My Blog

AWS Containers

1-click AWS Deployment 1-click Azure Deployment 1-click Google Deployment

Overview

AWS Containers are  method of operating system virtualization that permit you to run an application and its dependences in resource-isolated processes. Containers allow you to effortlessly package an application’s code, configurations, and needs into easy-to-use building blocks that deliver environmental consistency, operational efficiency, developer productivity, and version control. Running containers in the AWS Cloud allows you to build robust, scalable applications and services by leveraging the benefits of the AWS Cloud such as elasticity, availability, security, and economies of scale. You also only pay for as many resources as you use. The Container solutions showcased include a combination of AWS services and APN Partner technologies, can be deployed quickly with solution accelerators like AWS Quick Starts, and feature optional consulting offerings to accelerate your cloud transformation.

Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service. Customers such as Duolingo, Samsung, GE, and Cook Pad use ECS to run their most sensitive and mission critical applications because of its security, reliability, and scalability.

ECS is a boundless choice to run containers for several explanations. We can choose to run your ECS clusters using AWS Fargate, which is serverless compute for containers. Fargate removes the need to provision and manage servers, lets you specify and pay for resources per application, and improves security through application isolation by design. Second, ECS is used extensively within Amazon to power services such as Amazon SageMaker, AWS Batch, Amazon Lex, and Amazon.com’s recommendation engine, ensuring ECS is tested extensively for safety, consistency, and accessibility.

Also, because ECS has been a foundational pillar for key Amazon services, it can natively integrate with other services such as Amazon Route 53, Secrets Manager, AWS Identity and Access Management and Amazon CloudWatch providing you a familiar experience to deploy and scale your containers. ECS is also able to quickly integrate with other AWS services to bring new capabilities to ECS. For example, ECS allows your applications the flexibility to use a mix of Amazon EC2 and AWS Fargate with Spot and On-Demand pricing options. ECS also integrates with AWS App Mesh, which is a service mesh, to bring rich observability, traffic controls and security features to your applications. ECS has grown rapidly since launch and is currently launching 5X more containers every hour than EC2 launches instances.

 

Amazon Elastic Container Service (Amazon ECS)

Amazon Elastic Container Service is a cloud computing service in Amazon Web Services (AWS) that manages containers and allows developers to run applications in the cloud without having to configure an environment for the code to run in. It enables developers with AWS accounts to deploy and manage scalable applications that run on groups of servers — called clusters — through application program interface calls and task definitions. Amazon ECS is a scalable service that is accessible through the AWS Management Console and software development kits

Amazon developed ECS in response to the rise in popularity of containerization. ECS enables a developer to specify rules for isolated sets of EC2 instances which increase portability and computing performance by running on top of a host operating system (OS). ECS supports Docker, an open source Linux container service.

Amazon ECS enables developers to easily use Docker containers for a range of activities; from hosting a simple website to running complex, distributed microservices that require thousands of containers. ECS evaluates and monitors CPU and memory output to determine the optimal deployment for a container. AWS customers can also use the service to update containers or scale them up or down. AWS Elastic Load Balancing Elastic Block Store volumes and Identity and Access Management roles are also supported for further customization.

Uses of Amazon Elastic Container Service

Amazon ECS is best used with:

  • Machine learning – Machine learning models can be easily containerized for training and inference with Amazon ECS. ML models can be created with loosely coupled, distributed services that can be placed on a variety of platforms or close to the data that’s being analyzed by the application.
  • Microservices – Amazon ECS assists in the operation of microservices applications by providing native integration to AWS and enabling continuous integration and continuous deployment pipelines.
  • Virtual machines – The Amazon Elastic Compute Cloud web service can be used to create and operate Linux virtual machines in the cloud; these VMs are called instances. Developers can specify rules for the isolated sets of EC2 instances which increase computing performance and portability by running on top of a host operating system.
  • Migrating apps to the cloud – Legacy enterprise applications can be feasibly containerized and migrated to Amazon ECS without necessitating any code changes.
  • Batch processing – Batch workloads can be run with custom or managed schedulers on AWS On-Demand Instances, Reserved Instances or Spot Instances.

