The Basics

Amazon ECS, the Elastic Container Service, is an Amazon alternative to Docker Swarm, Kubernetes, and HashiCorp Nomad. Amazon aims to make ECS as simple as possible to reduce the complexity of deploying container-based workloads. Under the hood, ECS runs docker on EC2 instances.

Primary Use Cases

• Maximize EC2 compute resource usage
• Scalable deployment of container workloads
• Scalable batch processing

Uncommon and Unsuitable Use Cases

• Simple web application or website hosting.
• Consider Amazon S3 or AWS Amplify instead.

Amazon ECS contains these core layers.

Review Amazon Elastic Container Service template snippets for a big-picture view of CloudFormation YAML resources.

Dependencies

ECS components optionally depend on EC2, Auto Scaling, Load Balancers, and CloudWatch to operate depending on your overall deployment strategy. Using Fargate simplifies deployment further by removing components from your software architecture.

I will now summarize each ECS component. Where applicable, a link to CloudFormation resource documentation is present.

Cluster

A Cluster is a logical grouping of Tasks or Services running on an EC2 instance, otherwise known as a Container Instance.

Example: fancy-web-application-cluster

The primary responsibility of an Amazon ECS Cluster is managing infrastructure for your Tasks.

AWS::ECS::Cluster

Describe a cluster with this command.

aws ecs describe-clusters --cluster fancy-web-application-cluster

Container Instance

An Amazon ECS container instance is an EC2 instance running an Amazon ECS container agent registered into an Amazon ECS cluster.

The primary responsibility of an Amazon ECS container instance is computing resources for your ECS cluster.

Describe container instances with this command.

aws ecs describe-container-instances --cluster fancy-web-application-cluster

Service

Manages the desired state of your tasks. It defines the number of Tasks to run, autoscaling, and load-balancing strategies. It can optionally work with an Amazon load balancer.

Example: fancy-web-application-service

The primary responsibility of an Amazon ECS Service is keeping your Cluster healthy.

AWS::ECS::Service

Describe an ECS Service with this command.

aws ecs describe-services --services fancy-web-application-service

Container Agent

Allows container instances to connect to your Cluster.

The Amazon ECS container agent is primarily responsible for managing containers on Amazon ECS.

The ECS container agent runs on each Container instance within a cluster and sends telemetry data about that instance’s tasks and resource utilization to the ECS service.

The Amazon ECS container agent ships with ECS-optimized AMIs, but you can also install it on any Amazon EC2 instance that supports the Amazon ECS specification.

Task Definition

I’m using an example webserver task definition provided by AWS for reference. The Task Definition parameters documentation provides a more comprehensive overview.

A Task Definition is a core ECS concept. Describe a Task Definition using a JSON file.

A Task Definition is a collection of container configurations. The Task Definition allows you to specify which Docker image to use, which ports to expose, how much CPU and memory to allocate, how to collect logs, and define environment variables. A task may need one container, while others may require two or more containers.

AWS::ECS::TaskDefinition

A Task Definition includes these properties.

Family

A Task Definition family is a name for a group of versioned containers.

Examples: fancy-web-api, fancy-web-server

More…

Launch types

A Task Definition’s Launch types tell Amazon which environment to deploy containers.

Possible values are EC2, Fargate, and External.

Example: EC2

More…

CPU

A Task Definition’s hard limit of CPU units allocated to a task.

A value of 1024 represents one vCPU.

Example: 1024

More…

Memory

A hard limit of memory (in MiB) allocated to the task.

Example: 1024 ( 1 GB )

More…

Container Definition

An array of up to ten container definitions. A Container Definition is the core component of a Task Definition.

The container definition’s CPU and memory allocations are separate from the Task Definition’s properties.

More…

Name

A name for a container.

The Name property has a maximum length of 255 characters. Use the name of the container to form links between containers.

Example: Nginx

More…

Image

Defines the container that starts with the task definition using a docker repository and tag name.

Images in the Docker Hub registry are available by default. Use the repository-url/image:tag or repository-url/image@digest format for container registries outside Docker Hub.

Example: debian:latest, aws_account_id.dkr.ecr.region.amazonaws.com/my-web-app:latest

More…

Memory

The amount (in MiB) of memory allocated to the container. Use the memoryReservation property to set the minimum required memory for your container. Leave the memory property blank unless you need your container to terminate when memory consumption exceeds the defined limit.

Example: memory: 1024, memoryReservation: 128

More…

Port Mappings

Optional port mappings allow containers to access ports on the host instance to send or receive traffic.

Example: 8080

More…

Describe a task definition with this AWS CLI command.

aws ecs describe-task-definition

LaunchTypes

I introduced Task Definition LaunchTypes previously. A choice of LaunchType fundamentally changes your architecture. Fargate simplifies your architecture and, depending on requirements, can be cheaper than an ECS LaunchType architecture. Fargate controls the underlying infrastructure, while ECS LaunchType requires you to manage the underlying infrastructure.

Per Amazon’s comparison of Fargate VS. EC2 cost optimization.

Fargate has an 87% saving over an EC2 equivalent when the EC2 memory and vCPU reservation rate are at 6.25% and 12.5%, respectively.

Best Practices

• Use each task definition family for only one business purpose
• Match each application version with a task definition revision within a task definition family
• Use different IAM roles for each task definition family
• Use awsvpc network mode and give each service its security group

Learn ECS - Beyond The Basics

• Books

  • Amazon Elastic Container Service: Developer Guide

• Videos

  • Introduction to Amazon Elastic Container Service
  • Elastic Container Service (ECS)

Related Content

• Amazon

  • Amazon Elastic Container Service (Amazon ECS)
  • What is Amazon Elastic Container Service?
  • Building Blocks of Amazon ECS
  • Best Practices Guide
  • Common use cases in Amazon ECS
  • Deploy applications on Amazon ECS using Docker Compose
  • Amazon ECS container agent configuration — ECS Container Instance Options
  • Amazon Elastic Container Service identity-based policy examples
  • Introducing AWS Copilot | Containers - Amazon AWS
  • Setting up with Amazon ECS — Manually create the resources required for an ECS Cluster
  • Tutorial: Using cluster auto scaling with the AWS Management Console

• Beginner

  • A beginner’s guide to Amazon’s Elastic Container Service
  • Gentle Introduction to How AWS ECS Works with Example Tutorial — Though I despise Medium
  • A beginner’s guide to Amazon’s Elastic Container Service

• Code

  • ECS + Terraform
  • terraform-aws-modules/terraform-aws-ecs — Git Repository that includes an example ECS cluster in Terraform.
  • AWS/amazon-ecs-agent — Deployable ECS agent installed on ECS enabled AMIs by default

• Tools

  • Installing or updating the latest version of the AWS CLI
    • TL;DR; if on mac: brew install amazon-ecs-cli

• Troubleshooting

  • How do you delete an AWS ECS Task Definition?
  • Invalid CPU or memory value specified
  • Amazon ECS container agent introspection

• Miscellaneous

  • We switched to Amazon ECS and you won’t believe what happened next
  • Scaling Docker on AWS: Estimating AWS Costs - Introduction
  • The Seven Biggest Challenges of Deployment to ECS
  • Deploy applications on Amazon ECS using Docker Compose — An alternate simplified way to deploy containers