AWS Solution Architect Associate (SAA-C02) Review Material – Container Management

Leave a Comment / AWS Review Notes / By

ECS

  • A fully managed container orchestration service that makes it easy for you to deploy, manage, and scale containerized applications.
  • Only support Docker containers.
  • Tasks and Services:
    • Tasks:
      • A task definition is required to run Docker containers in Amazon ECS which defines:
        • The Docker image to use with each container in your task
        • How much CPU and memory to use with each task or each container within a task
        • The launch type to use, which determines the infrastructure on which your tasks are hosted
        • The Docker networking mode to use for the containers in your task
        • The logging configuration to use for your tasks
        • Whether the task should continue to run if the container finishes or fails
        • The command the container should run when it is started
        • Any data volumes that should be used with the containers in the task
        • The IAM role that your tasks should use
      • A Task is a running container.
      • Can be invoked by CloudWatch Event/Event Bridge.
      • Can autoscale via CloudWatch Metric.
    • Service:
      • Allows you to run and maintain a specified number of instances of Tasks. It is usually used for long-running processes.
      • Can be configured to talk to an ALB
  • Manages worker nodes – either an EC2 or Fargate
  • 2 Launch Types:
    1. EC2 Launch Type
      • Requires an ASG
      • Requires an agent installed on the EC2 (not required to be installed if used AMI for ECS)
      • Can have it’s private IP or use VPC IP
    2. Fargate
      • Serverless offering. Does not require to provision EC2 instances.
      • Will assign an ENI for each running task.
      • Will use VPC IP.
  • Integration with ALB (Dynamic Port Mapping) for EC2 Launch Type. Must allow in Security Group ALB access to all ports. Fargate use fix port (ENI)
  • Requires 2 types of IAM Roles:
    • EC2 Instance Profile:
      • Used by the ECS agent to make AWS API calls (e.g. CloudWatch, ECS service)
    • ECS Task
      • Used by the ECS task to make AWS API calls.
      • Good practice to use different roles for each task,
  • Normally use EFS for task volume.
  • Rolling Update
    • Uses Minimum Healthy Percent and Maximum Healthy Percent
    • Minimum Healthy Percent – the minimum number of tasks that must be running as a percentage of the total.
    • Maximum Healthy Percent – the maximum number of tasks that must be running as a percentage of that total
    • Example 1:
      • 4 Running Task; Minimum= 50% Maximum = 100%
        • Cannot add new version before terminating the old version since Maximum = 100% (i.e. current running task is already 100%)
        • Can only terminate 2 instances for replacement (50 % of 4) before adding a new version.
      • 4 Running Task; Minimum= 50% Maximum = 150%
        • Can add additional 2 instances since the Maximum is 150% before terminating the old version (so total is now 6)
        • Can terminate 2 instances and replace them with a new version so we can maintain 4 running tasks.

EKS

  • A managed Kubernetes service
  • 2 Launch Types:
    1. EC2 Launch Type
      • Requires an ASG
      • Requires an agent installed on the EC2 (not required to be installed if used AMI for ECS)
      • Can have it’s private IP or use VPC IP
    2. Fargate
      • Serverless offering. Does not require to provision EC2 instances.
      • Will assign an ENI for each running task.
      • Will use VPC IP.

Leave a Comment

Your email address will not be published. Required fields are marked *