Key Concepts

Question 1

What is ECS?

Answer 1

Elastic container service is a fully managed cloud container orchestration service. It runs multiple containers using EC2 instances OR Fargate

Question 2

ECS Cluster

Answer 2

a logical grouping of EC2 instances or Fargate resources are run

Question 3

Task

Answer 3

a single instance of running a container or a group of containers that define how a containerized application should be deployed

Question 4

Task Definition

Answer 4

a template that describes the source of the application image, resources required in the terms of CPU and memory units container, and host port mapping, and other critical info

Question 5

Why use ECS over EC2?

Answer 5

Although from a high level they appear to host workloads and are pretty similar, on a deeper level they are suited for different types of workloads and are different.

ECS (Elastic Container Service):
1. Container Orchestration: Manages and scales containers automatically.
2. Simplified Management: No need to manage underlying EC2 instances if using Fargate.
3. Optimized Scaling: Easily scales containers up or down based on demand.
4. Integration: Built-in support for AWS services (e.g., IAM, CloudWatch).
5. Cost Efficiency: Pay only for resources used (compute & memory), especially with Fargate.

EC2 (Elastic Compute Cloud):
1. Full Control: Offers more flexibility with instance types and configurations.
2. Custom Configurations: Ideal for custom environments that need full OS control.
3. Persistent Workloads: Better suited for applications needing long-running processes or custom networking.

Question 6

Availability Zone (AZ)

Answer 6

a distinct location within an AWS Region. Each AWS Region consists of multiple Availability Zones, which are designed to be isolated from failures in other zones. This provides redundancy and fault tolerance.
1. physical locations
2. high availability
3. low latency
4. Redundancy and Disaster Recovery
5. Usage in AWS Services

Question 7

What is an ECS service?

Answer 7

A long-running ECS task that can be managed, scaled, and monitored ensuring the desired number of tasks are always running

Question 8

How does ECS manage access control?

Answer 8

Through IAM roles and policies

Question 9

Which service integrates with ECS for secrets management?

Answer 9

AWS Secrets Manager or Systems Manager Parameter Store for managing sensitive data

Question 10

What is ECR?

Answer 10

A fully managed container image registry service that allows you to store, manage, and deploy Docker container images

Question 11

How does ECR integrate with ECS?

Answer 11

ECR stores container images that ECS pulls to deploy and run tasks

Question 12

Target group

Answer 12

a set of registered targets (ECS tasks) to which a load balancer distributes traffic. It contains health check settings for monitoring targets

Question 12

Load Balancer

Answer 12

distributes incoming application traffic across multiple tasks or containers to ensure high availability and reliability

Question 13

Service Directory

Answer 13

a feature that enables ECS tasks to automatically register with DNS. This makes it easy to find and connect to tasks across clusters

Question 13

capacity provider

Answer 13

defines the infrastructure capacity available for the tasks in your cluster. ECS uses capacity providers to determine where to place tasks

Question 14

IAM Roles for ECS

Answer 14

1. Task Role: Permissions for the tasks to interact with AWS services
2. Execution Role: Permissions for ECS to pull images, write logs, etc

Question 15

ECS Service Auto Scaling

Answer 15

Adjusts the number of tasks in your service based on demand, helping manage scaling automatically

Question 16

Placement Strategies and Contraints

Answer 16

Defines rules for task placement, such as balancing tasks across availability zones or restricting placement to specific instances

Question 17

ECS Agent

Answer 17

A component that runs on container instances and communicates with ECS API to handle task operations

Question 18

Task Definition Revision

Answer 18

Every time a task definition is updated, a new revision is created. ECS uses these revisions to run tasks, so you can revert to previous versions if needed

Question 19

Container Defintion

Answer 19

Part of a task definition where that specifies individual container configurations, such as image, port mappings, environment variables, logging, and storage

Question 20

Port Mapping

Answer 20

specifies which ports are open to the external network and which are connected to the container within the task definition

Question 21

Environment Variables

Answer 21

variables passed to the containers, often used to configure containerized applications, such as database connection strings or API keys

Question 22

Log configuration

Answer 22

defines how logs from containers are managed. ECS can send logs to AWS services like CloudWatch or to a local file

