ECS, ECR, Fargate

Question 1

What is Docker?

Answer 1

• Docker is a software development platform to deploy apps
• Apps are packaged in containers that can be run on any OS

Question 2

Where can you store Docker Images?

Answer 2

• Docker Hub (https://hub.docker.com)
• • Public repository
• Amazon ECR (Amazon Elastic Container Registry)
  – Private repository
  – Public repository (Amazon ECR Public Gallery https://gallery.ecr.aws)

Question 3

Describe how to run Docker

Answer 3

1. Create a Docker file
2. Build the image
3. Push / pull from Docker repository
4. Run the image on the container

Question 4

What is Amazon ECS?

Answer 4

• Amazon Elastic Container Service (Amazon ECS)
• Amazon’s own container platform

Question 5

What is Amazon EKS?

Answer 5

• Amazon Elastic Kubernetes Service (Amazon EKS)
• Amazon’s managed Kubernetes (open source)

Question 6

What is AWS Fargate?

Answer 6

• Amazon’s own Serverless container platform
• Works with ECS and with EKS

Question 7

What is Amazon ECR?

Answer 7

Store container images

Question 8

Describe Amazon ECS - EC2 Launch Type

Answer 8

• Launch Docker containers on AWS = Launch ECS Tasks on ECS Clusters
• EC2 Launch Type: you must provision & maintain the infrastructure (the EC2
  instances)
• Each EC2 Instance must run the ECS Agent to register in the ECS Cluster
• AWS takes care of starting / stopping containers

Question 9

Describe Amazon ECS - Fargate Launch Type

Answer 9

• You do not provision the infrastructure (no EC2 instances to manage)
• It’s all Serverless!
• You just create task definitions
• AWS just runs ECS Tasks for you based on the CPU / RAM you need
• To scale, just increase the number of tasks. Simple - no more EC2 instances

Question 10

What are the 2 main IAM roles setting you have to know for ECS?

Answer 10

• EC2 Instance Profile
  – Used by the ECS agent
  – Makes API calls to ECS service
  – Send container logs to CloudWatch Logs
  – Pull Docker image from ECR
  – Reference sensitive data in Secrets Manager or SSM Parameter Store
• ECS Task Role
  – Allows each task to have a specific role
  – Use different roles for the different ECS Services you run
  – Task Role is defined in the task definition

Question 11

Which Load Balancer integrations are supported with Amazon ECS?

Answer 11

• ALP
• NLB

Question 12

Whats the usage of Data Volumes (EFS) in ECS?

Answer 12

• Mount EFS file systems onto ECS tasks
• Works for both EC2 and Fargate launch types
• Tasks running in any AZ will share the same data in the EFS file system
• Fargate + EFS = Serverless

Question 13

What is the typical use case of EFS in ECS?

Answer 13

Persistent multi-AZ shared storage for your containers

Question 14

What is ECS Service Auto Scaling?

Answer 14

• Automatically increase/decrease the desired number of ECS tasks
• Amazon ECS Auto Scaling uses AWS Application Auto Scaling

Question 15

What are the metrics that can be used to setup Service Auto Scaling in ECS?

Answer 15

• ECS Service Average CPU Utilization
• ECS Service Average Memory Utilization - Scale on RAM
• ALB Request Count Per Target – metric coming from the ALB

Question 16

What are the 3 scaling type that can be set in ECS Service Auto Scaling?

Answer 16

• Target Tracking – scale based on target value for a specific CloudWatch metric
• Step Scaling – scale based on a specified CloudWatch Alarm
• Scheduled Scaling – scale based on a specified date/time (predictable changes)

Question 17

What can you set for ECR Rolling updates?

Answer 17

• Min healthy percent
• Max percent

Question 18

List 3 ways to invoke ECS Task

Answer 18

• Amazon EventBride invoke rule
• Amazon EventBride Scheduler
• SQS queue polling for messages

Question 19

What are ECS Task Definitions?

Answer 19

• Task definitions are metadata in JSON form to tell
  ECS how to run a Docker container
• It contains crucial information, such as:
  – Image Name
  – Port Binding for Container and Host
  – Memory and CPU required
  – Environment variables
  – Networking information
  – IAM Role
  – Logging configuration (ex CloudWatch)
• Can define up to 10 containers in a Task Definition

Question 20

What happens if you are using EC2 Launch Type with a load balancer and you don’t define the host port for the container?

