Containers in the Cloud

Containers in the Cloud

ECS - Elastic Container service

  • ECS is container orchestration service
  • ECS helps to run Docker containers and EC2 machines
  • ECS is made of:
    • ECS EC2: running ECS tasks an user-provisioned EC2 instances
    • Fargate: running ECS tasks on AWS provisioned compute instances (serverless)
    • EKS: running ECS on AWS powered Kubernetes
    • ECR: Docker Container Registry hosted on AWS
  • ECS and Docker are very popular for micro-services
  • IAM security and roles are at the task level

Concepts

  • ECS cluster: set of EC2 instances
  • ECS service: application definitions running on ECS cluster
  • ECS tasks + definition: containers running to create the application
  • ECS IAM roles: roles assigned to ECS tasks

ECS - ALB integration

  • Application Load Balancer has a direct integration feature with ECS called port mapping
  • This allows us to run multiple instances of the same application on the same EC2 machine
  • Use cases:
    • Increase resiliency even if the application is running on one EC2
    • Maximize utilization of CPU cores
    • Ability to perform rolling updates without impacting application uptime

ECS Setup and Config file

  • Run an EC2 instance, install the ECS agent with ECS config file or use ECS-ready Linux AMI (still need to modify the config file)
  • ECS Config file is at /etc/ecs/ecs.config
  • Config settings:
    • ECS_CLUSTER: to which cluster belongs the EC2 instance
    • ECS_ENGINE_AUTH_DATA: authenticate to private registries
    • ECS_AVAILABLE_LOGGING_DRIVERS: used for enabling CloudWatch logging
    • ECS_ENABLE_TASK_IAM_ROLE: enable IAM roles for an ECS tasks

ECS - IAM Task Roles

  • The EC2 instance running the containers should have an IAM role allowing it to access the ECS service for the ECS agent
  • Each task inherits EC2 permissions
  • ECS IAM task role: role dedicated to each task separately
  • Define a tas role: we can use the taskRoleArn parameter in the task definition

Fargate

  • When launching an ECS cluster, we have to create our EC2 instances, which means basically we are managing the underlying infrastructure
  • With Fargate, this is eliminated since this AWS service is serverless
  • We have to provide task definitions and AWS will run the container for us
  • To scale we just have to increase the task number

ECR - Elastic Container Registry

  • Store, manage and deploy container in AWS
  • Fully integrated with IAM and ECS
  • Data is sent over HTTPS and encrypted at rest

Amazon EKS

  • EKS = Elastic Kubernetes Service
  • It is a way to launch managed Kubernetes clusters on AWS
  • Kubernetes is an open-source system for automatic deployment, scaling and management of containerized applications
  • It is an alternative to ECS having a different API
  • EKS supports EC2 if we want to deploy worker nodes or Fargate to deploy serverless containers