Amazon Elastic Container Service (Amazon ECS)
What is Amazon Elastic Container Service?
Amazon Elastic Container Service (ECS) is a cloud computing service in Amazon Web Services (AWS) that manages containers and lets developers run applications in the cloud without having to configure an environment for the code to run in. It enables developers with AWS accounts to deploy and manage scalable applications that run on groups of servers called clusters through API calls and task definitions. Amazon ECS is a scalable service accessible through the AWS Management Console and SDKs.
Amazon developed ECS in response to the rise in popularity of containerization. ECS enables a developer to specify rules for isolated sets of EC2 instances. This approach increases portability and computing performance, as the instances run on top of a host OS. ECS supports Docker, an open source Linux container service.
With Amazon ECS, developers can easily use Docker containers for a range of activities; from hosting a simple website to running complex, distributed microservices that require thousands of containers. ECS evaluates and monitors CPU and memory output to determine the optimal deployment for a container. AWS customers can also use the service to update containers or scale them up or down. AWS Elastic Load Balancing (AWS ELB), Elastic Block Store (AWS EBS) volumes and Identity and Access Management (AWS IAM) roles are also supported for further customization.
What is ECS used for?
Amazon ECS is best used with:
- Machine learning. Machine learning (ML) models can be easily containerized for training and inference with Amazon ECS. ML models can be created with loosely coupled, distributed services that can be placed on a variety of platforms or close to the data being analyzed by the application.
- Microservices. Amazon ECS assists in the operation of microservices applications by providing native integration to AWS and enabling continuous integration and continuous deployment (CI/CD) pipelines.
- VMs. The Amazon Elastic Compute Cloud (Amazon EC2) web service can create and operate Linux VMs in the cloud -- these VMs are called instances. Developers can specify rules for the isolated sets of EC2 instances that run on top of a host OS which increase computing performance and portability.
- Migrating apps to the cloud. Legacy enterprise applications can be feasibly containerized and migrated to Amazon ECS without necessitating any code changes. This is an expression of lift-and-shift application migration.
- Batch processing. Batch workloads can run with custom or managed schedulers on AWS On-Demand Instances, Reserved Instances or Spot Instances.
How Amazon Elastic Container Service works
With Amazon ECS, developers can pull the necessary Docker images and resources from Amazon Elastic Container Registry (ECR), or other repositories, to define their application. The ECS service then ingests container images and arranges or composes containers and resources into an application. Once all the appropriate containers are gathered and services implemented, the containers are deployed either on EC2 or AWS Fargate. Finally, Amazon ECS scales the application and continuously manages the availability of containers.
AWS account holders can integrate the ECS service with other Amazon Web Services, such as:
- AWS CloudTrail logs
- AWS Command Line Interface (AWS CLI)
- Amazon EC2
- AWS CloudFormation templates
- AWS SDKs
- AWS Tools for Windows PowerShell
- Amazon ECR
ECS launch types
Amazon ECS launches containers through Fargate or EC2.
Fargate. The Fargate launch type offers a serverless computing alternative that provisions, launches and runs containers without the need to manage the underlying infrastructure. Fargate is best for small, batch or highly scalable -- that is, burstable -- workloads with relatively short time-to-live (TTL) requirements.
EC2. The EC2 launch type is a more traditional deployment option. Users can provision and deploy EC2 instances to run containers while the service manages the related infrastructure and services. EC2 is well-suited for larger and more demanding workloads, applications that require persistent storage, applications that benefit from careful resource tuning or configuration and where direct management of the AWS infrastructure is desired.
Amazon Elastic Container Service features
Scheduling. Schedulers place containers over clusters according to the desired resources -- such as RAM or CPU -- and availability requirements. This feature can be used to schedule batch jobs and long-running applications or services.
Amazon ECS includes two schedulers to deploy containers based on computing needs or availability requirements. AWS Blox, an open source container orchestration tool, integrates with ECS to schedule containers. Long-running applications and batch jobs benefit from the use of schedulers for their responsiveness; ECS also supports third-party scheduling options.
Docker integration. Amazon ECS supports Docker, which enables AWS users to manage Docker containers across clusters of Amazon EC2 instances. Each EC2 instance in a cluster runs a Docker daemon that deploys and runs any application packaged as a container locally on Amazon ECS without the need to make any changes to the container.
Networking. Amazon ECS supports Docker networking, as well as integration with Amazon Virtual Private Cloud (Amazon VPC), to provide isolation for containers. This provides developers with control over how the containers interact with other services and external traffic. There are four networking modes available for the containers; each one supports different use cases. The modes include:
- Host mode. Adds containers directly to the host's network stack and exposes containers on the network that are not isolated.
- Task networking mode. Assigns every running Amazon ECS task a dedicated elastic networking interface which provides the containers with full networking features in Amazon VPC similar to EC2 instances.
- None mode. Deactivates external networking for containers.
- Bridge mode. Creates a Linux bridge to connect all containers operating on the host in a local virtual network and accessed through the host's default network connection.
Cluster management. Amazon ECS handles all of the cluster management processes for the developer. This typically involves installing, operating and scaling cluster management software, monitoring solutions and configuration management systems, as well as building the architecture and managing the availability and scalability of each system. With Amazon ECS, the developer simply launches a cluster of container instances and specifies the desired tasks to perform.