Question 23

Volumes

Answer 23

Specifies data volumes used by containers, defining where data is stored and shared between containers within the same task

Question 24

Network Mode

Answer 24

defines how the container’s networking is configured. Options include bridge, host, awsvpc, and none

Question 25

Task Placement Strategy

Answer 25

Rules that determine where tasks s are placed within a cluster, such as binpack, random, or spread strategies for balancing resources

Question 26

Task Placement Contraints

Answer 26

Defines specific conditions that must be met for tasks to be placed on container instances, such as instance attributes or availability zones

Question 27

CPU and Memory Reservations and Limits

Answer 27

Specifies minimum (reservation) and maximum (limit) CPU and memory resources a container can use, controlling it’s performance

Question 28

Task Lifecycle States

Answer 28

States a task be in, such as pending, running, stopping, stopped

Question 29

Desired Count

Answer 29

The number of task instances ECS attempts to maintain for a service. Auto scaling adjusts this automatically

Question 30

Service Scheduler

Answer 30

A component responsible for managing and scheduling the tasks within a service. Ensures desired count and placement constraints are met

Question 31

Primary and Active Service Deployments

Answer 31

In deployments, the primary service is the one actively serving traffic, while active deployments are transition or rolling out

Question 32

Service Discovery Namespace

Answer 32

Provides a DNS name for your service, allowing it to be discoverable within a namespace

Question 33

Health Check Grace Period

Answer 33

The period to wait after a task starts before checking its health status, allowing time for start up processes

Question 34

Service Event

Answer 34

An event related to the service lifecycle, like service updates, task state changes, or scaling activities

Question 35

Elastic Network Interface (ENI)

Answer 35

a virtual network interface attached to tasks in awsvpc mode, allowing them to have their own IP addresses within a VPC

Question 36

ECS Service Security Groups

Answer 36

Controls inbound and outbound traffic for tasks, applied at the network interface level

Question 37

Elastic Load Balancing Health Checks

Answer 37

Checks the health of tasks behind a load balancer. Tasks that fail health checks are automatically terminated and replaced

Question 38

Task Role Policy

Answer 38

A specific IAM policy attached to a task role that defines what resources and actions the tasks can access

Question 39

CloudWatch Alarms for ECS

Answer 39

Monitors the performance of tasks and services, triggering actions based on conditions like CPU usage or task count

Question 40

Autoscaling Policies for ECS Services

Answer 40

Policies that define scaling thresholds for services, such as scaling up when CPU usage exceeds a certain percentage

Question 41

Subnet

Answer 41

a segment within a VPC that divides the IP address range into smaller, manageable segments, allowing for organized resource isolation

Question 42

What are the two main types of subnets in ECS?

Answer 42

1. Private- are not directly accessible and usually access the internet through a NAT Gateway
2. Public- accessible from the internet

Question 43

What is a NAT Gateway?

Answer 43

A managed service that allows instances in private subnets to connect to the internet or AWS services for outbound traffic, while blocking inbound internet connections for added security

Question 44

What is the purpose of subnets in ECS task networking?

Answer 44

Subnets define where the task run within a VPC, determining their network reachability and security level (internet access or internal only)

Question 45

How do you specify subnets for ECS tasks?

Answer 45

You assign subnets to tasks in the networking configuration of a task or service determining if they are public or private subnets

Question 46

Why are security groups important in subnet configuration?

Answer 46

Security groups act as virtual firewalls, defining inbound and outbound rules for tasks in awsvpc mode, providing another layer of security in addition to subnet ACLs

Question 47

Why should ECS tasks be deployed across multiple subnets in different Availability Zones?

Answer 47

To ensure high availability and redundancy, as this setup provides fault tolerance in case one availability zone goes down

Question 48

How does subnet selection affect load balance placement in ECS?

Answer 48

For public-facing services, load balancers should be in public subnets, for internal services, load balancers can be in private subnets

Question 49

What is the advantage of enabling IPv4 and IPv6 for ECS subnets

Answer 49

Dual-stack networking allows tasks to support both IPv4 and IPv6, accommodating modern internet protocol standards and expanding address availability

Question 50

How do VPC peering and subnets interact?

