ECS - Elastic Container Service Flashcards
What is ECS?
Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service
What is popular for ECS and Docker?
microservices and migration
Where are apps packaged in Docker?
in containers
What OSs, languages and technologies can be run into Docker containers?
any OS, language, or technology
How interact and how are impacted the Docker containers that are running on the same machine
they don’t interact with each other unless we tell them to and they don’t impact each other, so if one application is going crazy the other ones won’t be impacted
Where are Docker images stored?
Docker images are stored in Docker Repositories and there are two types of repositories:
o Public: Docker Hub https://hub.docker.com/
Find base images for many technologies or OS:
- Ubuntu
- MySQL
- NodeJS
- Java…
o Private: Amazon ECR (Elastic Container Registry)
What is the main difference between Docker and a VM?
Docker containers run on the Docker Engine which uses just 1 Guest OS.
Each app in a VM run on a Guest OS and these OS run on the Hypervisor
Whar are the ECS flavors?
- ECS “Classic”
- Fargate: ECS
- EKS
What is ECS “Classic”?
Provision EC2 instances to run containers onto.
What you must configure in EC2 to use ECS “Classic”?
We must configure the file /etc/ecs/ecs.config with the cluster name.
What is Fargate?
ECS Serverless, no more EC2 to provision
What is EKS?
Managed Kubernetes by AWS
What are ECS clusters?
logical grouping of EC2 instances running the ECS agent
What is the job of the ECS agent?
to register the instance to the ECS cluster
What can you say about the EC2 instances AMI used in an ECS cluster?
The EC2 instances run a special AMI, made specifically for ECS
Can you create an empty ECS cluster?
Yes, by just defining its name
In ECS “Classic” what kind of Instance Launch types can be used?
On-demand and spot instances
What Instance configuration can you define in an ECS “classic” definition?
o EC2 instance launch type o EC2 instance type o # of instances. o EC2 AMI id. o EBS storage (GB). o Key pair.
How is CloudWatch integrated to ECS?
CloudWatch Container Insights: Each container will have a different log stream.
How is used the EC2 instances CPU and memory in ECS?
The EC2 instances in the cluster each have CPU and Memory values that are going to be shared among the containers.
What is created by default when you finish defining the ECS instance configuration?
By default, an Auto Scaling Group is created in the cluster based on your instance configuration provided in the cluster
When an instance in ECS starts how does it know to register to the cluster?
It uses the Instance User Data
What are ECS tasks definitions?
Tasks definitions are metadata in JSON form to tell ECS how to run a Docker Container
What are the 4 most important aspects defined in an ECS task definition?
o Docker Image
o Port Binding for Container and Host (no needed for Fargate)
o Memory and CPU required
o IAM Task Role
What is the network mode used by Fargate?
awsvpc
What is an ECS Service?
- ECS Services help define how many tasks should run and how they should be run
- They ensure that the number of tasks desired is running across our fleet of EC2 instances.
What you need to do when you update your ECS task definition?
Whenever you update the Task Definition you must update your Service to use latest task definition revision.
What are the ECS service types?
Replica
Daemon
What is the ECS service type used by Fargate?
Replica
What is the ECS service type replica?
Places and maintains the desired number of tasks across your cluster. By default, the service scheduler spreads tasks across Availability Zones.
What is the ECS service type daemon?
1 task per ECS instance. No need to specify a desired number of tasks, a task placement strategy, or use Service Auto Scaling policies. Useful for monitoring
What are the most important aspects defined in an ECS service?
- Launch type (EC2 or Fargate)
- Task definition revision
- Cluster
- Number of tasks
- Task placement (not in Fargate)
- Load Balancing
- Service Auto Scaling
What are the ECS Service deployment types?
- Rolling update
- Blue/green powered by CodeDeploy
What you must do to define a Load Balancer for an ECS service?
a Load Balancer can only be set at service creation level, so you must create a new service
What you must do to delete a service?
set the number of tasks to 0
What happens if you have 1 instance running in your cluster running 1 task which has a port mapping 8080 -> 80 and you try to run a second task?
it will try to run it in the same instance with the same port mapping configuration and you will get this error. You can update your cluster number of instances to 2 and then it will deploy the second task in the second instance.
