Section 16: ECS, ECR & Fargate - Docker in AWS Flashcards

Question 1

Q

What’s ECS stand for?

Answer

A

Elastic container service

Question 2

Q

T/F: Docker is a software dev platform to deploy apps. Use cases include microservices architecture, lift and shifting apps from on premise to the cloud

Question 3

Q

Docker images are stored in Docker repositories Docker Hub and Amazon ECR (Amazon Elastic Container Registry). Identify whether those two have public and/or private repository options.

Answer

A

Docker Hub: public repos only
Amazon ECR: private and public repos.

Question 4

Q

What does ECR stand for?

Answer

A

Elastic Container Registry

Question 5

Q

Running apps using docker vs using virtual machines. Show the Docker stack and have an opinion about the difference.

Answer

A

Honestly, the difference seems like splitting hairs (which is an interesting idiom, why would I want to split hairs? But I guess that’s the point.) At the end of the day, I feel like I could just use one virtual machine to hold as many apps as I wanted. Maybe they recommend only using one VM per app, but I don’t get why that should be a hard rule. I suppose so that if I wanted to do an update to the VM it didn’t impact a bunch of apps at once. But depending on what my apps were and whether I had a way to put up another vm with the updates before taking away the other one and blah blah. meh.

Question 6

Q

Describe a docker flowchart. There are only 4 steps in this version of answer.

Start with a Dockerfile and end with a running docker image to create your container.

Answer

A

Build Dockerfile
Push docker image to docker repo (docker hub or amazon ecr)
pull docker image from docker repo
run docker image to create your container.

Question 7

Q

Amazon Elastic Container Service is AWS’s what? (two word answer)

Answer

A

Container platform

Question 8

Q

Amazon Elastic Kubernetes Service is Amazon’s what? (2 word answer + some helping words for describing Kubernetes in the context of something you use)

Answer

A

Managed Kubernetes (helm does the making/deploying of Kubernetes apps).

Question 9

Q

AWS Fargate is Amazon’s what? (3 word answer + tiny sentance on which of the other AWS docker management services Fargate works with).

Answer

A

Serverless container platform. It works with ECS and EKS.

Question 10

Q

Amazon Elastic Contaner Registry is used to do what? (3 words)

Answer

A

store container images

Question 11

Q

There are four Docker container management services provided by AWS. Name them and provide an accompanying one-ish line description of what each does

Answer

A

Amazon Elastic Container Service (AWS’s container platform)
Amazon Elastic Kubernetes Service (Amazon’s managed Kubernetes (helm does the making/deploying of Kubernetes apps))
AWS Fargate (Amazon’s serverless container platform; works with ECS and EKS)
Amazon Elastic Contaner Registry (store container images).

Question 12

Q

To launch Docker containers on AWS using ECS you… (6 words, assuming you use acronyms).

Answer

A

launch ECS tasks on ECS clusters

Question 13

Q

When you’re launching docker containers in aws you launch ecs tasks on ecs clusters and you want to use an ec2 launch type, what are your ecs clusters made of? Also, when using the ec2 launch type, who provisions and maintains the infrastructure (the ec2 instances)?

Answer

A

With the EC2 launch type these ECS clusters are made of EC2 instances.

When using an ec2 launch type in this way, you must provision and maintain the infrastructure yourself.

Question 14

Q

When you’re launching docker containers on aws using ecs tasks on ecs clusters with an ec2 launch type and ec2 instances, what does each ec2 instance have to do to connect to the ECS cluster?

Answer

A

Each ec2 instance must run the ecs agent to register in the ecs cluster.

Question 15

Q

Who starts/stops docker containers when using docker on AWS when ECS and an EC2 launch type?

Question 16

Q

What’s the difference between ecr and ecs?

Answer

A

ECR is the repo that holds all the docker images. ECS takes those images and uses them to deploy their applications.

Question 17

Q

What’s the difference between ECS and EC2?

