ECS, Fargate, ECR, EKS

Question 1

What is docker?

Answer 1

A software development platform used to deploy apps.

Apps are packaged in containers that can run in any OS.

Apps run the same way no matter where they are run.

Question 2

What are Docker use cases?

Answer 2

Any microservices architecture.

Lift and shift apps from onpremises to the cloud

Question 3

How do you run docker? What can you run in it?

Answer 3

You have a server, in which you run a docker agent.

From there you can start docker containers. For example your first docker container may contain a java application. And you could have multiple containers of the same java application.

You could run multiple different apps in different containers in different languages. And you can even run databases in containers.

Question 4

What is ECR?

Answer 4

Amazon Elastic Container Registry. A private repository to store your Docker images in aws.

There is a public repository option in ECR. The ECR Public Gallery

Question 5

What is a docker file?

Answer 5

A text file you make with the instructions on how to “build” a docker image. This defines how a docker container will look.

Question 6

What is a docker image?

Answer 6

A docker image is a container image. It’s an executable file that we use to create containers in a certain way.

It contains all the code, libraries, files and dependencies for your container app.

Question 7

What is a push? What is a pull?

Answer 7

A push is when you upload a docker image to a docker repository, like dockerhub or ECR.

A pull is when you get a docker image from a repository like dockerhub or ECR, and you run it to make containers.

Question 8

What is to run a docker image?

Answer 8

You run a docker image like an executable to get one or more docker containers from it.

Question 9

What is docker build?

Answer 9

The command for building a docker image from a docker file.

Question 10

What is ECS?

Answer 10

Amazons’ own container platform

Question 11

What is EKS?

Answer 11

Amazons’ managed version of Kubernetes

Question 12

What is Fargate?

Answer 12

Amazon’s serverless container platform.

Fargate works with both ECS and EKS

Question 13

How do you call launching containers on aws?

Answer 13

Launching an ECS task or service on an ECS cluster

Question 14

What are the EC2 launch types?

Answer 14

Fargate, EC2 and External.

It’s what the ECS Cluster is launched with.

In an EC2 launch type for example, the ECS cluster is made of EC2 instances.

Question 15

Who is an ECS cluster managed by in the EC2 launch type?

Answer 15

You have to manage the EC2 instances that make up the ECS cluster.

Question 16

What is the ECS agent?

Answer 16

The software the EC2 instances that make up the ECS cluster must run.

The ECS agent register the instances in the ECS service and the ECS cluster.

Question 17

What is fargate launch type?

Answer 17

Fargate is a launch type for ECS clusters, but it’s serverless and aws managed.

On fargate you just create task definitions. (Task definitions are the equivalent to docker files).

Question 18

What is a task definition in ECS?

Answer 18

A task definition defines what image the container will use, and the resources it will be given. Similar to docker file.

You can then launch services or tasks with this task definition.

You set it up in the management console, but in reality it’s just a json file.

Question 19

How does ECS fargate launch type scale?

Answer 19

You just run tasks for the cpu and ram you need, and fargate scales acordingly. No limit.

Question 20

What do you need an instance profile for in ECS?

Answer 20

When using EC2 launch type, you need an instance profile for the instances that are part of the ESC Cluster. This is needed for ECS agent communication, for example:
To pull docker images from ECR when launching tasks.
To allow the ECS agent to make api calls to the ECS service.
To send container logs to cloudwatch.

TLDR:
“EC2 Instance Profile is the IAM Role used by the ECS Agent on the EC2 instance to execute ECS-specific actions such as pulling Docker images from ECR and storing the container logs into CloudWatch Logs.”

Question 21

What is ECS Task Role?

Answer 21

ECS Task Role is the IAM Role used by the ECS task itself. Used when your container wants to call other AWS services like S3, SQS, etc.

Task roles are defined in the task definition.

Question 22

What are the options for load balance integrations with ECS?

Answer 22

ALB: Most common one.

NLB: Only for high throughput / High performance use cases, or with aws private link.

Question 23

What is the best way to configure data volumes in ECS?

Answer 23

With EFS.

By mounting EFS file systems to ECS tasks, all tasks will see the same data from the EFS share. Even tasks from different AZs.

Question 24

How is ASG related to ECS?

Answer 24

When creating an ECS cluster of the EC2 launch type, you are requested to create an ASG with an instance type.

This ASG will create instances across all AZs when you launch tasks on ECS.

Question 25

What can you define in the task definition?

Answer 25

Fargate, EC2, or External for launch type. (you can use both fargate and EC2)
OS (Linux, Windows)
Task Size (CPU, Memory)
Task Role for the tasks (IAM Role For containers in the tasks to be able to make api calls to other aws service resources)
Task execution role: For the container agent to make api calls
For the container 1: (You can configure more than one different container in a task definition).
Name
Docker image
Port Mappings (Allow the container to use the port of the host as its port)

Question 26

What is task size?

Answer 26

CPU and Memory used for the task.

Question 27

What is ECS Auto Scaling?

Answer 27

Automatically increase or decrease number of ECS tasks.

