AWS EC2 Container Service (ECS) is a highly scalable, high performance container management service that supports Docker containers and allows running applications on a managed cluster of EC2 instances.

Orchestrates the execution of containers

• Maintains and scales the fleet of nodes running your containers

• Removes the complexity of standing up the infrastructure

• Monitors deployment of your containers

• Schedules containers using its built-in scheduler or a third-party scheduler (e.g., Apache Mesos, Blox)

• Is extensible via APIs

ECS eliminates the need to install, operate, and scale the cluster management infrastructure.

ECS is a regional service that simplifies running application containers in a highly available manner across multiple AZs within a region.

ECS helps schedule the placement of containers across the cluster based on the resource needs and availability requirements.

ECS allows integration of your own custom scheduler or third-party schedulers to meet business or application specific requirements.

Applications deployed on ECS must be architected to run in docker containers, which is a standardized unit of software development, containing everything that the software application needs to run: code, runtime, system tools, system libraries, etc.

Containers are created from a read-only template called an image.

Images are typically built from a Dockerfile, and stored in a registry from which they can be downloaded and run on your container instances.

ECS can be configured to access a private Docker image registry within a VPC, Docker Hub or is integrated with EC2 Container Registry (ECR).

With IAM roles for Amazon ECS tasks, you can specify an IAM role to be used by the containers in a task. Applications are required to sign their AWS API requests with AWS credentials, and this feature provides a  strategy to manage credentials for your application's use. This is similar to how Amazon EC2 instance profiles provide credentials to EC2 instances.

Can scale up to thousands of containers, including automatically via Auto Scaling

Can leverage Spot and Reserved Instances

If you stop (not terminate) an Amazon ECS container instance, the status remains ACTIVE, but the agent connection status transitions to FALSE within a few minutes.

•  Any tasks that were running on the container instance stop. 

• If you start the container instance again, the container agent reconnects with the Amazon ECS service, and you are able to run tasks on the instance again. 

Containers and Images

• Applications deployed on ECS must be architected to run in docker containers, which is a standardized unit of software development, containing everything that the software application needs to run: code, runtime, system tools, system libraries, etc.

• Containers are created from a read-only template called an image.

• Images are typically built from a Dockerfile, and stored in a registry from which they can be downloaded and run on your container instances.

• ECS can be configured to access a private Docker image registry within a VPC, Docker Hub or is integrated with EC2 Container Registry (ECR).

Clusters

• Cluster is a logical grouping of EC2 container instances to run tasks using ECS.

• ECS downloads the container images from the specified registry, and runs those images on the container instances within your cluster.

Task Definitions

• Task definition is a description of an application that contains one or more docker containers.

• Task definition is needed to prepare application to run on ECS.

• Task definition is a text file in JSON format that describes one or more containers that form your application.

• Task definitions specify various parameters for the application, such as containers to use, their repositories, ports to be opened, and data volumes.

Tasks and Scheduling

• A task is the instantiation of a task definition on a container instance within the cluster.

• After a task definition is created for the application within ECS, you can specify the number of tasks that will run on the cluster.

• ECS task scheduler is responsible for placing tasks on container instances, with several different scheduling options available

ECS Service

• ECS Service helps to run and maintain a specified number of instances of a task definition simultaneously.

Container Agent

• Container agent runs on each instance within an ECS cluster.

• Container Agent sends information about the instance’s current running tasks and resource utilization to ECS, and starts and stops tasks whenever it receives a request from ECS.

AWS Fargate is a serverless compute engine for containers that works with both Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS).

A fully managed container service for Amazon ECS and Amazon ECS for Kubernetes

Provisions and manages clusters for you

Manages runtime environments

Scales automatically

Fargate makes it easy for you to focus on building your applications. 

Lets you specify and pay for resources per application, and improves security through application isolation by design.  

You only pay for the resources required to run your containers, so there is no over-provisioning and paying for additional servers. 

Fargate allocates the right amount of compute, eliminating the need to choose instances and scale cluster capacity.  

Fargate eliminates the need to manage servers, but also puts a requirement of your Task definitions to be stateless. 

Currently, no volumes can be attached to the containers defined in your Tasks which eliminates some types of containers (such as datastores requiring persistent storage) to be able to run in the ECS environment.

Fargate runs each task or pod in its own kernel providing the tasks and pods their own isolated compute environment. 

This enables your application to have workload isolation and improved security by design.  

ECS helps in having a more fine-grained control for custom application architectures.

Elastic Beanstalk is ideal to leverage the benefits of containers but just want the simplicity of deploying applications from development to production by uploading a container image.

Elastic Beanstalk is more of an application management platform that helps customers easily deploy and scale web applications and services.

With Elastic Beanstalk, specify container images to be deployed, with the CPU & memory requirements, port mappings and container links.

Elastic Beanstalk abstracts the finer details and automatically handles all the details such as provisioning an ECS cluster, balancing load, auto-scaling, monitoring, and placing the containers across the cluster.

EC2 Container Service is a highly scalable Docker container management service that allows running and managing distributed applications in Docker containers.

AWS Lambda is an event-driven task compute service that runs code (Lambda functions) in response to “events” from event sources like SES, SNS, DynamoDB & Kinesis Streams, CloudWatch etc.

ECS EC2 (traditional)

• You are all-in on AWS

• You have an existing AWS footprint such as an already defined VPC and subnets, processes for provisioning and managing EC2 instances.

• You have an Ops team in place to manage AWS resources.

ECS Fargate

• You are mostly utilizing AWS and may or may not have an existing VPC.

• You may or may not be currently utilizing ECS and do not want or are looking to reduce your operations responsibility on AWS.

• Your applications are stateless or manage state through S3, RDS or other external services from your containers.

EKS

• You are utilizing AWS but want to keep your infrastructure portable for other cloud providers.

• You want to utilize the most flexible and future-proof managed container environment.

• You want to ensure open source tools are used as much as possible.

• You want developers and operations to be able to determine how containers are managed.

• 
  

ECS Example