Answer

A

ECS deploys/manages/scales aws-managed containerized applications (i think usually docker, though you can pull off kubernetes). EC2 is a lot more like a virtual machine. Or maybe it’s like actually buying a new computer. I think it’s the latter. Here’s a direct quote “Amazon Elastic Compute Cloud (Amazon EC2) offers the broadest and deepest compute platform, with over 750 instances and choice of the latest processor, storage, networking, operating system, and purchase model to help you best match the needs of your workload.(https://aws.amazon.com/ec2/?p=pm&c=mt&pd=ec2&z=4)”.

Question 18

Q

ECS with a Fargate Launch Type.

Of the options described so far in this section for getting a docker-containerized app out the door and into the world, this method seems the simplest. Describe what you do? Do you provision the infrastructure? Is it serverless? What do you need to create (in addition to your docker images)? How do you scale? Who determines cpu and ram?

Answer

A

Launch docker containers on aws. No, there are no ec2 instances to manage. Yes it’s serverless (that means you just charge based usage, not a predefined bandwodth or anything). You just need to create task definitions (ECS tasks). To scale it you just increase (or decrease) the number of tasks.It looks like you specify your own cpu and ram.

Question 19

Q

You need to deploy a docker app in aws and you can use ecs with a fargate launch type or ecs with an ec2 launch type. which type seems the easiest, and why?

Answer

A

ECS with a Fargate Launch Type.

Some notes from another answer about what ECS with Fargate Launch Type means.
No, there are no ec2 instances to manage. Yes it’s serverless (that means you just charge based usage, not a predefined bandwodth or anything). You just need to create task definitions (ECS tasks). To scale it you just increase the number of tasks.

Question 20

Q

IAM Roles for ECS with an EC2 launch type.

So how do you allow the ECS agents running your docker app to interact with other AWS services?

Answer

A

You create an ec2 instance profile. This gets used by your ecs agent. it can make api calls to ecs services, send container logs to cloudwatch, pull docker image from ecr, reference sensitive data in secrets manager or ssm parameter store.

Question 21

Q

Let’s say you have a specific task on the ec2 instance that you have your ecs agent/docker container on. how do you allow that task to do something like get to an s3 bucket (i think s3 buckets maybe need their own IAM roles? And i suppose an ec2 instance profile isn’t an IAM role?). Where is your task role defined?

Answer

A

you create an ECS task role. This allows each task to have a specific role. you need to use different roles (so i assume, a different task) for the difference ecs services you run (apparently s3 and dynamo db are examples of ecs services. I suppose the “service” is the connection to other aws services). Task role is defined in teh task definition.

Question 22

Q

Can you use ECS with Fargate and a classic load balancer? What about if you’re using ecs without fargate?

Answer

A

A* nope
B* supported but not reccomended.

Question 23

Q

Does Amazon ECS work with an application load balancer?

Answer

A

Mostly yes

Question 24

Q

Does amazon ECS work with a network load balancer?

Answer

A

Yes but it’s only reccommended for high throughput/high performance use cases, or with AWS Pricate Link

Question 25

Q

A) Can you use ECS (elastic container service) with EFS (elastic file system)?
B) Does it matter whether you’re using ec2 launch types or fargate launch types?

Answer

A

A) Yes
B) No. You can use EFS for ecs when using either ec2 or fargate launch types

Question 26

Q

When you use ECS with an EC2 launch type you can create an ec2 instance profile (or use an existing one). it’s possible you have to. not gonna lie, i’m not sure which.

In this situation, it is common to use an ec2 instance profile and ecs task roles, as needed. What does/can the ec2 instance profile do? what does/can the ecs task role do/when do you want to use either?