It uses the aws service “AWS application auto scaling”.

This is not the same as EC2 launch type auto scaling, which uses an ASG.

Question 28

What can you scale with ECS Auto Scaling?

Answer 28

CPU utilization, Memory utilization, and ALB request count per target

Question 28

What’s the key difference to know between Fargate and EC2 launch types?

Answer 28

Fargate is easier to set up, since it’s serverless and you don’t have to manage instances.

Also, when using fargate you only have to worry about ECS auto scaling and not any EC2 instance auto scaling groups.

With EC2 type you need to worry about both ECS auto scaling and EC2 auto Scaling group (Cluster Capacity Provider)

Question 29

How do you scale your EC2 instances when using ECS with EC2 launch type?

Answer 29

You have 2 options. You could scale the ASG with metrics like cpu utilization.

Or you can use the ECS Cluster Capacity Provider, which is better, because it automatically provisions and scales your EC2 cluster infrastructure as soon as you lack capacity to launch new ECS tasks.

Question 30

How can you integrate ECS with EventBridge? Example

Answer 30

Let’s say we have an ECS Cluster, and an S3 bucket.

You can have S3 notify EventBridge when an object is uploaded to this S3 bucket, and use an EventBridge rule to automatically launch an ECS Task whenever it receives an event from this S3 bucket.

The ECS task with a task role (for access) would then get this s3 object, process it and send the results to dynamodb for example.

This example is an architecture that could be serverless with fargate, and that processes images from your s3 bucket using a docker container.

A similar architecture but simpler, is a rule for scheduling an ECS task creation in eventbridge, for example every one hour. For example to process batches of s3 files hourly.

Question 31

How can you integrate ECS with SQS? Example

Answer 31

You can have an ECS cluster with a service that polls an SQS queue and processes them.

You can add ECS auto scaling so that the more messages we have in our SQS queue the more tasks we will have in our ECS Service.

Question 32

How can you integrate ECS with SNS and Event Bridge? Example

Answer 32

You could have configured a rule in event bridge that sends an event when an ECS task is exiting, or starting, in your cluster.

You can integrate SNS with eventbridge to send a notification when this event happens, which could have as destination an administrator email.

Question 33

What can you define on ECS Cluster Creation?

Answer 33

Name
Infrastructure: Fargate or EC2.

For EC2 you choose:
ASG
Provisioning model: On demand or spot.
Container AMI (Linux or windows)
EC2 instance tipe
EC2 instance role: For the instances to make api calls.
Desired capacity: Min and max for the ASG
key pair
Root EBS volume size
Network Settings (For EC2 only):
VPC (for region you are in)
Subnets for each AZ
security group
Public ip

Question 34

What is an ECS Service? How does it work?

Answer 34

A group of 1 or more ECS tasks created following a specific ECS task definition.

This service with its tasks run an application.

The difference in running standalone tasks and running tasks within a service, is that the service scheduler starts a new task if one of its running tasks fails.

You can also optionally run your service behind a load balancer. The load balancer distributes traffic across the tasks that are associated with the service.

Question 35

What is the process to deploying containers in ECS?

Answer 35

First create an ecs cluster
Create a task definition
Create a service or task

Question 36

What service backs the ECR Repositories?

Answer 36

S3

Question 37

What are the 2 EKS launch modes?

Answer 37

EC2 for Worker Nodes, and Fargate for Serverless instances.

Question 38

How do EKS pods, nodes, and worker nodes relate to each other?

Answer 38

Worker Nodes are EC2 instances managed by an ASG managed by EKS.
1 or more Pods run inside a worker node

With fargate you don’t use nodes.

Pods have assigned resources they can consume. So the amount of pods on an instance or worker node depends on the resources of the instance. This is decided by the kubernetes scheduler.

In eks nodes are always worker nodes, since the kubernetes master node in EKS is AWS managed.

Question 39

What is a StorageClass in EKS?

Answer 39

It comes from kubernetes. Storage Class is a configuration you make for using data volumes in EKS.

In EKS you can use EBS, EFS, and FSx for lustre or netapp as k8s data volumes.

Question 40

What is AWS App Runner?

Answer 40

A fully managed service for deploying web apps and apis at scale

No infrastructure knowledge is required. Anyone can use it.

Question 41

How do you configure App Runner?

Answer 41

You give a container image or source code to the service.
You configure resource settings: How much cpu, memory, auto scaling, health checks.

Only with this information, app runner will start building and creating the web app.

Question 42

You have an application hosted on an ECS Cluster (EC2 Launch Type) where you want your ECS tasks to upload files to an S3 bucket. Which IAM Role for your ECS Tasks should you modify?

EC2 instance profile
EC2 Task Role

Answer 42

EC2 Task Role.

The instance profile is for the EC2 instances permissions. In this case the app runs of the ecs task or container, not on the instance. So the permission needs to be allowed on the task role.

Question 43

Which of these 2 IAM roles is used for container app communication with other AWS Services, when using EC2 launch type?

Task Role
Instance Role

Answer 43

Task Role