AWS EC2 Container Service (ECS) is a highly scalable, high performance container management service that supports Docker containers and allows running applications on a managed cluster of EC2 instances
ECS eliminates the need to install, operate, and scale the cluster management infrastructure.
ECS is a regional service that simplifies running application containers in a highly available manner across multiple AZs within a region
ECS helps schedule the placement of containers across the cluster based on the resource needs and availability requirements.
ECS allows integration of your own custom scheduler or third-party schedulers to meet business or application specific requirements.
ECS with EC2 launch type
ECS with AWS Fargate
Containers and Images
Applications deployed on ECS must be architected to run in docker containers, which is a standardized unit of software development, containing everything that the software application needs to run: code, runtime, system tools, system libraries, etc.
Containers are created from a read-only template called an image.
Images are typically built from a Dockerfile, and stored in a registry from which they can be downloaded and run on your container instances.
ECS can be configured to access a private Docker image registry within a VPC, Docker Hub or is integrated with EC2 Container Registry (ECR)
Task definition is needed to prepare application to run on ECS
Task definition is a text file in JSON format that describes one or more containers that form your application.
Task definitions specify various parameters for the application, such as containers to use, their repositories, ports to be opened, and data volumes
Tasks and Scheduling
A task is the instantiation of a task definition on a container instance within the cluster.
After a task definition is created for the application within ECS, you can specify the number of tasks that will run on the cluster.
ECS task scheduler is responsible for placing tasks on container instances, with several different scheduling options available
Cluster is a logical grouping of EC2 instances to run tasks using ECS
ECS downloads the container images from the specified registry, and runs those images on the container instances within your cluster.
Container agent runs on each instance within an ECS cluster
Container Agent sends information about the instance’s current running tasks and resource utilization to ECS, and starts and stops tasks whenever it receives a request from ECS
ECS vs Elastic Beanstalk
ECS helps in having a more fine-grained control for custom application architectures.
Elastic Beanstalk is ideal to leverage the benefits of containers but just want the simplicity of deploying applications from development to production by uploading a container image.
Elastic Beanstalk is more of an application management platform that helps customers easily deploy and scale web applications and services.
With Elastic Beanstalk, specify container images to be deployed, with the CPU & memory requirements, port mappings and container links.
Elastic Beanstalk abstracts the finer details and automatically handles all the details such as provisioning an ECS cluster, balancing load, auto-scaling, monitoring, and placing the containers across the cluster.
ECS vs Lambda
EC2 Container Service is a highly scalable Docker container management service that allows running and managing distributed applications in Docker containers.
AWS Lambda is an event-driven task compute service that runs code (Lambda functions) in response to “events” from event sources like SES, SNS, DynamoDB & Kinesis Streams, CloudWatch etc.
AWS Certification Exam Practice Questions
Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
Open to further feedback, discussion and correction.
You need a solution to distribute traffic evenly across all of the containers for a task running on Amazon ECS. Your task definitions define dynamic host port mapping for your containers. What AWS feature provides this functionally?
Application Load Balancers support dynamic host port mapping.
CloudFront custom origins support dynamic host port mapping.
All Elastic Load Balancing instances support dynamic host port mapping.
Classic Load Balancers support dynamic host port mapping.
Your security team requires each Amazon ECS task to have an IAM policy that limits the task’s privileges to only those required for its use of AWS services. How can you achieve this?
Use IAM roles for Amazon ECS tasks to associate a specific IAM role with each ECS task definition
Use IAM roles on the Amazon ECS container instances to associate IAM role with each ECS task on that instance
Connect to each running amazon ECS container instance and add discrete credentials
Reboot each Amazon ECS task programmatically to generate new instance metadata for each task