Answer

A

This ec2 instance profile gets used by the ecs agent (whale). it makes calls to ecs services. it can send container logs to CloudWatch logs. it can pull the docker image from ecr. it can reference sensitive data in secrets manager ssm parameter store.
the ecs task role allows each task to have a specific role. use different roles for the different ecs services you run. I beleive tasks might do things like enable you to make aws api calls from your ec2 instance (other than the ones you’d want your ecs agent to be making to ecs and or ecr and or cloudwatch). For example, you might want your ec2 instance to be able to connect to s3 and dynamodb. you could create task role A to allow your ec2 instance to connect to s3. you could create task role b to allow your ec2 instance access to dyanamo db.

Question 27

Q

when using efs mounted on (working with) ecs, will the ecs tasks share the same data in the efs file system, regardless of what AZ the ecs tasks are in?

Answer

A

Yes. Taks running in any AZ will share the same data in the EFS file system.

Question 28

Q

Is Fargate + EFS considered a serverless way to do ECS?

Question 29

Q

What’s the use gase for using EFS when you’re using ECS?

Answer

A

persistent multi az shared storage for your containers

Question 30

Q

Can S3 be mounted as a file system for ecs?

Answer

A

No. but i’m guessing people wonder about that pretty frequently, since the point was called out in the slides. I’m guessing the idea is really that if you want a file system for ecs, just use efs.

Question 31

Q

You want to automatically increase or decrease the desired number of ECS tasks. What can you use?

Answer

A

ECS Service Auto Scaling

ECS Auto Scaling

Question 32

Q

T/F
does amazon ecs auto scaling use AWS application auto scaling?

Question 33

Q

Does ECS Sercice Auto Scaling at the task level equal ec2 auto scaling at the ec2 instance level?

Answer

A

No. ECS Service auto scaling is not the same as ec2 auto scaling at the ec2 instance level. However, this does not mean you can’t choose to accommodate ecs service scaling by scaling ec2 instances. We’ll talk more about that later.

Question 34

Q

Can you setup auto scaling for fargate? If yes, is it supposed to be easier to harder to do?

Answer

A

yes. it’s even supposed to be easier, because it’s serverless.

Question 35

Q

What are three important options for ecs auto scaling?

Answer

A

target tracking - scale based on target value for a specified CloudWatch Alarm
step scaling - scale based on a specified CloudWatch Alarm
scheduled scaling - scale based on a specified date/time etc

Question 36

Q

ECS Auto Scaling uses AWS Application Auto Scaling. ECS Auto Scaling features include:

Answer

A

ecs service average cpu utilization (believe this may mean scale on cpu utilization)
ecs service average memory utilization (scale on ram)
alb request count per target (metric coming from the alb). Per https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-cloudwatch-metrics.html, this is talking about “The average number of requests received by each target in a target group. You must specify the target group using the TargetGroup dimension. This metric does not apply if the target is a Lambda function.” . But i’m still not 100% sure about what the options for targets are.maybe like sites and apps and stuff?

Question 37

Q

Say you have a reason to want to add ec2 auto scaling to your ecs service scaling abilities. Like, idk, say you were sometimes maxing out the capacity of your ec2 instance with everything your ecs agent and task was doing so you needed to be able to add ec2 instances with their own tasks. Could you do it? Could you combine the scaling of ec2 instances and ecs tasks?

Answer

A

Yes, you could.
you could scale your auto scaling group based on cpu utilization and add (and, i presume, take away) ec2 instances over time.

You could use your ecs cluster capacity provider to:
* automatically provision and scale the infrastructure for ecs tasks
* pair with the auto scaling group mentioned above
* add ec2 instances when you’re missing capacity (cpu, ram). not sure how this is super different from what’s above, but also not sure that knowing how it’s different is particularly important for the exam.

Question 38

Q

Question 1: T/F

There are two ways ECS rolling updates can work. Method 1: the ecs service scheduler can do rolling updates by adding new tasks and then removing the old tasks that were wanting replacing. Method 2: the ecs service scheduler can do rolling updates by removing the old tasks before adding the new ones.

Question 2: What in the rolling update service deployment configuration determines which method gets used?

Answer

A

True.
In the service deployment configuration the minimumHealthyPercent and the maximumPercent determine which method of rolling update gets used. More about these two will be covered in a later card.