Answer 20

• We get a Dynamic Host Port Mapping if you define only the container port in the task definition
• The ALB finds the right port on your EC2 Instances
• You must allow on the EC2 instance’s Security Group any port from the ALB’s Security Group

Question 21

How to provide ports in Fargate launch type with a load balancer?

Answer 21

• each task has a unique private ip
• only define the container port

Question 22

Give an example how to setup Security groups if you are using Fargate Launch type with a LB

Answer 22

• ECS ENI Security Group
  – Allow port 80 from the ALB
• ALB Security Group
  – Allow port 80/443 from web

Question 23

Whats the best practice for IAM Roles for ECS Task definition

Answer 23

One IAM role for each unique Task Definition

Question 24

What type of environment variables can be set in ECS?

Answer 24

• Environment Variable
  – Hardcoded – e.g., URLs
  – SSM Parameter Store – sensitive variables (e.g., API keys, shared configs)
  – Secrets Manager – sensitive variables (e.g., DB passwords)
• Environment Files (bulk) – Amazon S3

Question 25

What are ECS Bind Mounts?

Answer 25

• You can share data between multiple containers with the same Task definition
• EC2 Tasks using the instance storage – data tied to instance lifecycle
• Fargate Tasks using ephemeral storage

Question 26

What are the use cases op ECS Bind Mounts?

Answer 26

• Share ephemeral data between multiple containers
• “Sidecar” container pattern, where the “sidecar” container used to send metrics/logs to other destinations (separation of conerns)

Question 27

What is ECS Task Placement?

Answer 27

Its used to define where to place a new task if using EC2 launch type.
* Task Placement Strategy
* Task Placement Contsraints

Question 28

How ECS doing the Task Placement process?

Answer 28

• Task Placement Strategies are a best effort
• When Amazon ECS places a task, it uses the following process to select the appropriate EC2 Container instance:
  1. Identify which instances that satisfy the CPU, memory, and port requirements
  2. Identify which instances that satisfy the Task Placement Constraints
  3. Identify which instances that satisfy the Task Placement Strategies
  4. Select the instances

Question 29

Define the ECS Task placement strategies

Answer 29

• Binpack: task are place on the least available amount of CPU and Memory (fill up instance), COST SAVING
• Random
• Spread: task are placed evenly based on a specific value; example: instanceId, attribute:ecs.availability-zone

Question 30

How does a placement strategy JSON look?

Answer 30

“placementStrategy”: [
{ “type”: “spread” , “field” : “instanceId”}
]

Question 31

Can you mix ECS Task placement strategiesM?

Answer 31

Yes you can give a list of them.

Question 32

What are the 2 types of ECS Task Placement Constraints?

Answer 32

• distinctInstance : Tasks are placed on a different EC2 instance
• memberOf: Tasks are placed on EC2 instances that satisfy a specified expression, CQL

Question 33

How does ECR login command look in CLI?

Answer 33

aws ecr get-login-password –region region | docker login –username AWS
–password-stdin aws_account_id.dkr.ecr.region.amazonaws.com

Question 34

How does ECR push command look in CLI?

Answer 34

docker push aws_account_id.dkr.ecr.region.amazonaws.com/demo:latest

Question 35

What is AWS Copilot?

Answer 35

• CLI tool to build, release, and operate production-ready containerized apps
• Run your apps on AppRunner, ECS, and Fargate
• Helps you focus on building apps rather than setting up infrastructure
• Provisions all required infrastructure for containerized apps (ECS, VPC, ELB, ECR…)
• Automated deployments with one command using CodePipeline
• Deploy to multiple environments
• Troubleshooting, logs, health status…

Question 36

What are the EKS terms compared to ECS?

Answer 36

• EKS Node - ECR Task
• EKS Pods - Docker Agent
• EKS Worker Nodes - ECS Cluster

Question 37

What are the Amazon EKS – Node Types?

Answer 37

• Managed Node Groups
• Self-Managed Nodes
• AWS Fargate

Question 38

What are Amazon EKS - Data Volumes?

Answer 38

• Need to specify StorageClass manifest on your EKS cluster
• Leverages a Container Storage Interface (CSI) compliant driver
• Support for…
• Amazon EBS
• Amazon EFS (works with Fargate)
• Amazon FSx for Lustre
• Amazon FSx for NetApp ONTAP