ECS, Fargate, ECR, EKS Flashcards
What is docker?
A software development platform used to deploy apps.
Apps are packaged in containers that can run in any OS.
Apps run the same way no matter where they are run.
What are Docker use cases?
Any microservices architecture.
Lift and shift apps from onpremises to the cloud
How do you run docker? What can you run in it?
You have a server, in which you run a docker agent.
From there you can start docker containers. For example your first docker container may contain a java application. And you could have multiple containers of the same java application.
You could run multiple different apps in different containers in different languages. And you can even run databases in containers.
What is ECR?
Amazon Elastic Container Registry. A private repository to store your Docker images in aws.
There is a public repository option in ECR. The ECR Public Gallery
What is a docker file?
A text file you make with the instructions on how to “build” a docker image. This defines how a docker container will look.
What is a docker image?
A docker image is a container image. It’s an executable file that we use to create containers in a certain way.
It contains all the code, libraries, files and dependencies for your container app.
What is a push? What is a pull?
A push is when you upload a docker image to a docker repository, like dockerhub or ECR.
A pull is when you get a docker image from a repository like dockerhub or ECR, and you run it to make containers.
What is to run a docker image?
You run a docker image like an executable to get one or more docker containers from it.
What is docker build?
The command for building a docker image from a docker file.
What is ECS?
Amazons’ own container platform
What is EKS?
Amazons’ managed version of Kubernetes
What is Fargate?
Amazon’s serverless container platform.
Fargate works with both ECS and EKS
How do you call launching containers on aws?
Launching an ECS task or service on an ECS cluster
What are the EC2 launch types?
Fargate, EC2 and External.
It’s what the ECS Cluster is launched with.
In an EC2 launch type for example, the ECS cluster is made of EC2 instances.
Who is an ECS cluster managed by in the EC2 launch type?
You have to manage the EC2 instances that make up the ECS cluster.
What is the ECS agent?
The software the EC2 instances that make up the ECS cluster must run.
The ECS agent register the instances in the ECS service and the ECS cluster.
What is fargate launch type?
Fargate is a launch type for ECS clusters, but it’s serverless and aws managed.
On fargate you just create task definitions. (Task definitions are the equivalent to docker files).
What is a task definition in ECS?
A task definition defines what image the container will use, and the resources it will be given. Similar to docker file.
You can then launch services or tasks with this task definition.
You set it up in the management console, but in reality it’s just a json file.
How does ECS fargate launch type scale?
You just run tasks for the cpu and ram you need, and fargate scales acordingly. No limit.
What do you need an instance profile for in ECS?
When using EC2 launch type, you need an instance profile for the instances that are part of the ESC Cluster. This is needed for ECS agent communication, for example:
To pull docker images from ECR when launching tasks.
To allow the ECS agent to make api calls to the ECS service.
To send container logs to cloudwatch.
TLDR:
“EC2 Instance Profile is the IAM Role used by the ECS Agent on the EC2 instance to execute ECS-specific actions such as pulling Docker images from ECR and storing the container logs into CloudWatch Logs.”
What is ECS Task Role?
ECS Task Role is the IAM Role used by the ECS task itself. Used when your container wants to call other AWS services like S3, SQS, etc.
Task roles are defined in the task definition.
What are the options for load balance integrations with ECS?
ALB: Most common one.
NLB: Only for high throughput / High performance use cases, or with aws private link.
What is the best way to configure data volumes in ECS?
With EFS.
By mounting EFS file systems to ECS tasks, all tasks will see the same data from the EFS share. Even tasks from different AZs.
How is ASG related to ECS?
When creating an ECS cluster of the EC2 launch type, you are requested to create an ASG with an instance type.
This ASG will create instances across all AZs when you launch tasks on ECS.
What can you define in the task definition?
Fargate, EC2, or External for launch type. (you can use both fargate and EC2)
OS (Linux, Windows)
Task Size (CPU, Memory)
Task Role for the tasks (IAM Role For containers in the tasks to be able to make api calls to other aws service resources)
Task execution role: For the container agent to make api calls
For the container 1: (You can configure more than one different container in a task definition).
Name
Docker image
Port Mappings (Allow the container to use the port of the host as its port)
What is task size?
CPU and Memory used for the task.
What is ECS Auto Scaling?
Automatically increase or decrease number of ECS tasks.