Question 39

Q

In the service deployment configuration the minimumHealthyPercent and the maximumPercent determine which method of rolling update gets used (old tasks removed and then new ones added VS new tasks added and then old ones removed).

Q1. If the minimumHealthyPercent is 100% and the maximumPercent is greater than a hundred, would the scheduler add new tasks before removing old ones, or would it remove old tasks and then add new ones?
Q2. If the maximumPercent is 100% and the minimumHealthyPercent is less than 100%, would the scheduler add new tasks before removing old ones, or would it remove old tasks and then add new ones?
Q3. Does it make sense to set a minimumHealthyPercent of more than 100%?
Q4. Does it make sense to set a maximumPercent of less than 100%?
Q5. If the minimum healthy percent is 50% and the desired task count is four, what does the scheduler do?
Q6. If the minimum healthy percent is 75% and the desired task count is two, what does the schedular do?
Q7. Does the minimumHealthyPercent get rounded up or down?
Q8. What does the minimumHealthyPercent represent?
Q9. What does the maximumPercent represent?
Q10. Does teh maximumPercent get rounded up or down?
Q11. If the maximumPercent is 200% and the desired task count is four, what happens?
Q12. If the maximumPercent is 125% and the desired task count is three, what happens?

Answer

A

A1. If the minimumHealthyPercent is 100% and the maximumPercent is greater than a hundred, would the scheduler add new tasks before removing old ones, or would it remove old tasks and then add new ones? It would add new tasks before removing old ones.
A2. If the maximumPercent is 100% and the minimumHealthyPercent is less than 100%, would the scheduler add new tasks before removing old ones, or would it remove old tasks and then add new ones? It would remove old tasks before adding new ones.
A3. Does it make sense to set a minimumHealthyPercent of more than 100%? I don’t think so.
A4. Does it make sense to set a maximumPercent of less than 100%? I don’t think so.
A5. If the minimum healthy percent is 50% and the desired task count is four, what does the scheduler do? The schedular can stop two tasks before starting two new tasks.
A6. If the minimum healthy percent is 75% and the desired task count is two, what does the schedular do?
A7. Does the minimumHealthyPercent get rounded up or down? It’s rounded up.
A8. What does the minimumHealthyPercent represent? The least number of tasks that should be running when a container instance is draining or deploying.
A9. What does the maximumPercent represent? The most number of tasks that should be running when a container instance is draining or deploying.
A10. Does the maximumPercent get rounded up or down? Rounded up.
A11. If the maximumPercent is 200% and the desired task count is four, what happens? Four new tasks can get added before the old four get taken away.
A12. If the maximumPercent is 125% and the desired task count is three, what happens? No new tasks can get added, since three running tasks each make up about 33% of the total available workload, so adding even one task would have required a maximumPercent of at least 134% (i suppose this does assume you’re not talking about the initial deployment, the period before when the three tasks are first brought up. A similar condition applies to some of the other answers here).

Question 40

Q

Q1. What do you need to be careful about when setting a minimumHealthyPercent or a maximumPercent?
Q2. If your service has a deployment that is stuck due to an invalid deployment configuration, do you get. service event message?

Answer

A

A1. You need to be careful about the number of desired number of tasks. You should always be able to start or stop at least one task (depending on whether you’re using minimumHealthyPercent or maximumPercent) when a deployment is initiated.
A2. Yes. It’s something like “service-name was unable to stop or start tasks during a deployment because of the deployment configuration. Update minimumHealthyPercent or maximumPercent and try again.”

Question 41

Q

You want to stop ecs task deployments based on
1) when you want to stop a deployment when the tasks can’t start and 2) when you want to stop a deployment based on application metrics. What do you use (one answer per method)?

Answer

A

For 1) you use Circuit breaker. For 2) you use CloudWatch alarms.

