Amazon ECS is a container orchestration platform that AWS offers. It is simple to use and manage, uses Docker behind the scenes, and can deploy your workloads to Amazon EC2, a virtual machine (VM)-based solution, or AWS Fargate, a serverless offering.
It is a highly scalable solution that deploys containers in seconds. It makes hosting, running, stopping, and starting your containers easy. Just as Kubernetes offers pods, ECS offers tasks that help you run your container workloads. A task can contain one or more containers grouped according to a logical relationship. You can also group one or more tasks into services . Services are similar to Kubernetes controllers, which manage tasks and can ensure that the required number of replicas of your tasks are running in the right place at the right time. ECS uses simple API calls to provide many functionalities, such as creating, updating, reading, and deleting tasks and services.
ECS also allows you to place your containers according to multiple placement strategies while keeping high availability (HA) and resource optimization in mind. You can tweak the placement algorithm according to your priority—cost, availability, or a mix of both. So, you can use ECS to run one-time batch workloads or long-running microservices, all using a simple-to-use API interface.
ECS architecture
Before we explore the ECS architecture, it is important to understand some common AWS terminologies to follow it. Let’s look at some AWS resources:
- AWS Regions: An AWS Region is a geographical region where AWS provides its services. It is normally a city or a metropolitan region but can sometimes span multiple cities. It comprises multiple Availability Zones (AZs). Some examples of AWS Regions are us-east-1, us-west-1, ap-southeast-1, eu-central-1, and so on.
- AWS AZs: AWS AZs are data centers within an AWS Region connected with low-latency, high-bandwidth networks. Most resources run within AZs. Examples of AZs are us-east-1a, us-east-1b, and so on.
- AWS virtual private cloud (VPC): An AWS VPC is an isolated network resource you create within AWS. You associate a dedicated private IP address range to it from which the rest of your resources, such as EC2 instances, can derive their IP addresses. An AWS VPC spans an AWS Region.
- Subnet: A subnet, as the name suggests, is a subnetwork within the VPC. You must subdivide the IP address ranges you provided to the VPC and associate them with subnets. Resources normally reside within subnets, and each subnet spans an AZ.
- Containers as a Service (CaaS) and Serverless Computing for Containers
- Route table: An AWS route table routes traffic within the VPC subnets and to the internet. Every AWS subnet is associated with a route table through subnet route table associations.
- Internet gateways: An internet gateway allows connection to and from the internet to your AWS subnets.
- Identity Access Management (IAM): AWS IAM helps you control access to resources by users and other AWS resources. They help you implement role-based access control (RBAC) and the principle of least privilege (PoLP).
- Amazon EC2: EC2 allows you to spin up VMs within subnets, also known as instances.
- AWS Auto Scaling groups (ASGs): An AWS ASG works with Amazon EC2 to provide HA and scalability to your instances. It monitors your EC2 instances and ensures that a defined number of healthy instances are always running. It also takes care of autoscaling your instances with increasing load in your machines to allow for handling more traffic. It uses theinstance profile and launch configuration to decide on the properties of new EC2 instances it spins up.
- Amazon CloudWatch: Amazon CloudWatch is a monitoring and observability service. It allows you to collect, track, and monitor metrics, log files, and set alarms to take automated actions on specific conditions. CloudWatch helps understand application performance, health, and resource utilization.
