Graduate Program KB

Section 13 - Containers on AWS

Docker

  • A software development platform to deploy apps
  • Apps are packaged in containers that can run on any OS
    • No compatibility issues, predictable behavior, less work, easier to maintain and deploy
  • Docker images are stored in Docker Repositories
    • Docker Hub: Public repository, can find base images for many technologies
    • Amazon ECR: Private repository, Amazon ECR Public Gallery is a public repository

Docker Containers Management on AWS

  • Amazon ECS: Amazon's own container platform
  • Amazon EKS: Amazon's managed Kubernetes (open source)
  • AWS Fargate: Amazon's own Serverless container platform, works with ECS and EKS
  • Amazon ECR: Store container images

ECS - EC2 Launch Type

  • Must provision and maintain the EC2 instance infrastructure
  • Each instance runs the ECS agent to register in the ECS cluster
  • AWS manages starting and stopping of containers

ECS - Fargate Launch Type

  • Don't need to provision infrastructure, all managed by AWS
  • Just need to create task definitions, scaling is based on the number of tasks (not EC2 instances)

ECS - IAM Roles For ECS

  • EC2 Instance Profile (EC2 Launch Type only)
    • Used by ECS agent
    • Makes API calls to ECS service
    • Send container logs to CloudWatch
    • Pull Docker image from ECR
    • Reference sensitive data in Secrets Manager or SSM Parameter Store
  • ECS Task Role
    • Allows each task to have a specific role
    • Use different roles for different ECS Services you run
    • Task Role is defined in the task definition

ECS - Load Balancer Integrations

  • Application Load Balancer is supported and works for most use cases
  • Network Load Balancer is recommended for high throughput / high performance use cases or to pair with AWS Private Link
  • Classic Load Balancer is supported but not recommended

ECS - Data Volumes (EFS)

  • Mount EFS file systems onto ECS tasks
  • Works for both EC2 and Fargate launch types
  • Tasks running in any AZ will share same data in the EFS file system
  • Fargate + EFS = Serverless
  • Useful for persistent multi-AZ shared storage for containers
  • NOTE: S3 can't be mounted as a file system

ECS Auto Scaling

  • Automatically increase/decrease the desired number of ECS tasks
  • ECS Auto Scaling uses AWS Application Auto Scaling
  • Target Tracking: Scale based on target value for a specific CloudWatch metric
  • Step Scaling: Scale based on a specified CloudWatch Alarm
  • Scheduled Scaling: SCale based on a specified date/time

EC2 Launch Type - Auto Scaling EC2 Instances

  • Accommodate ECS Service Scaling by adding underlying EC2 instances
  • ASG Scaling based on CPU Utilization
  • ECS Cluster Capacity Provider
    • Automatically provision and scale infrastructure for ECS Tasks
    • Capacity provider paired with ASG

ECR

  • Store and manage Docker images on AWS
  • Fully integrated with ECS, backed by S3
  • Access controlled via IAM
  • Supports image vulnerability scanning, versioning, image tags, image lifecycle, etc.

EKS

  • Launch managed Kubernetes clusters on AWS
  • An open source system for automatic deployment, scaling and management of containerized applications
    • An alternative to ECS but different API
  • EKS supports EC2 for deploying worker nodes or Fargate to deploy serverless containers
  • Useful if your company is using Kubernetes on-premises or in another cloud and wants to migrate to AWS using Kubernetes
    • Kubernetes is cloud-agnostic, meaning it can be used in any cloud (ex. Azure)
  • For multi-region deployment, deploy one EKS cluster in each region
  • Use CloudWatch Container Insights to collect logs and metrics

EKS Node Types

  • Managed Node Groups
    • Creates and manages nodes (EC2 instances) for you
    • Nodes are part of an ASG managed by EKS
    • Supports On-Demand or Spot Instances
  • Self-Managed Nodes
    • You create nodes and register them to the EKS cluster which are managed by an ASG
    • Can use prebuilt AMI - Amazon EKS Optimized AMI
    • Supports On-Demand or Spot Instances
  • AWS Fargate
    • No nodes need to be managed

EKS Data Volumes

  • Specify StorageClass manifest for EKS cluster
  • Leverages a Container Storage Interface compliant driver
  • Supports EBS, EFS, FSx for Lustre and FSx for NetApp ONTAP

AWS App Runner

  • Fully managed service for easy web app deployment and APIs at scale
  • Automatically builds and deploys from source code or container image
  • Automatic scaling, highly available, load balancing and encryption
  • VPC access support
  • Can connect to database, cache and use message queue services
  • Useful for web apps, APIs, microservices and rapid deployments

AWS App2Container

  • CLI tool for migrating and modernizing Java and .NET web apps into Docker containers
  • Lift-and-shift apps running on-premises, VMs or in other clouds to AWS
  • Generates CloudFormation templates
  • Register generated Docker containers to ECR
  • Deploy to ECS, EKS or App Runner
  • Supports pre-built CI/CD pipelines