Question 42

Q

T/F: EventBridge is a serverless service that uses eventsto connect application components together. I think it’s like the whole, someone submits an app form and then somewhere else something is listening for that submission and, if whatever it’s looking for is found, it kicks off some new process. In fact, event bridge seems a lot like using control m to run a listener script every minute. I think event bridge would take the place of both control m and the listener script, in that situation. an aws example is if someone uploads something to an s3 bucket, then eventbridge notices that it’s a new event and it runs a rule like “run an ecs task”.

Question 43

Q

Say EventBridge takes the place of control m and a listener script. What is a typical example of what the listener script might be listening for?

Answer

A

CloudWatch events and logs, actions from home-grown applications, AWS services, and third-party software

Question 44

Q

What is an example you know well of event driven architecture?

Answer

A

someone submits an app form and then somewhere else something is listening for that submission and, if whatever it’s looking for is found, it kicks off some new process.

Question 45

Q

T/F: an event bus is like one thing that listens for events somewhere and then directs those events to one more places (basically triggers some process if whatever it’s listeneing for is found). an event pipeline is like a string of those buses.

Answer

A

True/True.

Question 46

Q

What format are ecs task definition written in?
What are they used to do?
what information (think key value pairs) does an ecs task definition contain?
How many containers can be defined in one task definition?

Answer

A

JSON
tell ECS how to run a Docker container
image name; port binding for container or host; memory and cpu required; env vars; networking info; IAM role; logging configuration (ex: cloudwatch)
10

ECS task definitions - deep dive

Question 47

Q

Can you use EventBridge to trigger AWS SNS to send an email to an administrator if EventBridge realizes that an ECS task container was stopped?

Answer

A

Yes. In complicated terms, they call them “intercepting stopped tasks using EventBridge”.

Question 48

Q

Say you’re using ecs with an ec2 launch type and you want to use a load balancer. What do you define (or fail to mention) in your ecs task definition so that an application load balancer can work?
To pull off the above, which ports must you allow from the ALB’s Security Group in your ec2 instance’s security group?

Answer

A

Define only the container port (probably not the host port) in the task definition. This will get you a dynamic host port mapping. Then an ALB will find the correct port on your ec2 instance.
any port.

ecs task definitions, deep dive

Question 49

Q

Say you want to set up Load Balancing on your Fargate-launch-type-using ECS cluster.

In the ECS task definition do you define the container port, the host port, or both?
Does each task get it’s own unique private IP
Might you need to update your ALB Security Group port definitions and your ECS ENI security group port definitions? Could you give examples of what ports/from where?

Answer

A

container port.
yes.
Both might need updating. at the least you should check them to make sure that they’re doing something like:
- ECS ENI Security Group: allow port 80 from the ALB; ALB Security Group: allow ports 80/443 from the web

Question 50

Q

Does every ecs task defintion need an IAM role?
does every ecs task definition need it’s own unique IAM role?

Answer

A

yes. every ecs task definition needs an IAM role
it is not necessary for task definitions to have their own unique IAM role, but it is recommended.

Question 51

Q

T/F

you can hard code urls into ecs task definitions.
You can instruct your ecs task definition to fetch sensitive variables like API keys and shared configs from the AWS SSM Parameter store.
you can instruct your ecs task definition to fetch sensitive variables like DB passwords from AWS Secrets Manager.
you can instruct your ecs task definintion to fetch files from an S3 Bucket.

Answer

A

T for all.

Question 52

Q

What is a bind mound?

Answer

A

A file or a directory on a host. ex: /var/logs on me@myserver or whatever.

Question 53

Q

T/F
1. With bind mounts, a file or directory on a host, such as an Amazon EC2 instance or AWS Fargate, is mounted into a container.
2. bind mounts are tied to the lifecycle of the container that uses them.
3. use cases for bind mounds include sharing ephemeral data between multiple containers
4. use cases for bind mounds include using a sidecar container pattern, where the sidecare container is used to send metrics/logs to other destinations.