Task definitions. Users define tasks through a declarative JSON template called a Task Definition. The Task Definition lets developers specify which containers they need for their task, including memory and CPU requirements, Docker repository and images, and shared data volumes, and also choose how the containers connect to each other. Task Definition files also enables developers to version control their application specification.
Load balancing. Integration with AWS ELB lets developers to distribute traffic across containers. They can specify the Task Definition and ELB to use, and then the Amazon ECS scheduler automatically adds and removes containers using the ELB.
Repository support. Developers can use any third-party repository, accessible private Docker registry or Docker Hub with Amazon ECS as long as it is specified in the Task Definition.
Local development. The AWS CLI lets users simplify the local development experience and set up an Amazon ECS cluster and its related resources. The CLI also supports Docker Compose, an open source tool used to define and run multicontainer applications.
Programmatic control. Various simple APIs let developers integrate and extend the Amazon ECS service. With APIs, users can create or delete clusters, launch or destroy Docker containers and register or unregister tasks, as well as access detailed information about the state of the cluster and its instances. Developers can also use AWS CloudFormation to deliver Amazon ECS clusters, register Task Definitions and schedule containers.
Logging. Amazon CloudWatch Logs receives every container instance's ECS agent logs and Docker container logs for issue diagnosis. All Amazon ECS API calls can also be recorded and the log files will be delivered to the user through AWS CloudTrail.
Monitoring. Monitoring capabilities check the health of containers and clusters. Average and aggregate CPU can be supervised, as well as the memory utilization of running tasks grouped by Task Definition, service or cluster through Amazon CloudWatch. Furthermore, users can set CloudWatch alarms to alert developers whenever a container or cluster needs to be scaled up or down.
Container deployments. Whenever a new version of the application Task Definition is uploaded, the Amazon ECS scheduler automatically starts new containers using the updated image and disables any container running on the old version. Amazon ECS will also register and unregister the appropriate new and old containers from the AWS ELB.
Container auto-recovery. Amazon ECS service scheduler automatically recovers unhealthy containers. This ensures the necessary number of containers are constantly supporting the application.
Container security. EC2 instances reside in the Amazon VPC and a user can specify which instances are exposed to the internet. EC2 instances and ECS tasks also adhere to IAM roles, while security groups and network access control lists limit access to instances.
Benefits of Amazon Elastic Container Service
Amazon ECS is a beneficial choice for modern software teams that are smaller and cross-functional because it is simple and fast to set up and start running. Furthermore, since it is a fully managed platform from AWS, users do not have to worry about dealing with platform-related issues, and can instead focus on migrating their app.
Other benefits include:
- Improved security. Amazon ECR and ECS collaborate to provide optimal application security.
- Cost efficient. Amazon ECS lets developers schedule various containers on the same node, which achieves high density on Amazon EC2.
- Performance at scale. Amazon ECS can launch thousands of Docker containers in seconds without any additional complexity.
- Improved compatibility. The container-based pipeline helps eliminate any issues that may arise due to deployments functioning differently in various environments.
- Designed for collaboration. Integration of Amazon ECS with other AWS services, such as Amazon ECR and AWS ELB, provides users with a complete offering for running a variety of containerized applications and services.
- Manageable at any scale. With Amazon ECS, it is unnecessary to operate cluster management software and create fault-tolerant clusters. Since there is no software to install, scale or manage, developers can focus on building their container-based applications.
- Extensible. Amazon ECS offers total visibility and control of AWS resources, thus enabling it to be easily integrated or extended through APIs.
Amazon Elastic Container Service vs. Kubernetes
Amazon ECS competes with Kubernetes, Google's open source container orchestration system. While the container management tools and use cases differ, Kubernetes has the following features that ECS does not:
- deployable to non-AWS clouds and on-premises resources;
- storage options outside AWS; and
- contributions from the developer community, while not all ECS code is publicly available.
But Amazon ECS might be a simpler option for businesses that rely on AWS exclusively, or that want a container management platform with easy installation. As a native platform, ECS offers solid integration with other AWS services such as AWS ELB. Load balancer tools, resource monitoring, auto scaling and service management features are comparable between the two options.
Ultimately, the choice is not necessarily which service is better, but rather which implementation approach is best for the task at hand. Users can currently select from four different container management approaches, including:
- Kubernetes on EC2. Kubernetes is deployed in an EC2 instance.
- Amazon Elastic Kubernetes Service on EC2. EKS is used in an EC2 instance.
- Amazon ECS on EC2. ECS is used in an EC2 instance -- one of the two principal ECS launch types.
- AWS Fargate. Containers are launched using serverless technology -- the second of two principal ECS launch types.
Amazon Elastic Container Service pricing
There is no additional cost to AWS customers for using ECS. That said, users employing the EC2 launch type pay for EC2 instances and EBS volumes in the cluster plus any other billable AWS resources used in conjunction with the containerized application.
Users that choose the Fargate launch type pay for the memory and vCPU provided to the container for the duration of its operation -- rounded up to the nearest second. Amazon ECS on AWS Outposts obeys the same pricing rules as the Amazon EC2 launch type.