It uses the aws service “AWS application auto scaling”.
This is not the same as EC2 launch type auto scaling, which uses an ASG.
What can you scale with ECS Auto Scaling?
CPU utilization, Memory utilization, and ALB request count per target
What’s the key difference to know between Fargate and EC2 launch types?
Fargate is easier to set up, since it’s serverless and you don’t have to manage instances.
Also, when using fargate you only have to worry about ECS auto scaling and not any EC2 instance auto scaling groups.
With EC2 type you need to worry about both ECS auto scaling and EC2 auto Scaling group (Cluster Capacity Provider)
How do you scale your EC2 instances when using ECS with EC2 launch type?
You have 2 options. You could scale the ASG with metrics like cpu utilization.
Or you can use the ECS Cluster Capacity Provider, which is better, because it automatically provisions and scales your EC2 cluster infrastructure as soon as you lack capacity to launch new ECS tasks.
How can you integrate ECS with EventBridge? Example
Let’s say we have an ECS Cluster, and an S3 bucket.
You can have S3 notify EventBridge when an object is uploaded to this S3 bucket, and use an EventBridge rule to automatically launch an ECS Task whenever it receives an event from this S3 bucket.
The ECS task with a task role (for access) would then get this s3 object, process it and send the results to dynamodb for example.
This example is an architecture that could be serverless with fargate, and that processes images from your s3 bucket using a docker container.
A similar architecture but simpler, is a rule for scheduling an ECS task creation in eventbridge, for example every one hour. For example to process batches of s3 files hourly.
How can you integrate ECS with SQS? Example
You can have an ECS cluster with a service that polls an SQS queue and processes them.
You can add ECS auto scaling so that the more messages we have in our SQS queue the more tasks we will have in our ECS Service.
How can you integrate ECS with SNS and Event Bridge? Example
You could have configured a rule in event bridge that sends an event when an ECS task is exiting, or starting, in your cluster.
You can integrate SNS with eventbridge to send a notification when this event happens, which could have as destination an administrator email.
What can you define on ECS Cluster Creation?
Name
Infrastructure: Fargate or EC2.
For EC2 you choose:
ASG
Provisioning model: On demand or spot.
Container AMI (Linux or windows)
EC2 instance tipe
EC2 instance role: For the instances to make api calls.
Desired capacity: Min and max for the ASG
key pair
Root EBS volume size
Network Settings (For EC2 only):
VPC (for region you are in)
Subnets for each AZ
security group
Public ip
What is an ECS Service? How does it work?
A group of 1 or more ECS tasks created following a specific ECS task definition.
This service with its tasks run an application.
The difference in running standalone tasks and running tasks within a service, is that the service scheduler starts a new task if one of its running tasks fails.
You can also optionally run your service behind a load balancer. The load balancer distributes traffic across the tasks that are associated with the service.
What is the process to deploying containers in ECS?
First create an ecs cluster
Create a task definition
Create a service or task
What service backs the ECR Repositories?
S3
What are the 2 EKS launch modes?
EC2 for Worker Nodes, and Fargate for Serverless instances.
How do EKS pods, nodes, and worker nodes relate to each other?
Nodes are EC2 instances managed by an ASG managed by EKS.
1 or more Pods run inside a node. ?????
With fargate you don’t use nodes.
What is a StorageClass in EKS?
It comes from kubernetes. Storage Class is a configuration you make for using data volumes in EKS.
In EKS you can use EBS, EFS, and FSx for lustre or netapp as k8s data volumes.
What is AWS App Runner?
A fully managed service for deploying web apps and apis at scale
No infrastructure knowledge is required. Anyone can use it.
How do you configure App Runner?
You give a container image or source code to the service.
You configure resource settings: How much cpu, memory, auto scaling, health checks.
Only with this information, app runner will start building and creating the web app.
You have an application hosted on an ECS Cluster (EC2 Launch Type) where you want your ECS tasks to upload files to an S3 bucket. Which IAM Role for your ECS Tasks should you modify?
EC2 instance profile
EC2 Task Role
EC2 Task Role.
You have an application hosted on an ECS Cluster (EC2 Launch Type) where you want your ECS tasks to upload files to an S3 bucket. Which IAM Role for your ECS Tasks should you modify?
Which of these 2 IAM roles is used for container app communication with other AWS Services, when using EC2 launch type?
Task Role
Instance Role
Task Role
