ECS, ECR, Fargate

Docker

Image

Private: Amazon ECR
(Elastic container regisry)

Pubic: Docker hub

Step

Build > Push/Pull -> Run

ECS

ECS Task (on ECS cluster) = Docker container

EC2 Launch Type

Structure: EC2 cluster -> EC2 instance (ECS agent each) -> ECS Task

AWS take care start/stop container

Must provision manually

Fargate launch type

Not provision infra, serverless

IAM role

EC2 instance profile (EC2 launch type only)

ECS agent

ECS task role

Load balancer
integrate

ALB

NLB

Data volume (EFS)

EFS onto ECS task

work both EC2 & fargate

Fargate + EFS = serverless

Note: S3 cannot mount as FS

ECS Auto scaling

AWS Application Auto Scaling

average CPU

average memory

count per request

Target tracking (based on target value CloudWatch)

Step scaling (based on CloudWatch Alarm)

Scheduled scaling (based on date/time)

EC2 launch type

Auto Scaling Group Scaling

AGS based on CPU (service level)

ECS cluster capacity provider (cluster level)

ECS Rolling Update

update screen

minimum healthy percent

maximum percent

Solution architect

CLient -> S3 -> EventBridge -> Run ECS Task (Role S3, DynamoDB) -> DynamoDB

EventBridge (every 1h) -> Run ECS Task -> S3

SQS Queue <-(pool)<- Service A (ECS Service Audo Scaling)

stop task -> EventBridge -> SNS -(email)-> Administrator

ECS Task Definition

JSON

information

Image name

port binding (container & host)

memory & CPU required

environment variable

network info

IAM role

logging config

limit 10 container in task

Load balacing (EC2 LT)

dynamic host mapping
(define container port only)

EC2 SG must allow any port from ALB SG

Load balancing (fargate)

each task unique private IP

only define container port

ECS ENI SG: Allow 80 from LB

ALB SG: Allow 80/443 from web

IAM Role

1 per Task definition (not at service level)

env variable

hardcoded

Secret Manager

SSM param store

File (Amazon S3)

Data volume

work both EC2 & fargate

essential container

true: stop task when stop

ECS Task Placement (ec2 only)

task placement process

identify instance satisfy CPU, mem, port

identify instance satisfy constraints

identify instance satisfy strategies

select instance for task placement

placement strategy

binpack (least avaible CPU & memory; cost saving)

random

spread

based on specific value: instnaceId, ecs.avail-zone

placement constraint

distinceInstance: each task diff container

memberOf: Cluster Query lanaguage

ECR

public & private image: https://gallery.ecr.aws

support: vulnerably scanning

AWS Copilot

to run app on AppRunner, ECS,Fargate

CLI tool: build, release, operate containerized apps

require install manually

EKS (kubernetes service)

Node Type

managed node group

self-managed node

AWS fargate

Data volume

StroageClass

leverage Container Storage Interface (CSI)