Key Concepts Flashcards
What is ECS?
Elastic container service is a fully managed cloud container orchestration service. It runs multiple containers using EC2 instances OR Fargate
ECS Cluster
a logical grouping of EC2 instances or Fargate resources are run
Task
a single instance of running a container or a group of containers that define how a containerized application should be deployed
Task Definition
a template that describes the source of the application image, resources required in the terms of CPU and memory units container, and host port mapping, and other critical info
Why use ECS over EC2?
Although from a high level they appear to host workloads and are pretty similar, on a deeper level they are suited for different types of workloads and are different.
ECS (Elastic Container Service):
1. Container Orchestration: Manages and scales containers automatically.
2. Simplified Management: No need to manage underlying EC2 instances if using Fargate.
3. Optimized Scaling: Easily scales containers up or down based on demand.
4. Integration: Built-in support for AWS services (e.g., IAM, CloudWatch).
5. Cost Efficiency: Pay only for resources used (compute & memory), especially with Fargate.
EC2 (Elastic Compute Cloud):
1. Full Control: Offers more flexibility with instance types and configurations.
2. Custom Configurations: Ideal for custom environments that need full OS control.
3. Persistent Workloads: Better suited for applications needing long-running processes or custom networking.
Availability Zone (AZ)
a distinct location within an AWS Region. Each AWS Region consists of multiple Availability Zones, which are designed to be isolated from failures in other zones. This provides redundancy and fault tolerance.
1. physical locations
2. high availability
3. low latency
4. Redundancy and Disaster Recovery
5. Usage in AWS Services
What is an ECS service?
A long-running ECS task that can be managed, scaled, and monitored ensuring the desired number of tasks are always running
How does ECS manage access control?
Through IAM roles and policies
Which service integrates with ECS for secrets management?
AWS Secrets Manager or Systems Manager Parameter Store for managing sensitive data
What is ECR?
A fully managed container image registry service that allows you to store, manage, and deploy Docker container images
How does ECR integrate with ECS?
ECR stores container images that ECS pulls to deploy and run tasks
Target group
a set of registered targets (ECS tasks) to which a load balancer distributes traffic. It contains health check settings for monitoring targets
Load Balancer
distributes incoming application traffic across multiple tasks or containers to ensure high availability and reliability
Service Directory
a feature that enables ECS tasks to automatically register with DNS. This makes it easy to find and connect to tasks across clusters
capacity provider
defines the infrastructure capacity available for the tasks in your cluster. ECS uses capacity providers to determine where to place tasks
IAM Roles for ECS
- Task Role: Permissions for the tasks to interact with AWS services
- Execution Role: Permissions for ECS to pull images, write logs, etc
ECS Service Auto Scaling
Adjusts the number of tasks in your service based on demand, helping manage scaling automatically
Placement Strategies and Contraints
Defines rules for task placement, such as balancing tasks across availability zones or restricting placement to specific instances
ECS Agent
A component that runs on container instances and communicates with ECS API to handle task operations
Task Definition Revision
Every time a task definition is updated, a new revision is created. ECS uses these revisions to run tasks, so you can revert to previous versions if needed
Container Defintion
Part of a task definition where that specifies individual container configurations, such as image, port mappings, environment variables, logging, and storage
Port Mapping
specifies which ports are open to the external network and which are connected to the container within the task definition
Environment Variables
variables passed to the containers, often used to configure containerized applications, such as database connection strings or API keys
Log configuration
defines how logs from containers are managed. ECS can send logs to AWS services like CloudWatch or to a local file
Volumes
Specifies data volumes used by containers, defining where data is stored and shared between containers within the same task
Network Mode
defines how the container’s networking is configured. Options include bridge, host, awsvpc, and none
Task Placement Strategy
Rules that determine where tasks s are placed within a cluster, such as binpack, random, or spread strategies for balancing resources
Task Placement Contraints
Defines specific conditions that must be met for tasks to be placed on container instances, such as instance attributes or availability zones
CPU and Memory Reservations and Limits
Specifies minimum (reservation) and maximum (limit) CPU and memory resources a container can use, controlling it’s performance
Task Lifecycle States
States a task be in, such as pending, running, stopping, stopped
Desired Count
The number of task instances ECS attempts to maintain for a service. Auto scaling adjusts this automatically
Service Scheduler
A component responsible for managing and scheduling the tasks within a service. Ensures desired count and placement constraints are met
Primary and Active Service Deployments
In deployments, the primary service is the one actively serving traffic, while active deployments are transition or rolling out
Service Discovery Namespace
Provides a DNS name for your service, allowing it to be discoverable within a namespace
Health Check Grace Period
The period to wait after a task starts before checking its health status, allowing time for start up processes
Service Event
An event related to the service lifecycle, like service updates, task state changes, or scaling activities
Elastic Network Interface (ENI)
a virtual network interface attached to tasks in awsvpc mode, allowing them to have their own IP addresses within a VPC
ECS Service Security Groups
Controls inbound and outbound traffic for tasks, applied at the network interface level
Elastic Load Balancing Health Checks
Checks the health of tasks behind a load balancer. Tasks that fail health checks are automatically terminated and replaced
Task Role Policy
A specific IAM policy attached to a task role that defines what resources and actions the tasks can access
CloudWatch Alarms for ECS
Monitors the performance of tasks and services, triggering actions based on conditions like CPU usage or task count
Autoscaling Policies for ECS Services
Policies that define scaling thresholds for services, such as scaling up when CPU usage exceeds a certain percentage
Subnet
a segment within a VPC that divides the IP address range into smaller, manageable segments, allowing for organized resource isolation
What are the two main types of subnets in ECS?
