ECS / Fargate

Question 1

What is ECS?

Answer 1

• Elastic Container Service - fully managed container service.
• The AWS Docker container Service that handles the orchestration and provisioning of Dock Containers.

Question 2

What are the componets of ECS?

Answer 2

• Cluster
• Task Definition
• Task Service
• Container Agent

Question 3

Describe an ECS cluster

Answer 3

Multiple EC2 instances which will house the docker containers

Question 4

Describe an ECS Task Definition

Answer 4

• A JSON file that defines the configuration of (up to 10) containers that you want to run
• Does NOT run the container, but provides the directions of HOW the container should run.
• Should contain a Task Role which is an IAM role that tasks will use to make API requests to authorized AWS services.

Question 5

Describe an ECS Task

Answer 5

Launches containers defined in the Task Definition. Tasks do not remain running once the workload is complete.

Question 6

Describe an ECS task service

Answer 6

A service is a long running task (think web app) of the same task definition.

Question 7

Describe an ECS Container Agent

Answer 7

A Binary on each EC2 instance which monitors, starts, and stops tasks

Question 8

What is an ECR

Answer 8

Elastic Container Registry

Like a github for docker images

Store, manage, and deploy docker container images

Question 9

What is Fargate?

Answer 9

• A serverless container.
• Run containers and pay based on a duration and consumption
• Has Cold Starts
• Duration: can be infinite
• Memory: Up to 30 GB of memory
• Pricing: Pay at least 1 minute and every additional second.

Question 10

What are the three main types of ECS Docker Containers?

Answer 10

• Classic - provision EC2 instances to run containers onto
• Fagate - ECS Serverless - no need to provision EC2
• EKS (Kubernetes) - not yet on exam

Question 11

Does ECS integrate with CloudWatch?

Answer 11

• Yes. You need to setup logging at the task definition level
• Each container will have a different log stream.
• EC2 Instance Profile needs to have the correct IAM permissions.
• Use IAM Task Roles for your tasks
• Task Placement Strategies: binpack, random, spread

Question 12

You are looking to run Microservices with Docker containers. Which service can help you manage these containers ?

Answer 12

ECS - Elastic Container Service

Question 13

Which ECS config must you enable in /etc/ecs/ecs.config to allow your ECS tasks to endorse IAM roles?

Answer 13

ECS_ENABLE_TASK_IAM_ROLE

(Just remeber task roles)

Question 14

You are looking to push Docker images into ECR with your AWS CodePipeline and CodeBuild. The last step fails with an authorization issue. What is the issue?

Answer 14

Double check your IAM permissions for CodeBuild service

Question 15

You are looking to run multiple instances of the same application on the same EC2 instance and expose it with a load balancer. The application is available as a Docker container. Which load balancer should you use?

Answer 15

Application Load Balancer (ALB) + ESC (dynamic port values)

Question 16

You are running a web application on ECS, the Docker image is stored on ECR, and trying to launch two containers of the same type on EC2. The first container starts, but the second one doesn’t. You have checked and there’s enough CPU and RAM available on the EC2 instance. What’s the problem?

Answer 16

The host port is being defined in the task definition.

To enable random host port, set host port = 0 (or empty), which allows multiple containers of the same type to launch on the same instance The dynamic port forwarding on the ALB will know where to route the request to.

Note: Container ports still need to be defined in the task definition file.