC2 instances -> ECS Agent in instances -> each new container is placed in EC2 instance
ECS - Fargate Launch Type
Launch docker containers on AWS
No provisioning infrastructure
Serverless
Just create task definitions
AWS runs ECS Tasks for you based on CPU / RAM you need
To scale - increase number of tasks
ECS - IAM Roles for ECS
EC2 instance profile (EC2 launch type only)
- used by ECS
- makes API calls to ECS
- send container logs to CLoudWatch
- pull docker image from ECR
- reference sensitive data in secrets manager or SSM parameter store.
ECS Task Role
- allows each task to have specific role
- use different roles for different ECS Services you run
ECS Load Balancer Integrations
ALB in front of the ECS Cluster which holds EC2 instances
Which Load Balancer is recommended for ECS?
Application Load balancer for most use cases
Network Load Balancer for high throughput/high performance use or to pair with AWS private Link
Data Volumes (EFS) for ECS
EFS is able to be used with an ECS Cluster, works for both EC2 and Fargate launch types, and it mounts directly onto the EC2 instance & Fargate
Benefit of using EFS with ECS?
Tasks running in any AZ will share the same data in EFS system
Ultimate combo for ECS and data volume?
Fargate and EFS = serverless
Use cases for EFS in ECS?
multi AZ persistent shared storage for containers
What can you NOT do with S3 and ECS?
cannot use S3 as a mounted file system
ECS Service Auto Scaling
auto increase/decrease desired number of ECS tasks
ECS auto scaling uses AWS app Auto Scaling
- ECS service Average CPU Utilisation
- ECS Service Average Memory Utilisation - Scale on RAM
- ALB Request count per target - metric coming from ALB
What is ECS Target Tracking?
scale based on target value for a specific CloudWatch metric
What is ECS Step scaling
scale on specified CLoudWatch Alarm
Scheduled scaling in ECS
scale based on a specific date/time (predictable changes)
EC2 Launch Type - Auto Scaling EC2 Instances
ASG Scaling
- based on CPU util
- add EC2 instances over time
ECS Cluster Capacity Provider
- used to automatically provision and scale the infrastructure for your ECS Tasks
- capacity provider paired with an ASG
- Add EC2 instances when you’re missing capacity (CPU, RAM)
ECS Tasks invoked by Event Bridge
You have Region(VPC(ECS Cluster(AWS Fargate)))
Client uploads object in S3, Event gets sent to Amazon EventBridge which creates new ECS task. ECS task has a role, and its task is to access S3 & DynamoDB. Then the result is saved in AmazonDB
ECS tasks invoked by Event Bridge Schedule
For example every 1 hour EventBridge runs an ECS task within AWS fargate in the ECS cluster
ECS SQS Queue example
Messages get sent in SQS queue, poll messages to Service A which is within an ECS Service Auto Scaling group
Amazon ECR (Elastic Container Registry)
Store and manage docker images on AWS
Private and Public repo (ECR Public Gallery)
Full integration with ECS, backed by S3
IAM access
Supports image vuln scanning, versioning, image tags, images lifecycle
How to use ECR with ECS cluster
ECR repo with 2 docker images.
ECS cluster with EC2 instance and 3 containers, each container pulls the image from the ECR repo
Amazon EKS
Amazon Elastic Kubernetes Service
What is EKS used for
launch managed Kubernetes cluster on AWS
EKS vs ECS
similar but use different API
When is EKS good to be used for?
If your company is already using Kubernetes on-prem
EKS Node Types
Managed Node Groups
- AWS manages them
- Part of ASG managed by EKS
- Supports on demand & spot instances
Self-Managed Nodes
- created by you, registered to EKS cluster and managed by ASG
- can use prebuilt AMI - EKS Optimised AMI
- supports on-demand & spots
AWS Fargate
- no maintenance required- no nodes managed
Amazon EKS - Data Volumes
Specify StorageClass manifest on EKS cluster
Leverage Container Storage Interface (CSI)
Supports
- EBS
- EFS (Fargate)
- FSx for Lustre
- FSx for NetApp ONTAP
AWS App Runner
managed service that deploys web app and APIs at scale
No infra exp required
start with source code or container image
automatically builds and deploys web app
Benefits of AWS App Runner
HA
LB
Encryption
VPC access support
Connect DB, cache, message queue service