How Amazon Elastic Container Service works

AWS account holders can integrate the ECS service with other Amazon Web Services, such as:

  • AWS CloudTraillogs
  • AWS Command Line Interface (AWS CLI)
  • Amazon Elastic Compute Cloud (EC2)
  • AWS CloudFormation templates
  • AWS SDKs
  • AWS Tools for Windows PowerShell
  • Amazon Elastic Container Registry (Amazon ECR)

Amazon ECS allows developers to define their application by pulling the necessary Docker images and resources from Amazon ECR or other repositories. Once all the appropriate containers have been gathered, they are deployed, either on EC2 or AWS Fargate. Finally, Amazon ECS scales the application and continuously manages the availability of containers.

Amazon Elastic Container Service features

Scheduling – Schedulers place containers over clusters according to the desired resources — such as RAM or CPU — and availability requirements. This feature can be used to schedule batch jobs and long-running applications or services.

 

Amazon ECS includes two schedulers which enable users to deploy containers based on computing needs or availability requirements. AWS Blox, an open source container orchestration tool, integrates with ECS to schedule containers. Long-running applications and batch jobs benefit from the use of schedulers for their responsiveness; ECS also supports third-party scheduling options.

Docker integration – Docker is supported by Amazon ECS, thus allowing AWS users to manage Docker containers across clusters of Amazon EC2 instances. Each EC2 instance in a cluster runs a Docker daemon that deploys and runs any application packaged as a container locally on Amazon ECS without the need to make any changes to the container.

Networking – Amazon ECS supports Docker networking as well as integration with Amazon Virtual Private Cloud (Amazon VPC) to provide isolation for containers, thus providing developers with control over how the containers interact with other services and external traffic. Four networking modes are available for the containers; each one supports different use cases. The modes include:

  • Host mode – Adds containers directly to the host’s network stack and exposes containers on the network that are not isolated.
  • Task networking mode – Assigns every running Amazon ECS task a dedicated elastic networking interface which provides the containers with full networking features in Amazon VPC, similar to EC2 instances.
  • None mode – Deactivates external networking for containers.
  • Bridge mode – Creates a Linux bridge that is used to connect all containers operating on the host in a local virtual network that is accessed through the host’s default network connection.

Cluster management – Amazon ECS handles all of the cluster management processes for the developer. This typically involves installing, operating and scaling cluster management software, monitoring solutions and configuration management systems as well as building the architecture and managing the availability and scalability of each system. With Amazon ECS, the developer simply launches a cluster of container instances and specifies the desired tasks to perform.

Task Definitions – Tasks can be defined through a declarative JSON template called a Task Definition. The Task Definition allows developers to specify which containers they need for their task, including memory and CPU requirements, Docker repository and images, shared data volumes, as well as choose how the containers are connected to each other. Task Definition files also allow developers to version control their application specification.

Load balancing – Integration with the AWS ELB allows developers to distribute traffic across containers. They can specify the Task Definition and ELB to use, and then the Amazon ECS scheduler automatically adds and removes containers using the ELB.

Repository support – Any third party repository, accessible private Docker registry or Docker Hub can be used with Amazon ECS as long as it is specified in the Task Definition.

Local development – The AWS CLI allows users to simplify the local development experience and easily set up an Amazon ECS cluster and it related resources. The CLI also supports Docker Compose which is an open source tool used to define and run multi-container applications.

Programmatic control – Various simple APIs are offered that allow developers to integrate and extend the Amazon ECS service. The APIs enable users to create or delete clusters, launch or destroy Docker containers and register or unregister tasks as well as access detailed information about the state of the cluster and its instances. AWS CloudFormation can also be used to deliver Amazon ECS clusters, register Task Definitions and schedule containers.

Logging – Issue diagnosis can be made simpler by sending every container instance’s ECS agent logs and Docker container logs to Amazon CloudWatch logs. All Amazon ECS API calls can also be recorded and the log files will be delivered to the user through AWS CloudTrail.

Monitoring – Monitoring capabilities are provided for the containers and clusters. Average and aggregate CPU can be supervised as well as the memory utilization of running tasks grouped by Task Definition, service or cluster through Amazon CloudWatch. Furthermore, CloudWatch alarms can be set to alert developers whenever a container or cluster needs to be scaled up or down.

