Kubernetes on AWS

AWS ECS in Depth: Architecture and Deployment Options

What is AWS ECS?

Amazon Elastic Container Service (ECS) is a cloud-based and fully-managed container orchestration service. It lets you run your applications in the cloud without having to configure and maintain the infrastructure.

To ensure capacity demands are optimally met and maintain peak performance, you can set ECS to continuously evaluate and monitor memory and CPU processes. This data can help you determine an optimal deployment strategy for each container. Additionally, you can leverage ECS to scale containers and release updates as needed.

ECS supports integration with several useful AWS services and features, including Identity and Access Management (AWS IAM) roles, Elastic Block Store (AWS EBS) volumes, and AWS Elastic Load Balancing (AWS ELB).

This is part of our series of articles about Kubernetes on AWS.

In this article, you will learn:

ECS Benefits and Use Cases

ECS enables you to easily leverage containers for various use cases. You can leverage ECS to host simple websites as well as manage a distributed microservices architecture. ECS simplifies the management of containers, but it does not automate the entire process. You can still fine-tune and customize the process.

Here are several key benefits of Amazon ECS:

  • Easy and simple deployment—ECS eliminates the need to set up and maintain the infrastructure of Kubernetes clusters by taking responsibility over these tasks.
  • Scheduling capabilities—that enable you to schedule services, applications, and batch processes.
  • Managed availability—ECS is responsible for maintaining application availability and helps you scale up or down as needed to ensure capacity demands are met.
  • Native integration—with a wide range of features like AWS ELB, Amazon Virtual Private Cloud (Amazon VPC), IAM, and AWS EBS.
  • Integration with existing tools—ECS provides simple APIs that let you integrate with your CI/CD pipeline and your existing tools.

Learn more in our guides: AWS ECS vs Kubernetes and AWS ECS vs EKS

Amazon ECS Architecture

The figure below illustrates Amazon ECS with containers running on AWS Fargate. In the following sections, we’ll discuss the main components shown.

Picture1-Aug-29-2021-11-40-02-86-AMSource: AWS

Containers and Images

To deploy your application on Amazon ECS, you need to design application components to run in containers. Containers are created from read-only templates called images.

Images are usually built from a Dockerfile, a plain text file that specifies all the components that need to run in the container. Once built, these images are stored in a container registry and can be downloaded and run on the cluster.

AWS ECS Task Definitions

To prepare your application to run on Amazon ECS, you need to create a task definition. A task definition is a text file (in JSON format) that describes one or more containers (up to 10) that make up your application.

The job definition can specify various parameters for your containerized application. For example, you can use these parameters to indicate which containers to run, which ports should be open, which data volumes should be used, what Docker networking mode to use, and Identity and Access Management (IAM) roles.

Almost everything you can run in a command-line Docker command can be defined using ECS task definitions. See all task definition parameters in the official documentation.

AWS ECS Tasks and Scheduling

A task is an instance of a task definition running in a cluster. After you create a task definition for your application in Amazon ECS, you can specify the number of tasks to run on your cluster.

The Amazon ECS Task Scheduler is responsible for placing tasks in a cluster. There are two primary scheduler strategies:

  • The REPLICA strategy places a desired number of tasks in your cluster, and maintains this number of tasks, restoring them if some of them fail.
  • The DAEMON strategy places one task on each active container instance that meets the relevant criteria.

Picture1-Aug-29-2021-11-41-40-49-AMSource: AWS

AWS ECS Cluster

An Amazon ECS cluster is a logical grouping of services, each composed of one or more tasks. The first time you use Amazon ECS, a default cluster is created. You can create additional clusters in your account to achieve resource isolation for different workloads or projects.

There are two ways to run cluster resources—on EC2 instances or via Amazon Fargate. For more details on how each of these options works, see the following section.

Container Agent

The container agent runs on each container instance in an Amazon ECS cluster. The agent sends information about currently running tasks, and resource utilization, to Amazon ECS. Amazon ECS can use the agent to start and stop tasks as needed.

Picture1-Aug-29-2021-11-43-11-86-AMSource: AWS

AWS ECS Deployment Options: EC2 vs Fargate

ECS can use Elastic Compute Cloud (EC2) instances to run containers. EC2 instances are deployed as part of the Amazon EC2 service, and “registered” in a defined ECS cluster, meaning that EC2 can use those instances to deploy containers. You can run an ECS cluster within an existing VPC, making it accessible to existing AWS resources running in that VPC.

An alternative way to deploy ECS containers is with Amazon Fargate. Fargate removes responsibility for provisioning, configuring, and managing EC2 instances, allowing AWS to manage EC2 instances for you.

With Fargate you don’t need to manage servers, but you must ensure that task definitions are stateless. Currently, you cannot attach a storage volume (such as an Elastic Block Storage volume) to the container defined in the job.

This means that if you use Fargate with persistent storage, you will need to use external storage services like S3 or Relational Data Service (RDS).

Use ECS with EC2 when:

  • Your entire infrastructure runs in AWS
  • You have already defined VPC and subnets
  • You have existing processes for provisioning and managing EC2 instances
  • Applications require directly-attached persistent storage

Use ECS Fargate when:

  • You do not have an existing VPC
  • You have some resources running on Amazon and some on other cloud environments
  • Applications are stateless or do not require directly-attached storage volumes


How is Amazon ECS Different from AWS Elastic Beanstalk?

EC2 provides you with capabilities that simplify the management of containers, while you continue to fine-tune the process. AWS Elastic Beanstalk, on the other hand, automatically manages the infrastructure for you. You can use Beanstalk in cases when you need to focus only on the code.

AWS Elastic Beanstalk is a cloud-based service that helps you easily deploy and scale applications and services. Beanstalk automatically manages services, such as ELB, EC2, Auto Scaling, RDS, and Auto Scaling, deploys applications, and monitors the health of the application.

When working with Beanstalk, you need to specify the container images you want the service to deploy, as well as the memory and CPU requirements, the container links, and port mappings. Once you define this information, Beanstalk starts automatically handling all management. It provisions the ECS cluster, manages auto-scaling and monitoring, performs load balancing, and deploys containers in clusters.

How is Amazon ECS Different from AWS Lambda?

Amazon ECS provides capabilities that simplify the management of containers and clusters but does not fully automate the process. You are required to understand how the provisioning process works and continuously configure and scale your resources. EC2 exposes servers and provides you with information needed to scale and optimize your environment.

AWS Lambda lets you code event-driven tasks that automate the compute infrastructure. Lambda enables you to define a serverless infrastructure that does not require or allow your intervention, aside from writing the code that triggers events. Lambda lets you configure events like data changes or website clicks and define a reaction in response to the events.

Optimizing Containers Storage with Cloud Volumes ONTAP

NetApp Cloud Volumes ONTAP, the leading enterprise-grade storage management solution, delivers secure, proven storage management services on AWS, Azure and Google Cloud. Cloud Volumes ONTAP supports up to a capacity of 368TB, and supports various use cases such as file services, databases, DevOps or any other enterprise workload, with a strong set of features including high availability, data protection, storage efficiencies, Kubernetes integration, and more.

In particular, Cloud Volumes ONTAP supports Persistent Volume provisioning and management requirements of containerized workloads.

Learn more about how Cloud Volumes ONTAP helps to address the challenges of containerized applications in these Kubernetes Workloads with Cloud Volumes ONTAP Case Studies.

New call-to-action

Yifat Perry, Product Marketing Lead

Product Marketing Lead