Answer 50

Subnets within peered VPCs can communicate based on route table configurations, enabling ECS tasks to access resources across VPCs

Question 51

What role do route tables play in subnet configuration?

Answer 51

Route tables define traffic routes for subnets, directing traffic within the VPC or to external resources like the internet via an Internet Gateway

Question 52

What is VPC Peering in AWS?

Answer 52

A network connection between 2 VPCs that enable them to route traffic between each other privately, as if they were within the same network. It allows resources in different VPCs to communicate without using the internet

Question 53

What is route configuration in aws?

Answer 53

Involves setting rules within a route table that specify how traffic is directed within a VPC, including routes to subnets, internet gateways, NAT gateways, and other VPCs

Question 54

what is an Elastic Network Interface?

Answer 54

a virtual network interface that can be attached to tasks in awsvpc networking mode, providing network connectivity and flexible IP configurations

Question 55

What are ECS Placement Constraints?

Answer 55

Rules that limit task placement based on factors like instance attributes or availability zones, ensuring tasks run on appropriate resources

Question 56

What is the service scheduler in ECS?

Answer 56

Responsible for managing task placement and maintaining the desired count of tasks for service, ensuring they remain running and healthy

Question 57

what are task environment variables in ECS?

Answer 57

user-defined variables that can be passed to containers within a task, allowing configuration customization for different environments

Question 58

What is a FireLens Log Router in ECS?

Answer 58

A log router that enables advanced log forwarding capabilities for ECS tasks, allowing logs to be sent to multiple destinations, including S3, CloudWatch, and third-party logging service

Question 59

What is an ECS Deployment Controller?

Answer 59

Manages how service updates are deployed, with options like rolling update (default) and blue/green deployments for updating containers with minimal downtime

Question 60

What is ECS Anywhere feature?

Answer 60

allows you to run and manage ECS tasks on non-aws infrastructure, including on-premises servers and other cloud providers, extending ECS management capabilities beyond aws

Question 61

Target Group

Answer 61

a logical grouping of ECS tasks that a load balancer directs traffic to. Each task within a service is registered as a target in the target group

Question 62

Load Balancer Listener

Answer 62

a process that checks for connection requests on a specified protocol and port, directing traffic to registered targets based on listener rules

Question 63

What is blue/green deployment in ECS?

Answer 63

A release strategy that allows you to deploy a new version of service(green), alongside the current version(blue), switching traffic only once the new version is confirmed to be working

Question 64

What is the primary benefit of blue/green deployment?

Answer 64

It minimizes downtime and reduces risk by allowing testing of the new version in production before fully switching traffic from the old version, enabling quick rollback if need be

Question 65

How does traffic shifting work in blue/green deployment?

Answer 65

Traffic is gradually or immediately redirected from the blue environment to the green environment through a load balancer, allowing a controlled transition

Question 66

What is the role of target groups in blue/green deployment?

Answer 66

First target group is for the blue environment and the second for the green environment. Traffic is directed to the appropriate target group based on deployment status

Question 67

What is Amazon Route 53?

Answer 67

Amazon Route 53 is a scalable and highly available Domain Name System (DNS) web service that provides domain registration, DNS management, and health checking, allowing routing of end-user requests to AWS services and external resources.

Question 68

What are the key features of Amazon Route 53?

Answer 68

Domain Registration: Purchase and manage domain names.
DNS Management: Route traffic to AWS services and external endpoints.
Health Checks: Monitor the health of resources and route traffic accordingly.
Traffic Routing: Supports various routing policies (e.g., simple, failover, geolocation, etc.).
Highly Scalable and Available: Ensures quick and reliable DNS resolution for global traffic.

Question 69

What is the role of DNS in AWS ECS?

Answer 69

Service Discovery: Allows containers to discover and communicate using service names.
Amazon Route 53 Private DNS: Provides private DNS resolution for ECS services within a VPC.
Internal Load Balancing: Routes traffic using the DNS of Application Load Balancers (ALBs) or Network Load Balancers (NLBs).
Networking Mode (awsvpc): Provides DNS names for tasks to communicate using ENIs and private IPs.
External Communication: Resolves external domain names for internet access.