- Private- are not directly accessible and usually access the internet through a NAT Gateway
- Public- accessible from the internet
What is a NAT Gateway?
A managed service that allows instances in private subnets to connect to the internet or AWS services for outbound traffic, while blocking inbound internet connections for added security
What is the purpose of subnets in ECS task networking?
Subnets define where the task run within a VPC, determining their network reachability and security level (internet access or internal only)
How do you specify subnets for ECS tasks?
You assign subnets to tasks in the networking configuration of a task or service determining if they are public or private subnets
Why are security groups important in subnet configuration?
Security groups act as virtual firewalls, defining inbound and outbound rules for tasks in awsvpc mode, providing another layer of security in addition to subnet ACLs
Why should ECS tasks be deployed across multiple subnets in different Availability Zones?
To ensure high availability and redundancy, as this setup provides fault tolerance in case one availability zone goes down
How does subnet selection affect load balance placement in ECS?
For public-facing services, load balancers should be in public subnets, for internal services, load balancers can be in private subnets
What is the advantage of enabling IPv4 and IPv6 for ECS subnets
Dual-stack networking allows tasks to support both IPv4 and IPv6, accommodating modern internet protocol standards and expanding address availability
How do VPC peering and subnets interact?
Subnets within peered VPCs can communicate based on route table configurations, enabling ECS tasks to access resources across VPCs
What role do route tables play in subnet configuration?
Route tables define traffic routes for subnets, directing traffic within the VPC or to external resources like the internet via an Internet Gateway
What is VPC Peering in AWS?
A network connection between 2 VPCs that enable them to route traffic between each other privately, as if they were within the same network. It allows resources in different VPCs to communicate without using the internet
What is route configuration in aws?
Involves setting rules within a route table that specify how traffic is directed within a VPC, including routes to subnets, internet gateways, NAT gateways, and other VPCs
what is an Elastic Network Interface?
a virtual network interface that can be attached to tasks in awsvpc networking mode, providing network connectivity and flexible IP configurations
What are ECS Placement Constraints?
Rules that limit task placement based on factors like instance attributes or availability zones, ensuring tasks run on appropriate resources
What is the service scheduler in ECS?
Responsible for managing task placement and maintaining the desired count of tasks for service, ensuring they remain running and healthy
what are task environment variables in ECS?
user-defined variables that can be passed to containers within a task, allowing configuration customization for different environments
What is a FireLens Log Router in ECS?
A log router that enables advanced log forwarding capabilities for ECS tasks, allowing logs to be sent to multiple destinations, including S3, CloudWatch, and third-party logging service
What is an ECS Deployment Controller?
Manages how service updates are deployed, with options like rolling update (default) and blue/green deployments for updating containers with minimal downtime
What is ECS Anywhere feature?
allows you to run and manage ECS tasks on non-aws infrastructure, including on-premises servers and other cloud providers, extending ECS management capabilities beyond aws
Target Group
a logical grouping of ECS tasks that a load balancer directs traffic to. Each task within a service is registered as a target in the target group
Load Balancer Listener
a process that checks for connection requests on a specified protocol and port, directing traffic to registered targets based on listener rules
What is blue/green deployment in ECS?
A release strategy that allows you to deploy a new version of service(green), alongside the current version(blue), switching traffic only once the new version is confirmed to be working
What is the primary benefit of blue/green deployment?
It minimizes downtime and reduces risk by allowing testing of the new version in production before fully switching traffic from the old version, enabling quick rollback if need be
How does traffic shifting work in blue/green deployment?
Traffic is gradually or immediately redirected from the blue environment to the green environment through a load balancer, allowing a controlled transition
What is the role of target groups in blue/green deployment?
First target group is for the blue environment and the second for the green environment. Traffic is directed to the appropriate target group based on deployment status
What is Amazon Route 53?
Amazon Route 53 is a scalable and highly available Domain Name System (DNS) web service that provides domain registration, DNS management, and health checking, allowing routing of end-user requests to AWS services and external resources.
What are the key features of Amazon Route 53?
Domain Registration: Purchase and manage domain names.
DNS Management: Route traffic to AWS services and external endpoints.
Health Checks: Monitor the health of resources and route traffic accordingly.
Traffic Routing: Supports various routing policies (e.g., simple, failover, geolocation, etc.).
Highly Scalable and Available: Ensures quick and reliable DNS resolution for global traffic.
What is the role of DNS in AWS ECS?
Service Discovery: Allows containers to discover and communicate using service names.
Amazon Route 53 Private DNS: Provides private DNS resolution for ECS services within a VPC.
Internal Load Balancing: Routes traffic using the DNS of Application Load Balancers (ALBs) or Network Load Balancers (NLBs).
Networking Mode (awsvpc): Provides DNS names for tasks to communicate using ENIs and private IPs.
External Communication: Resolves external domain names for internet access.
