AWS Developer Associate (DVA-C01) Review Material – ECS

Leave a Comment / AWS Review Notes / By

General

  • A cluster is a logical grouping of tasks or services. 
  • A container is a standardized unit of software development that holds everything that your software application requires to run.
  • Containers are created from a read-only template that’s called an image.
  • task definition is a text file, in JSON format, that describes one or more containers that form your application
  • task is the instantiation of a task definition within a cluster.
  • A service runs and maintains the desired number of tasks simultaneously in an Amazon ECS cluster.
  • Supports the following OS:
    • Amazon Linux
    • Windows Server

ECS Cluster

  • Logical grouping of tasks or services.
  • Tasks and services are run on infrastructure that is registered to a cluster, which includes:
    • Managed by users:
      • EC2 instances
      • On-Prem
      • Virtual Machines
    • Managed by AWS:
      • Fargate
  • Region-specific
  • Can be in the following states:
    1. ACTIVE
    2. PROVISIONING
    3. DEPROVISIONING
    4. FAILED
    5. INACTIVE

EC2 Launch Type

  • Requires an ECS agent.
    • The agent will run in EC2 as a docker container.
    • The agent will register the host to the ECS cluster
    • Container instances require external network access to communicate with the Amazon ECS service endpoint(inbound 1024-65535)
  • Must use a special AMI
  • Can be provisioned using:
    • On-Demand
    • Spot
  • Uses CloudFormation to create the EC2.
  • Managed by an ASG (also created by CloudFormation)
    • The launch configuration will have the following user data
#!/bin/bash
echo ECS_CLUSTER=DVA-C01 >> /etc/ecs/ecs.config;echo ECS_BACKEND_HOST= >> /etc/ecs/ecs.config;
  • The Linux variants of the Amazon ECS-optimized AMI look for agent configuration data in the /etc/ecs/ecs.config
  • Uses the IAM Policy: AmazonEC2ContainerServiceforEC2Role by default

Task Definition

  • Meta that tells ECS how to run the containers which include:
    • The Docker image to use
    • CPU and Memory of
      • Each task
      • Each container
    • Launch type (EC2 or Fargate)
    • Networking mode (Bridge, Host, AWSVPC)
    • Logging
    • Data Volume
    • The IAM role
    • Container definition
      • The command the container should use
      • Port mapping (set host port to 0 for dynamic port mapping)
      • Memory limit
    • Whether the task should continue to run if the container finishes or fails
  • You can define multiple containers in a task definition
  • Has revisions (or version)

ECS Service

  • Defines how many tasks should run and how should they run.
  • Can be associated with a load balancer (ALB/NLB/CLB). However, the association only happens during service creation.
  • The following parameters can be specified in a service definition:
    • Launch Type (EC2, Fargate, External). Mutually exclusive with Capacity Provider.
    • Capacity Provider Strategy. Mutually exclusive with Launch Type.
    • Task Definition
    • Platform operating system (Required for Fargate, ignored in EC2)
    • Platform version (applicable to Fargate only)
    • Scheduling strategy (Replica or Daemon)
      • Replica – maintain the desired number of tasks across your cluster.
      • Daemon –  deploys exactly one task on each active container instance that meets all of the task placement constraints that you specify in your cluster. No need to specify a desired number of tasks, a task placement strategy, or use Service Auto Scaling policies
    • Desired count. The number of instantiations of the specified task definition to place and keep running on your cluster.
    • Task placement (for EC2 launch types only)
      • placementConstraints (distinctInstance| memberof)
      • placementStrategy (random | spread | binpack)
    • Network configuration (VPC, subnet and SG settings)

ECR

  • AWS managed container image registry service that is secure, scalable, and reliable
  • Each account has 1 private and public registry
  • Each registry can have multiple repositories.
  • A Docker repository is where you can store 1 or more versions of a specific Docker image
  • To login using the CLI:
$ # Version 2
$ aws ecr get-login-password --region region | docker login --username AWS --password-stdin aws_account_id.dkr.ecr.region.amazonaws.com

$ # Version 1
$ (aws ecr get-login --no-include-email --region region)

Fargate

  • Fargate version is a combination of the kernel and container runtime versions.
  •  Pay for the vCPU and memory resources the tasks used.
  • Each Fargate task has its own isolation boundary and does not share the underlying kernel, CPU resources, memory resources, or elastic network interface with another task
  • Fargate launch each task has a dedicated Linux kernel not sharing CPU, memory, or the Elastic Network Interface (ENI) with any other task (each task has its own ENI)
  • Task definition must be compatible with Fargate.
  • No host port mapping.
  • Task Definition:
    • Must specify Task Memory (0.5GB,1GB,2GB…) and Task vCPU (0.25,0.5,1,2..)

Roles

  • Instance Role (Container Instance Role)
    • Used by the ECS Agent to make API calls
    • Defined during cluster creation.
    • Applicable only on EC2 launch type
  • Task Role
    • Used by the task
    • Defined in the task definition

Task Placement Strategy and Task Constraints (EC2 Launch Type Only)

  • Determines where to place the task when launching a new task or what task to terminate when terminating a task.
  • When Amazon ECS places tasks, it uses the following process to select container instances:
    1. Identify the instances that satisfy the CPU, memory, and port requirements in the task definition.
    2. Identify the instances that satisfy the task placement constraints.
    3. Identify the instances that satisfy the task placement strategies.
    4. Select the instances for task placement.
  • Task Placement Strategy:
    • An algorithm for selecting instances for task placement or tasks for termination
    • Can be specified when either running a task or creating a new service.
    • Strategy Types:
      1. binpack – placed on an instance so as to leave the least amount of unused CPU or memory
      2. random
      3. spread – placed evenly based on the specified value. (e.g. instanceId, zone)
  • Task Placement Constraint:
    •  A rule that’s considered during task placement.
    • Can be specified when either running a task or creating a new service.
    • Constraint Types:
      1. distinctInstance – Place each task on a different container instance. 
      2. memberOf – Place tasks on container instances that satisfy an expression (using Cluster Query Language)
      3. ecs.os-family

Auto Scaling

  • Can scale Service or infra through Cluster Capacity Provider
  • Service Auto Scaling:
    1. Target tracking scaling policies—Increase or decrease the number of tasks that your service runs based on a target value for a specific metric. This is similar to the way that your thermostat maintains the temperature of your home. You select temperature and the thermostat does the rest.
    2. Step scaling policies—Increase or decrease the number of tasks that your service runs based on a set of scaling adjustments, known as step adjustments, that vary based on the size of the alarm breach.
    3. Scheduled Scaling—Increase or decrease the number of tasks that your service runs based on the date and time.
  • Cluster Capacity Provider:
    • capacity provider is associated with a cluster and is used in a capacity provider strategy to determine the infrastructure that a task runs on
    • Defined at the cluster level
    • Fargate uses the FARGATE and a FARGATE_SPOT capacity providers that are added by default.
    • EC2 requires an ASG.
    • The service definition must use ‘Capacity Provider’ as the launch type (not Fargate or EC2).

Task Volumes

  1. Fargate task storage
  2. Amazon EFS volumes
  3. FSx for Windows File Server volumes
  4. Docker volumes – a new directory is created within Docker’s storage directory on the host machine. Docker volumes are completely handled by Docker itself and therefore independent of both your directory structure and the OS of the host machine.
    • The scope can be:
      1. Task – data are destroyed when the task completes.
      2. Shared – data persists even after the task completes.
  5. Bind mounts –  a file or directory on the host machine is mounted into a container. 

Leave a Comment

Your email address will not be published. Required fields are marked *