ECS Flashcards
What are the four basic AWS ECS concepts?
- Cluster
- Container definition
- Task definition
- Service definition
What is a cluster in AWS?
A cluster in ECS is a logical grouping of container instances. It serves as the foundation for your containerized applications.
What is the difference between a container definition and a task definition?
A container definition is for configuring a single container(usually the place of the image and port) within a task, while a task definition encompasses the entire configuration for a task, which may include one or more containers working in concert. Tasks are the actual runtime instances of your containers
What is the service definition in ECS?
Defines how many copies of a task should run and maintains the desired number of tasks. HA , scalability.
What is the purpose of an AWS ECS task role?
An AWS ECS task role is an IAM role that provides tasks within an ECS task definition with the necessary permissions to access AWS services and resources. It helps ensure secure interactions between your containers and AWS resources by granting the required permissions.
What are the different ECS cluster types?
- EC2 mode
- Fargate mode
What are the main differences between the EC2 launch type and the Fargate launch type in AWS Elastic Container Service (ECS)?
- In EC2 mode, you manage a cluster of EC2 instances, while in Fargate mode, AWS abstracts the underlying infrastructure.
- EC2 offers more control over instances, instance types, and networking, while Fargate is serverless and simplified.
- With EC2, you pay for instances, but in Fargate, you pay based on task-level resource consumption.
- EC2 allows for custom VPC and networking configurations, whereas Fargate offers simplified networking(can be added in your own custom/default VPC).
What are the primary use cases for AWS Fargate and the EC2 launch type in Amazon Elastic Container Service (ECS)?
AWS Fargate:
- Serverless and simplified deployments.
- Cost efficiency at the task level.
- Rapid scaling without managing instances.
- Ephemeral or batch workloads.
- Simplified networking.
EC2 Launch Type:
- Control over infrastructure, including instance types.
- Complex networking requirements.
- Custom AMIs and Docker daemons.
- Long-running services.
- Hybrid deployments with other AWS services or on-premises resources.
In Amazon Elastic Container Service (ECS), when a task is run within a Virtual Private Cloud (VPC), what does it take to enable network communication?
An Elastic Network Interface (ENI). The ENI provides network connectivity for the task, allowing it to send and receive network traffic within the VPC and access other AWS resources and services. The ENI’s configuration is defined in the task definition and is automatically managed by AWS when tasks are launched.
What are some key features of Amazon Elastic Container Registry (ECR) that make it a valuable choice for container image management and deployment within the AWS ecosystem?
- IAM Integration: ECR integrates with AWS Identity and Access Management (IAM), allowing fine-grained access control over container images.
- Image Scanning with Inspector: ECR provides image scanning capabilities with Amazon Inspector to identify and remediate security vulnerabilities.
- Near Real-Time Metrics with CloudWatch: It offers near real-time metrics through Amazon CloudWatch for monitoring and alerting.
- API Actions with CloudTrail: ECR actions can be audited with AWS CloudTrail to track image operations and changes.
- Events with EventBridge: You can set up event-driven workflows using Amazon EventBridge to trigger actions based on ECR image events.
- Replication (Cross-Region, Cross-Account): ECR supports image replication, allowing you to distribute container images across regions and accounts for improved availability and security.