Answer

A

All true. they’re actually direct quotes from https://docs.aws.amazon.com/AmazonECS/latest/developerguide/bind-mounts.html.

Note that steph says that for ec2 instance storage, data is tied to the lifecycle of the ec2 instance. He also says that for Fargate the storage size is 20Gib to 200Gib.

Question 54

Q

T/F: a sidecar container is a container that runs alongside the main container to do other things on the side.

Question 55

Q

When an ec2 launch type ecs service ec2 task type is lauched, ecs needs to figure out where the ec2 task should go. It considers cpu, memory, available port, and ecs needs to adhere to any task placement constraints and task placement strategies. When a service scales in, ecs needs to figure out which task to terminate (it uses those same things we just talked about here too).

T/F to aid in this, you can define a task placement strategy and task placement contraints.

Answer

A

True. Note, this is only for ECS with ec2, not for fargate. Also note ecs task placement is a best effort thing. no promises made.

Question 56

Q

Describe ECS Task Placement Strategy: binpack

It’s not gonna help you answer it, but here’s the json for this (jk, it might be a hint):

“placementStrategy”: [
{
“field”: “memory”,
“type”: “binpack”
}
]

Answer

A

place task based on least available amount of cpu or memory in order to minimize the number of instances in use and maximize cost savings.

I suspect the “field” value would be “cpu” if you were using cpu as the basis for type binpack.

Question 57

Q

Describe ECS Task Placement Strategy: Random. Here’s the hint: place the tasks ____. That’s a one word answer, and it’s the most obvious word.

here’s the json for this:

“placementStrategy”: [
{
“type”: “random”
}
]

Answer

A

randomly.

Question 58

Q

here’s the json for this:

“placementStrategy”: [
{
“field”: “attribute:ecs.availability-zone”,
“type”: “spread”
}
]

Answer

A

place task evenly based on specified value.

Note: the field could be a number of things.

Question 59

Q

Can you have two spread type placement strategies in one task definition? Can you have one spread type and one placement type strategy in one task definition?

Answer

A

Yep.

“placementStrategy”: [
{
“field”: “attribute:ecs.availability-zone”,
“type”: “spread”
},
{
“field”: “instanceId”,
“type”: “spread”
}
]
—
and this is valid:
—
“placementStrategy”: [
{
“field”: “attribute:ecs.availability-zone”,
“type”: “spread”
},
{
“field”: “memory”,
“type”: “binpack”
}
]

Question 60

Q

Describe ECS Task Placement Strategy: distinctInstance

here’s the json for this:

“placementStrategy”: [
{
“type”: “distinctInstance”
}
]

Answer

A

place each task on a different container instance

Question 61

Q

Describe ECS Task Placement Strategy: memberOf

here’s the json for this:

“placementStrategy”: [
{
“expression”: “attribute:ecs.instance-type =~ t2.*”,
“type”: “memberOf”
}
]

Answer

A

place tasks on instances that satisfy an expression, using the Cluster Query Language

Question 62

Q

Is this the amazon ECR public gallery: https://gallery.ecr.aws

Question 63

Q

T/f
1. ECR is fully integrated with ECS and backed by S3
2. access is controlled through IAM (if you have permission errors, check out your policy)
3. ECR supports image vulnerability scanning, versioning, image tags, image lifecycle etc

Answer

A

True, True and True

Question 64

Q

Is the following true of AWS Copilot:
* cli tool to build/release/operate prod containerized apps
* runs apps on AWS App Run, AWS Fargate and AWS ECS
* helps you focus on building apps rather than setting up infrastructure
* copilot provisions all required infrastructure for containerized apps (ecs, vpc, elb, ecr)
* automated deployments with one command using CodePipeline
* deploy to multiple environments
* capable of include troubleshooting, logs, health status

Answer 57

A

an open source system for automatic deployment, scaling and management of containerized (usually docker) applications. Yes, it’s cloud agnostic, you can use it in aws, azure, gcp etc.

Answer 58

A

yes (probably mostly yes, or approximately yes). they have similar goals but use different apis.