Container deployments – Containers can be easily updated to the newest versions. Whenever a new version of the application Task Definition is uploaded, the Amazon ECS scheduler automatically starts new containers using the updated image and disables any container running on the old version. Amazon ECS will also register and unregister the appropriate new and old containers from the AWS ELB.

Container auto-recovery – Unhealthy containers are automatically recovered by the Amazon ECS service scheduler. This ensures the necessary number of containers are constantly supporting the application.

Container security

Amazon ECS runs containers on top of EC2 instances which provides isolation to help businesses achieve compliance. EC2 instances reside in the Amazon VPC and a user can specify which instances are exposed to the internet.

EC2 instances and ECS tasks also adhere to IAM roles, while security groups and network access control lists limit access to instances. An administrator can also provision EC2 Dedicated Instances for containers to provide extra workload isolation.Administrators can adjust security settings at the OS level and implement other monitoring or management tools to protect ECS containers.

Benefits of Amazon Elastic Container Service

Amazon ECS is a beneficial choice for modern software teams that are smaller and cross-functional because it is simple and fast to set up to start running. Furthermore, since it is a fully managed platform from Amazon Web Services, users do not have to worry about dealing with platform-related issues, and can instead focus on migrating their app.

Other benefits include:

  • Improved security – Amazon ECR and ECS collaborate to provide optimal application security.
  • Cost efficient – Amazon ECS allows developers to schedule various containers on the same node , thus achieving high density on Amazon EC2.
  • Performance at scale – Thousands of Docker containers can be launched in seconds without any additional complexity using Amazon ECS. This is because the service is built on technology that has been developed from years of experiences running highly scalable services.
  • Improved compatibility – The container-based pipeline helps eliminate any issues that may arise due to deployments functioning differently in various environments.
  • Designed for collaboration with other AWS services – Integration of Amazon ECS with other AWS services, such as Amazon ECR and AWS ELB, provides users with a complete solution for running a variety of containerized applications and services.
  • Manageable at any scale – Operating cluster management software and creating fault-tolerant clusters is unnecessary when using Amazon ECS. Since there is no software to install, scale and manage, developers can focus on building their container-based applications.
  • Extensible – Amazon ECS offers total prominence and switch of the AWS capitals, thus allowing it to be easily combined or stretched through APIs.

Cognosys Provides Hardened images of AWS Containers on the cloud (AWS Containers on AWS marketplace, AWS Containers on Azure and AWS Containers on Google Cloud Platform).

Deploy AWS Containers  securely on cloud i.e. AWS marketplaceAzure and Google Cloud Platform (GCP)

Click on the respective cloud provider tab for technical information.

Features

Features Of AWS containers :

Amazon Elastic Container Service (Amazon ECS) permits you to simply run, scale, and safe Docker container applications on AWS. Applications packaged as containers far-off will install and run in the same way as containers achieved by Amazon ECS. Amazon ECS eradicates the need to install, operate, and scale your own container composition and cluster management infrastructure, and lets you to focus on the resource needs and availability requirements of your containerized application.

Amazon ECS enables you to grow from a single container to thousands of containers across hundreds of instances without creating additional complexity in how you run your application. You can run anything: applications, batch jobs, or microservices. Amazon ECS abstracts away all the complexity of the infrastructure so you can focus on designing, building, and running containerized applications.

With Amazon ECS, we can use AWS Fargate to completely manage your infrastructure and just focus on deploying containers Or, you can choose to have complete visibility and control of your underlying server cluster from creating and terminating Docker containers to viewing detailed cluster state information. You can integrate and use your own container scheduler or connect Amazon ECS into your existing software delivery process, such as continuous integration and delivery systems.

AWS Fargate Support

AWS Fargate technology is available with Amazon ECS. With AWS Fargate, you no longer have to select Amazon EC2 instance types, provision and scale clusters, or patch and update each server. You do not have to worry about task placement strategies, such as binpacking or host spread and tasks are automatically balanced across availability zones. Fargate manages the availability of containers for you. You just define your application’s requirements, select Fargate as your launch type in the console or CLI, and Fargate takes care of all the scaling and infrastructure management required to run your containers.

