Amazon ECS - Comprehensive Guide
🐳 Tổng quan về ECS
ECS là gì?
- Elastic Container Service: Fully managed container orchestration
- Docker support: Native Docker container support
- Serverless option: AWS Fargate - no EC2 management
- High performance: Optimized for AWS infrastructure
- Cost effective: Pay only for resources used
🏗️ ECS Architecture
Core Components
ECS Cluster
├── Services
│ ├── Task Definition (blueprint)
│ ├── Tasks (running instances)
│ └── Load Balancer Integration
├── Capacity Providers
│ ├── EC2 Instances
│ └── Fargate (serverless)
└── Networking
├── VPC Integration
└── Security Groups
Launch Types
EC2 Launch Type:
- Manage EC2 instances yourself
- More control over infrastructure
- Lower cost for steady workloads
- Custom AMIs và instance types
Fargate Launch Type:
- Serverless containers
- No EC2 management
- Pay per task
- Better for variable workloads
📋 Task Definitions
Task Definition Structure
{
"family": "my-app",
"networkMode": "awsvpc",
"requiresCompatibilities": ["FARGATE"],
"cpu": "256",
"memory": "512",
"executionRoleArn": "arn:aws:iam::account:role/ecsTaskExecutionRole",
"taskRoleArn": "arn:aws:iam::account:role/ecsTaskRole",
"containerDefinitions": [
{
"name": "web-server",
"image": "nginx:latest",
"memory": 256,
"portMappings": [
{
"containerPort": 80,
"protocol": "tcp"
}
],
"environment": [
{
"name": "ENV",
"value": "production"
}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/aws/ecs/my-app",
"awslogs-region": "us-east-1"
}
}
}
]
}
Resource Requirements
CPU & Memory:
EC2: Share host resources
Fargate: Dedicated resources
CPU Units:
- 256 (.25 vCPU)
- 512 (.5 vCPU)
- 1024 (1 vCPU)
- 2048 (2 vCPU)
- 4096 (4 vCPU)
Memory:
- 512 MB to 30 GB
- Must be compatible with CPU
🚀 ECS Services
Service Configuration
ECS Service:
Purpose: Maintain desired number of tasks
Features:
- Auto replacement of failed tasks
- Load balancer integration
- Auto scaling capabilities
- Rolling deployments
Deployment Types:
Rolling Update: Replace tasks gradually
Blue/Green: CodeDeploy integration
External: Custom deployment controller
Service Auto Scaling
{
"serviceName": "my-web-service",
"scalableDimension": "ecs:service:DesiredCount",
"minCapacity": 2,
"maxCapacity": 10,
"targetTrackingScalingPolicies": [
{
"targetValue": 70.0,
"predefinedMetricSpecification": {
"predefinedMetricType": "ECSServiceAverageCPUUtilization"
}
}
]
}
🔗 Networking Modes
Network Modes
awsvpc (Recommended):
- Each task gets own ENI
- Security groups at task level
- Required for Fargate
- Full VPC networking features
bridge:
- Default for EC2
- Shared network namespace
- Port mapping required
- Legacy mode
host:
- Direct host networking
- No port mapping
- Higher performance
- Less isolation
Load Balancer Integration
Application Load Balancer:
- Layer 7 load balancing
- Path-based routing
- Health checks
- Target groups integration
Network Load Balancer:
- Layer 4 load balancing
- Ultra-high performance
- Static IP addresses
- Preserve source IP
Classic Load Balancer:
- Legacy option
- Not recommended for new deployments
📊 Monitoring & Logging
CloudWatch Integration
ECS Metrics:
Cluster Level:
- CPUUtilization
- MemoryUtilization
- ActiveServicesCount
- RunningTasksCount
Service Level:
- CPUUtilization
- MemoryUtilization
- DesiredCount
- RunningCount
- PendingCount
Container Insights
Container Insights:
Automatic collection of:
- Performance metrics
- Resource utilization
- Container maps
- Detailed dashboards
Cost: Additional charges for metrics
Value: Deep container visibility
🔒 Security Best Practices
IAM Roles
Task Execution Role:
Purpose: ECS agent permissions
Permissions:
- Pull images from ECR
- Write logs to CloudWatch
- Access Secrets Manager/Parameter Store
Task Role:
Purpose: Application permissions
Permissions:
- S3 access
- DynamoDB operations
- Other AWS service access
Secrets Management
{
"secrets": [
{
"name": "DB_PASSWORD",
"valueFrom": "arn:aws:secretsmanager:region:account:secret:db-password"
}
],
"environment": [
{
"name": "DB_HOST",
"value": "database.example.com"
}
]
}
💰 Cost Optimization
Fargate vs EC2 Cost Comparison
Fargate:
Pricing: Per vCPU-hour và GB-hour
Benefits: No infrastructure management
Best for: Variable workloads, microservices
EC2:
Pricing: Instance hours
Benefits: Lower cost for steady workloads
Best for: Predictable workloads, custom requirements
Spot Integration:
EC2: Spot instances in cluster
Fargate: Fargate Spot (70% savings)
Resource Right-sizing
CPU Optimization:
- Monitor CPU utilization
- Right-size based on actual usage
- Use bursting capabilities when available
Memory Optimization:
- Track memory metrics
- Avoid over-provisioning
- Consider memory-optimized instances
🔄 CI/CD Integration
CodeDeploy Blue/Green
Blue/Green Deployment:
Benefits:
- Zero-downtime deployments
- Easy rollback
- Traffic shifting control
Configuration:
- Two target groups
- Gradual traffic shift
- Health check validation
- Automatic rollback on failure
CodePipeline Integration
Pipeline Stages:
1. Source: CodeCommit/GitHub
2. Build: CodeBuild (Docker image)
3. Deploy: CodeDeploy (ECS service)
Triggers:
- Git commits
- Scheduled builds
- Manual triggers
🧪 Best Practices
Container Design
Single Responsibility:
- One process per container
- Microservices architecture
- Clear separation of concerns
Health Checks:
- Application health endpoints
- ELB health checks
- Custom health check logic
Logging:
- Structured logging
- Log to stdout/stderr
- Centralized log aggregation
Performance Optimization
Image Optimization:
- Multi-stage builds
- Minimal base images
- Layer caching
- Regular vulnerability scanning
Startup Time:
- Optimize application startup
- Pre-warm connections
- Lazy loading strategies
📝 Exam Tips cho AWS SAA
Key Concepts
- Fargate vs EC2: Serverless vs managed infrastructure
- Task definitions: Blueprint for containers
- Services: Maintain desired task count
- Auto scaling: CPU/memory based scaling
Common Scenarios
- Microservices: Fargate for variable workloads
- Batch processing: EC2 with Spot instances
- Web applications: ALB + ECS service
- Background jobs: Scheduled tasks
📖 Tóm tắt
ECS cung cấp powerful container orchestration với: - Flexible deployment options (Fargate vs EC2) - Deep AWS integration với load balancers, networking - Comprehensive monitoring và logging capabilities - Cost optimization options cho different workloads - Enterprise-grade security features
ECS là excellent choice cho containerized workloads trong AWS environment.