Answer 59

A

Nope. No nodes managed when using aws fargate for eks.

Answer 60

A

True. That’s from https://docs.aws.amazon.com/eks/latest/userguide/eks-compute.html

Answer 61

A

EBS, EFS (for Fargate), Amazon FSx for Lustre, Amazon FSx for NetApp ONTAP

Answer 62

A

C is correct.
“AWS Fargate allows you to run your containers on AWS without managing any servers.”

Incorrect
* A is incorrect because when you use ec2 launch type you have to maintain your own instances
* B is incorrect because ECR is just a repository, a library of docker images. ECR won’t actually help you use docker images.
* D is incorrect because “Amazon EKS allows you to start, run, and scale Kubernetes applications in AWS or on-premises and run fully-managed EKS clusters on AWS.” and also I don’t remember the question mentioning kubernetes, just docker.

Answer 63

A

A is the correct answer. EC2 and Fargate are two ECS launch types.

No answers contained notes.

Answer 64

A

B is correct:
ECS Task Role is the IAM Role used by the ECS task itself. Use when your container wants to call other AWS services like S3, SQS, etc.

A is incorrect. Note is “EC2 Instance Profile is the IAM Role used by the ECS Agent on the EC2 instance to execute ECS-specific actions such as pulling Docker images from ECR and storing the container logs into CloudWatch Logs.”

Answer 65

A

A is correct. Note is “EFS volume can be shared between different EC2 instances and different ECS Tasks. It can be used as a persistent multi-AZ shared storage for your containers.
“.

B is incorrect. Note is “This can be used when all your ECS tasks run on the same EC2 instance. It’s not suitable when your tasks are spread across multiple EC2 instances and can’t be used with AWS Fargate.
“. Note that the question mentioned that you wanted to use a cluster, not just one instance.
C is incorrect. Note is “EC2 Instance Store can’t be shared between different EC2 instances.”. Note again that the question mentioned wanting to use a cluster, not just one instance.

Answer 66

A

B is the correct answer. No note exists for it.

A is the only incorrect answer with a note. That note is “This would allow the first application to access S3 as well, which is a security risk.”.

Answer 67

A

C is the correct answer. Note is “Amazon ECR is a fully managed container registry that makes it easy to store, manage, share, and deploy your container images. It won’t help in running your Docker-based applications.”.

Notes for incorrect choices were basically that those choices aren’t container image repositories.

Answer 68

A

Correct answer is D. “Although this wasn’t discussed during the hands-on, you need to know about that important setting in the “ecs.config” file.”

Incorrect answer A “helps you helps you register your container instances with the correct ECS cluster.
Incorrect answer B “Used for private registry” authentication (e.g., docker login).”
Incorrect answer C “This setting will be used if you want to enable logging to CloudWatch Logs. It contains the logging drivers available on the container instance.”

Answer 69

A

Correct answer is C. “Any permissions issues against ECR are most likely due to IAM permissions. Your CodeBuild service must have the required permissions to push Docker images to ECR repositories.”

No incorrect answers have notes.

Answer 70

A

Correct answer is A. “Thanks to the Dynamic Port Mapping feature.”.

Honestly I didn’t check the incorrect answers, but I don’t know that the notes were really going to add a lot.

Answer 71

A

Correct answer B. “To enable random host port, set host port = 0 (or empty), which allows multiple containers of the same type to launch on the same EC2 container instance.”.

Incorrect answer A: “Impossible because one container is already running successfully.”
Incorrect answer C: “This is an internal container port for Docker and doesn’t impact host port binding.”.
Incorrect answer D: “This is incorrect, EC2 container instance can run multiple copies of the same Docker image.”.

Answer 72

A

D is the correct choice. Notes: “Security Groups do not matter when an EC2 instance registers with the ECS service. By default, Security Groups allow all outbound traffic.”.

2 of 3 incorrect choices had no notes. Didn’t check the other incorrect choice.