ECS, ECR, Fargate Flashcards
1
Q
What is Docker?
A
- Docker is a software development platform to deploy apps
- Apps are packaged in containers that can be run on any OS
2
Q
Where can you store Docker Images?
A
- Docker Hub (https://hub.docker.com)
- Public repository
- Amazon ECR (Amazon Elastic Container Registry)
– Private repository
– Public repository (Amazon ECR Public Gallery https://gallery.ecr.aws)
3
Q
Describe how to run Docker
A
- Create a Docker file
- Build the image
- Push / pull from Docker repository
- Run the image on the container
4
Q
What is Amazon ECS?
A
- Amazon Elastic Container Service (Amazon ECS)
- Amazon’s own container platform
5
Q
What is Amazon EKS?
A
- Amazon Elastic Kubernetes Service (Amazon EKS)
- Amazon’s managed Kubernetes (open source)
6
Q
What is AWS Fargate?
A
- Amazon’s own Serverless container platform
- Works with ECS and with EKS
7
Q
What is Amazon ECR?
A
Store container images
8
Q
Describe Amazon ECS - EC2 Launch Type
A
- Launch Docker containers on AWS = Launch ECS Tasks on ECS Clusters
- EC2 Launch Type: you must provision & maintain the infrastructure (the EC2
instances) - Each EC2 Instance must run the ECS Agent to register in the ECS Cluster
- AWS takes care of starting / stopping containers
9
Q
Describe Amazon ECS - Fargate Launch Type
A
- You do not provision the infrastructure (no EC2 instances to manage)
- It’s all Serverless!
- You just create task definitions
- AWS just runs ECS Tasks for you based on the CPU / RAM you need
- To scale, just increase the number of tasks. Simple - no more EC2 instances
10
Q
What are the 2 main IAM roles setting you have to know for ECS?
A
- EC2 Instance Profile
– Used by the ECS agent
– Makes API calls to ECS service
– Send container logs to CloudWatch Logs
– Pull Docker image from ECR
– Reference sensitive data in Secrets Manager or SSM Parameter Store - ECS Task Role
– Allows each task to have a specific role
– Use different roles for the different ECS Services you run
– Task Role is defined in the task definition
11
Q
Which Load Balancer integrations are supported with Amazon ECS?
A
- ALP
- NLB
12
Q
Whats the usage of Data Volumes (EFS) in ECS?
A
- Mount EFS file systems onto ECS tasks
- Works for both EC2 and Fargate launch types
- Tasks running in any AZ will share the same data in the EFS file system
- Fargate + EFS = Serverless
13
Q
What is the typical use case of EFS in ECS?
A
Persistent multi-AZ shared storage for your containers
14
Q
What is ECS Service Auto Scaling?
A
- Automatically increase/decrease the desired number of ECS tasks
- Amazon ECS Auto Scaling uses AWS Application Auto Scaling
15
Q
What are the metrics that can be used to setup Service Auto Scaling in ECS?
A
- ECS Service Average CPU Utilization
- ECS Service Average Memory Utilization - Scale on RAM
- ALB Request Count Per Target – metric coming from the ALB
16
Q
What are the 3 scaling type that can be set in ECS Service Auto Scaling?
A
- Target Tracking – scale based on target value for a specific CloudWatch metric
- Step Scaling – scale based on a specified CloudWatch Alarm
- Scheduled Scaling – scale based on a specified date/time (predictable changes)
17
Q
What can you set for ECR Rolling updates?
A
- Min healthy percent
- Max percent
18
Q
List 3 ways to invoke ECS Task
A
- Amazon EventBride invoke rule
- Amazon EventBride Scheduler
- SQS queue polling for messages
19
Q
What are ECS Task Definitions?
A
- Task definitions are metadata in JSON form to tell
ECS how to run a Docker container - It contains crucial information, such as:
– Image Name
– Port Binding for Container and Host
– Memory and CPU required
– Environment variables
– Networking information
– IAM Role
– Logging configuration (ex CloudWatch) - Can define up to 10 containers in a Task Definition
20
Q
What happens if you are using EC2 Launch Type with a load balancer and you don’t define the host port for the container?