What feature is provided by ALB for ECS?
The ALB has a feature named dynamic port forwarding which basically will route the traffic to the random port and basically spread our load on our different containers. This is how you run multiple same tasks on the same EC2 instance.
What must be done in ECS task definition to work with the ALB?
You must create a new task definition revision by excluding any host ports. What will happen is that we just specify a container port and the host port becomes random.
What you need to do on your EC2 instances if you set an ALB in front of your ECS cluster?
You need to update the EC2 instances security group to accept all protocols traffic from all the ports from the ALB security group
What is ECR?
• A fully-managed container registry that makes it easy for developers to store, manage, and deploy container images.
What if you get a permission error while trying to access ECR?
Check the IAM policy
What you need to have in your computer to push an image to ECR?
Make sure you have Docker installed in your computer and either
• latest version of AWS tools for PowerShell (Windows)
• latest version of the AWS CLI (Mac/Linux).
What are the steps to push an image to ECR?
- Create a Repository in ECR
- Authenticate in ECR using the CLI
- Build your docker image
- Tag the image so you can push it to the repository
- Push the image
How can you authenticate in ECR using the CLI?
- AWS CLI v1 login command
- AWS CLI v2 login command (newer)
What is it about AWS CLI v1 login command in ECR?
It is about executing the output of
$(aws ecr get-login –no-include-email –region REGION)
What is it about AWS CLI v2 login command in ECR?
1st part before the pipe (|) gives you the password used by the 2nd part to login.
aws ecr get-login-password –region REGION | docker login –username AWS –password-stdin ACCOUNT.dkr.ecr.REGION.amazonaws.com
How do you scale in Fargate?
By increasing the number of tasks
What you don’t define in Fargate?
Nothing related to EC2 instances. It is serverless
What are the 2 most important ECS IAM Roles?
- EC2 Instance Profile or ECS Instance Role
* ECS Task Role
What is ECS EC2 Instance Profile?
Used by the ECS agent to make API calls to ECS service like sending container logs to CloudWatch Logs or pulling docker images from ECR
What is ECS Task Role?
Allows each task to have a specific role with the minimum permissions. Use different roles for the different ECS Services you run. Task Role is defined in the task definition, 1 task role per task.
What are the ECS Task Placement Strategies?
- Binpack
- Random
- Spread
- A combination of these
What is Binpack ECS Task Placement Strategy?
- Place tasks based on the least available amount of CPU or memory (it puts the tasks in the instance with more tasks).
- This minimizes the number of instances in use (cost savings)
What is Spread ECS Task Placement Strategy?
- Place the task evenly based on the specified value.
* Example: instanceId, attribute:ecs.availability-zone
What are the ECS Task Placement Constrains?
- distinctInstance
- memberOf
What is distinctInstance ECS Task Placement Constrain?
place each task on a different container instance
What is memberOf ECS Task Placement Constrain?
places task on instances that satisfy an expression. Uses the Cluster Query Language (advanced).
I.e.: all the tasks should be placed on t2 instances
What are the scaling policies used by ECS Service Auto Scaling
It uses the same auto scaling service as used in EC2 auto scaling groups
o Target Tracking
o Step Scaling
o Scheduled Scaling
What can you do if you want to do ECS Service Auto Scaling + EC2 Auto Scaling in your cluster
Use ECS Cluster Capacity Provider
What is ECS Cluster Capacity Provider?
A Capacity Provider is used in association with a cluster to determine the infrastructure that a task runs on
What are FARGATE and FARGATE_SPOT capacity providers?
The FARGATE and FARGATE_SPOT capacity providers are added automatically to Fargate
What you need to do to add a Capacity Provider to ECS “classic”?
For Amazon ECS on EC2, you need to associate the capacity provider with an auto-scaling group