For developers who require more granular, server-level control over the infrastructure, Amazon ECS EC2 launch type allows you to manage a cluster of servers and schedule placement of containers on the servers.

Development

Docker Support

Amazon ECS supports Docker and enables you to run and manage Docker containers. Applications you package as a container locally will deploy and run on Amazon ECS without the need for any configuration changes.

Windows Containers Compatibility

Amazon ECS supports management of Windows containers. An Amazon ECS-optimized Windows Amazon Machine Image (AMI) provides enhanced instance and container launch time performance and visibility into CPU, memory utilization, and reservation metrics.

Local Development

The Amazon ECS CLI allows you to simplify your local development experience as well as easily set up and run your containers on Amazon ECS. The Amazon ECS CLI supports Docker Compose, an open-source tool for defining and running multi-container applications. You can apply the same Compose definition used to define a multi-container application on your development machine as well as in production.

Repository Support

Amazon ECS can be used with any third-party hosted Docker image repository or accessible private Docker registry, such as Docker Hub and Amazon Elastic Container Registry (Amazon ECR). All you need to do is specify the repository in your task definition and Amazon ECS retrieves the appropriate images for your applications.

Management

Task Definitions

Amazon ECS allows you to define tasks through a declarative JSON template called a Task Definition. Within a Task Definition you can specify one or more containers that are required for your task, including the Docker repository and image, memory and CPU requirements, shared data volumes, and how the containers are linked to each other. You can launch as many tasks as you want from a single Task Definition file that you can register with the service. Task Definition files also allow you to have version control over your application specification.

Programmatic Control

Amazon ECS provides you with a set of simple API actions to allow you to integrate and extend the service. The API actions allow you to create and delete clusters, register and deregister tasks, launch and terminate Docker containers, and provide detailed information about the state of your cluster and its instances. You can also use AWS CloudFormation to provision Amazon ECS clusters, register task definitions, and schedule containers.

Container Deployments

Amazon ECS allows you to easily update your containers to new versions. You can upload a new version of your application task definition, and the Amazon ECS scheduler automatically starts new containers using the updated image and stop containers running the previous version. Amazon ECS automatically registers and deregisters your containers from the associated Application Load Balancer.

Blue/Green Deployments

Blue/green deployments with AWS CodeDeploy help you minimize downtime during application updates. You can launch a new version of your Amazon ECS service alongside the old version and test the new version before you reroute traffic. You can also monitor the deployment process and rapidly rollback if there is an issue.

Container Auto-Recovery

The Amazon ECS will automatically recover unhealthy containers to ensure that you have the desired number of containers supporting your application.

Capacity Providers

Capacity Providers allow you to define flexible rules for how containerized workloads run on different types of compute capacity, and manage the scaling of the capacity. Capacity Providers work with both EC2 and Fargate. With EC2, you can create a Capacity Provider associated with an EC2 Auto Scaling Group (ASG) and manage scaling of the ASG through ECS Cluster Auto Scaling ensuring that the capacity necessary to run your task is requested even if it is not yet available. When running tasks and services, you can split them across multiple Capacity Providers. This enables new capabilities such as running a service in a predefined split percentage across Fargate and Fargate Spot or ensuring that a service runs an equal number of tasks in multiple availability zones without requiring the service to rebalance.

Scheduling

Amazon ECS includes multiple scheduling strategies that place containers across your clusters based on your resource needs (for example, CPU or RAM) and availability requirements. Using the available scheduling strategies, you can schedule batch jobs, long-running applications and services, and daemon processes.

Task Scheduling
Amazon ECS task scheduling allows you to run processes that perform work and then stop, such as batch processing jobs. Task scheduling can start tasks manually, automatically from a queue of jobs, or based on a time interval that you define.

Service Scheduling
Amazon ECS service scheduling allows you to run stateless services and applications. This scheduling strategy ensures that a specified number of tasks are constantly running and restarts tasks if they fail. You can make sure that tasks are registered against an Elastic Load Balancing load balancer and can perform health checks that you define for your running tasks.