A
- We get a Dynamic Host Port Mapping if you define only the container port in the task definition
- The ALB finds the right port on your EC2 Instances
- You must allow on the EC2 instance’s Security Group any port from the ALB’s Security Group
21
Q
How to provide ports in Fargate launch type with a load balancer?
A
- each task has a unique private ip
- only define the container port
22
Q
Give an example how to setup Security groups if you are using Fargate Launch type with a LB
A
- ECS ENI Security Group
– Allow port 80 from the ALB - ALB Security Group
– Allow port 80/443 from web
23
Q
Whats the best practice for IAM Roles for ECS Task definition
A
One IAM role for each unique Task Definition
24
Q
What type of environment variables can be set in ECS?
A
- Environment Variable
– Hardcoded – e.g., URLs
– SSM Parameter Store – sensitive variables (e.g., API keys, shared configs)
– Secrets Manager – sensitive variables (e.g., DB passwords) - Environment Files (bulk) – Amazon S3
25
What are ECS Bind Mounts?
* You can share data between multiple containers with the same Task definition
* EC2 Tasks using the instance storage -- data tied to instance lifecycle
* Fargate Tasks using ephemeral storage
26
What are the use cases op ECS Bind Mounts?
* Share ephemeral data between multiple containers
* “Sidecar” container pattern, where the “sidecar” container used to send metrics/logs to other destinations (separation of conerns)
27
What is ECS Task Placement?
Its used to define where to place a new task if using EC2 launch type.
* Task Placement Strategy
* Task Placement Contsraints
28
How ECS doing the Task Placement process?
* Task Placement Strategies are a best effort
* When Amazon ECS places a task, it uses the following process to select the appropriate EC2 Container instance:
1. Identify which instances that satisfy the CPU, memory, and port requirements
2. Identify which instances that satisfy the Task Placement Constraints
3. Identify which instances that satisfy the Task Placement Strategies
4. Select the instances
29
Define the ECS Task placement strategies
* Binpack: task are place on the least available amount of CPU and Memory (fill up instance), COST SAVING
* Random
* Spread: task are placed evenly based on a specific value; example: instanceId, attribute:ecs.availability-zone
30
How does a placement strategy JSON look?
"placementStrategy": [
{ "type": "spread" , "field" : "instanceId"}
]
31
Can you mix ECS Task placement strategiesM?
Yes you can give a list of them.
32
What are the 2 types of ECS Task Placement Constraints?
* distinctInstance : Tasks are placed on a different EC2 instance
* memberOf: Tasks are placed on EC2 instances that satisfy a specified expression, CQL
33
How does ECR login command look in CLI?
aws ecr get-login-password --region region | docker login --username AWS
--password-stdin aws_account_id.dkr.ecr.region.amazonaws.com
34
How does ECR push command look in CLI?
docker push aws_account_id.dkr.ecr.region.amazonaws.com/demo:latest
35
What is AWS Copilot?
* CLI tool to build, release, and operate production-ready containerized apps
* Run your apps on AppRunner, ECS, and Fargate
* Helps you focus on building apps rather than setting up infrastructure
* Provisions all required infrastructure for containerized apps (ECS, VPC, ELB, ECR…)
* Automated deployments with one command using CodePipeline
* Deploy to multiple environments
* Troubleshooting, logs, health status…
36
What are the EKS terms compared to ECS?
* EKS Node - ECR Task
* EKS Pods - Docker Agent
* EKS Worker Nodes - ECS Cluster
37
What are the Amazon EKS – Node Types?
* Managed Node Groups
* Self-Managed Nodes
* AWS Fargate
38
What are Amazon EKS - Data Volumes?
* Need to specify StorageClass manifest on your EKS cluster
* Leverages a Container Storage Interface (CSI) compliant driver
* Support for…
* Amazon EBS
* Amazon EFS (works with Fargate)
* Amazon FSx for Lustre
* Amazon FSx for NetApp ONTAP
