Amazon Elastic Container Service (Amazon ECS) is a highly scalable, fast, container management service that makes it easy to run, stop, and manage Docker containers on a cluster.
You can host your cluster on a serverless infrastructure that is managed by Amazon ECS by launching your services or tasks using the Fargate launch type.
For more control you can host your tasks on a cluster of Amazon Elastic Compute Cloud (Amazon EC2) instances that you manage by using the EC2 launch type.
Container Images are stored in and pulled from container registries (ECR), which may exist within or outside of your AWS infrastructure
Amazon ECR is a managed AWS Docker registry service that is secure, scalable, and reliable.
ECR supports private Docker repositories with resource-based permissions using IAM so that specific users or EC2 instances can access repositories and images.
Developers can use the Docker CLI to push, pull, and manage images.
ECS Task Definition
Task definition (application blueprint) is a text file, in JSON format, that describes one or more containers, up to a maximum of ten, that form your application.
Task definitions specify various parameters for your application. Examples of task definition parameters are which containers to use, which launch type to use, which ports should be opened for your application, and what data volumes should be used with the containers in the task.
A task is the instantiation of a task definition within a cluster. After you have created a task definition for your application within Amazon ECS, you can specify the number of tasks that will run on your cluster.
The Amazon ECS task scheduler is responsible for placing tasks within your cluster.
When you run tasks using Amazon ECS, you place them on a cluster, which is a logical grouping of resources.
If you use the Fargate launch type with tasks within your cluster, Amazon ECS manages your cluster resources.
If you use the EC2 launch type, then your clusters will be a group of container instances you manage.
The container agent
runs on each infrastructure resource within an Amazon ECS cluster.
It sends information about the resource’s current running tasks and resource utilization to ECS
starts and stops tasks whenever it receives a request from Amazon ECS.
In Amazon ECS, IAM can be used to control access at the container instance level using IAM roles, and at the task level using IAM roles for ECS tasks.
With IAM roles for ECS tasks, you can specify an IAM role that can be used by the containers in a task.
Applications must sign their AWS API requests with AWS credentials, and this feature provides a strategy for managing credentials for your applications to use, similar to the way EC2 instance profiles provide credentials to EC2 instances.
Instead of creating and distributing your AWS credentials to the containers or using the EC2 instance’s role, you can associate an IAM role with an ECS task definition or RunTask API operation.
ECS and Auto Scaling
You can use Auto Scaling with a Fargate task within a service to scale in response to a number of metrics
You can use Auto Scaling with a EC2 task to scale the container instances within your cluster.
You can use Elastic Load Balancing to create an endpoint that balances traffic across services in a cluster.
AWS Fargate is a technology that you can use with Amazon ECS to run containers without having to manage servers or clusters of EC2 instances. With AWS Fargate, you no longer have to provision, configure, and scale clusters of virtual machines to run containers. This removes the need to choose server types, decide when to scale your clusters, or optimize cluster packing.
You can define clusters, task definitions, and services as entities in an AWS CloudFormation script.
Docker provides several diagnostic tools that help you troubleshoot problems with your containers and tasks.
You can access the Docker command line utilities by connecting to a container instance using SSH.
The exit codes that Docker containers report can also provide some diagnostic information (for example, exit code 137 means that the container received a SIGKILL signal).
Port mappings allow containers to access ports on the host container instance to send or receive traffic. Port mappings are specified as part of the container definition.
Few important points about ECS
Task Def. specifies how much CPU or RAM for the containers
ECS Cluster is a logical grouping of container instances that you can place your tasks on
Clusters can contain multiple different instance types
Clusters are Region specific
ECS agent (comes pre installed on Amazon Linux AMI) is a piece of software that runs on Linux (windows is not supported) lets you connect your EC2 instance connect with a container in a cluster
Security groups act at the instance level (not at container or task level)