Daemon Scheduling
Amazon ECS daemon scheduling automatically runs the same task on each selected instance in your ECS cluster. This makes it easy to run tasks that provide common management functionality for a service like logging, monitoring, or backups.

Task Placement

Amazon ECS allows you to customize how tasks are placed onto a cluster of EC2 instances based on built-in attributes such as instance type, Availability Zone, or custom attributes that you define. You can use attributes such as environment = production to label resources, use the list API actions to find those resources, and use the RunTask and CreateService API actions to schedule tasks on those resources.

With Amazon ECS, you can also use placement strategies such as bin pack and spread to further define where tasks are placed. Policies can be chained together to achieve sophisticated placement capabilities without writing any code.

Networking and Security

Service Discovery

Amazon ECS is integrated with AWS Cloud Map to make it easy for your containerized services to discover and connect with each other. AWS Cloud Map is a cloud resource discovery service. With Cloud Map, you can define custom names for your application resources, and it maintains the updated location of these dynamically changing resources. This increases your application availability because your web service always discovers the most up-to-date locations of its resources.

Service Mesh

Service mesh makes it easy to build and run complex microservices applications by standardizing how every microservice in the application communicates. AWS App Mesh is a service that makes it easy to configure part of your application for end-to-end visibility and high-availability. To use App Mesh, add the Envoy proxy image to the ECS task definition. App Mesh manages Envoy configuration to provide service mesh capabilities. App Mesh exports metrics, logs, and traces to the endpoints specified in the Envoy bootstrap configuration provided. App Mesh provides an API to configure traffic routes, circuit breaking, retries, and other controls between microservices that are mesh-enabled.

Task Networking

Amazon Elastic Container Service supports Docker networking and integrates with Amazon VPC to provide isolation for containers. This gives you control over how containers connect with other services and external traffic. With Amazon ECS, you can choose between four networking modes for your containers that cater towards different use cases:

Task Networking/awsvpc
This mode assigns each running ECS task a dedicated elastic networking interface, allowing containers full networking features in a VPC, just like EC2 instances.

Bridge
This mode creates a Linux bridge that connects all containers running on the host in a local virtual network, which can be accessed through the host’s default network connection.

Host
This mode adds containers directly to the host’s network stack, exposing containers on the host’s network with no isolation.

None
This mode disables external networking for containers.

Load Balancing

Amazon ECS is integrated with Elastic Load Balancing, allowing you to distribute traffic across your containers using Application Load Balancers or Network Load Balancers. You specify the task definition and the load balancer to use, and Amazon ECS automatically adds and removes containers from the load balancer. You can specify a dynamic port in the task definition, which gives your container an unused port when it is scheduled on an Amazon EC2 instance. You can also use path-based routing to share a load balancer with multiple services.

Security

Amazon ECS allows you to specify an IAM role for each ECS task. This allows the Amazon ECS container instances to have a minimal role, respecting the ‘least privilege’ access policy and allowing you to manage the instance role and the task role separately. You can also use Amazon CloudWatch Logs to gain visibility into the IAM role to which a task is assigned.

Monitoring and Logging

Monitoring

Amazon ECS provides monitoring capabilities for your containers and clusters through Amazon CloudWatch. You can monitor average and aggregate CPU and memory utilization of running tasks as grouped by task definition, service, or cluster. You can also set CloudWatch alarms to alert you when your containers or clusters need to scale up or down.

Logging

Amazon ECS allows you to record all your Amazon ECS API calls and have the log files delivered to you through AWS CloudTrail. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by Amazon ECS. CloudTrail provides you a history of API calls made from the AWS Management Console, AWS SDKs, and AWS CLI. It enables security analysis, resource change tracking, and compliance auditing.

Hybrid Deployments

We can use Amazon ECS on AWS Outposts to run containerized applications that require predominantly low dormancies to on-premises systems. AWS Outposts is a completely managed service that spreads AWS infrastructure, AWS services, APIs, and tools to virtually any connected site. With ECS on Outposts, you can achieve containers on-premises with the same comfort as you manage your containers in the cloud.

 

AWS Containers

Related Posts