AWS ‐ ECS

Amazon Elastic Container Service

It is container management service, it helps to start/stop/schedule/manage a container on cloud.

Containers can be managed using task definition, tasks can run on a cluster.

Features

Regional service - containers can be run on different regions independently
High Availability - will be always available to customers
Availability Zones - containers are replicated internally
Schedule container placement
Build & Deploy environment - to support microservice model or ETL workloads (batch, extract, transform and load activities)

Activities

To use ECS, first you will create a cluster or use existing cluster in VPCs
Schedule container placement using Task Definitions (json document)
Run the task or create services to execute the definition
Store images in container registry

How to work with Amazon ECS

Docker
AWS Copilot
AWS Cloud Development Kit (CDK)

Technologies Implemented by ECS

AWS Fargate - its a serverless compute technology in aws that ecs uses to run your container
EC2 Instance
Windows/Mac containers

Capacity Provider

It is where you define your infrastructure where the cluster would be running on

3 Capacity Providers - Fargate, EC2, OnPrem Server or VM

Considerations

Amazon ECS Anywhere - cluster on your own infra
Zones and AWS outposts - to bring the infra closer to the customers to reduce the latency - this option wont be available on fargate

Default Capacity Provider Strategy

Fargate is the common default capacity provider as it is cost effective and scales to the unknown very well.

ECR - Elastic Container Registry

It is an Image Management Service, it provides a container image repository to store and manage the containers images, supports public and private repos, can be controlled using Resource based permission with IAM.

Every container that needs to be deployed should be registered in the container registry ECR.

ECR Features

You can have private repository
Supports lifecycle policies of images - to manage old images
Supports image scanning - image is vulnerable or not
Supports Replication - highly available and reliable - to reduce latency and increase redundancy

ECR Components

Registry
- Users require Authorization Token to access registry - can be coupled with IAM policies
- Authentication is managed by ECR credential helper
- Types of Registry
  - public
  - private - registry would have unique url (combination of account id and region), be default you will have automatic read/write access to your own registry
Repository
- You can have many repositories (to manage various versions of the image) within the registry
- Access to repository based on the repository policy, only authorized users can perform actions on the repo
- Repository Policies
  - Resource based permissions
Image

AWS ‐ ECS

Amazon Elastic Container Service

Features

Activities

How to work with Amazon ECS

Technologies Implemented by ECS

Capacity Provider

Considerations

Default Capacity Provider Strategy

ECR - Elastic Container Registry

ECR Features

ECR Components

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!