Amazon Elastic Container Service (ECS) allows you to easily run and manage Docker-enabled applications across a cluster of Amazon EC2 instances. Applications packaged as containers locally will deploy and run in the same way as containers managed by Amazon ECS.
Amazon ECS eliminates the need to install, operate, and scale your own cluster management infrastructure, and allows you to schedule Docker-enabled applications across your cluster based on your resource needs and availability requirements.
Amazon ECS enables you to grow from a single container to thousands of containers across hundreds of instances without any additional complexity in how you run your application. You can run anything: applications, batch jobs, or microservices. Amazon ECS abstracts away all the complexity of the infrastructure so you can focus on designing, building, and running container-based applications.
With Amazon ECS, you have complete visibility and control of your cluster from creating and terminating Docker containers to viewing detailed cluster state information. You can integrate and use your own container scheduler or connect Elastic Container Service into your existing software delivery process (e.g., continuous integration and delivery systems).
Amazon ECS supports Docker and enables you to run and manage Docker containers across a cluster of Amazon EC2 instances. Each EC2 instance in a cluster managed by Amazon ECS runs a Docker daemon, so whatever application you package as a container locally will deploy and run on Amazon ECS without the need for any configuration changes.
Running your own container management infrastructure usually involves installing, operating, and scaling cluster management software, configuration management systems, and monitoring solutions. Architecting and managing the availability and scalability of these systems is difficult. Amazon ECS removes the complexity of container management. With Amazon ECS, all you need to do is launch a cluster of Container Instances and specify the tasks you want to run; Amazon ECS handles all the cluster management for you.
Amazon ECS allows you to define tasks through a declarative JSON template called a Task Definition. Within a Task Definition you can specify one or more containers required for your task, including the Docker repository and image, memory and CPU requirements, shared data volumes, and how the containers are linked to each other. You can launch as many tasks as you want from a single Task Definition file that you can register with the service. Task Definition files also allow you to version control your application specification.
Amazon ECS provides you with a set of simple APIs to allow you to integrate and extend the service. The APIs allow you to create and delete clusters, register and deregister tasks, launch and terminate Docker containers, and provide detailed information about the state of your cluster and its instances. You can also use AWS CloudFormation to provision Amazon ECS clusters, register Task Definitions, and schedule containers.
Amazon ECS includes schedulers that place containers across your clusters based on your resource needs (e.g., CPU or RAM) and availability requirements. Using the available schedulers, you can schedule long-running applications and services as well as batch jobs.
Amazon ECS is a shared state, optimistic concurrency system that presents the full state of the cluster to all schedulers. You can develop your own schedulers or integrate third-party schedulers by using the Amazon ECS APIs or Blox, a collection of open source projects for container management and orchestration. Visit the Blox GitHub page to learn more.
The Amazon ECS service scheduler will automatically recover unhealthy containers to ensure you have the desired number of containers supporting your application.
Amazon ECS allows you to easily update your containers to new versions. You can upload a new version of your application Task Definition, and the Amazon ECS scheduler will automatically start new containers using the updated image and stop containers running the previous version. Amazon ECS will automatically register and deregister your containers from the associated ELB.
Amazon ECS supports Docker networking and integrates with Amazon VPC to provide isolation for containers. This gives you control over how containers connect with other services and external traffic. With Amazon ECS, you can choose between four networking modes for your containers that cater towards different use cases:
- Task Networking/awsvpc - This mode assigns each running ECS task a dedicated elastic networking interface, allowing containers full networking features in a VPC, just like EC2 instances.
- Bridge - This mode creates a Linux bridge that connects all containers running on the host in a local virtual network, which can be accessed through the host's default network connection.
- Host - This mode adds containers directly to the host’s network stack, exposing containers on the host's network with no isolation.
- None - This mode disables external networking for containers.
Amazon ECS is integrated with Amazon Elastic Load Balancer (ELB), allowing you to distribute traffic across your containers. You specify the Task Definition and the ELB to use, and the Amazon ECS service scheduler will automatically add and remove containers with the ELB. You can specify a dynamic port in the Task Definition, which gives your container an unused port when it is scheduled on an EC2 instance. You can also use path-based routing to share an ELB with multiple services.
The Amazon ECS CLI allows you to simplify your local development experience as well as easily set up an Amazon ECS cluster and its associated resources (e.g., EC2 instance). The Amazon ECS CLI supports Docker Compose, an open-source tool for defining and running multi-container applications. You can apply the same Compose definition used to define a multi-container application on your development machine as well as in production. The Amazon ECS CLI is open-source and available for download here.
Amazon ECS provides monitoring capabilities for your containers and clusters. You can monitor average and aggregate CPU and memory utilization of running tasks as grouped by Task Definition, Service, or Cluster through Amazon CloudWatch. You can also set CloudWatch alarms to alert you when your containers or clusters need to scale up or down.
You can send each container instance's ECS agent logs and Docker container logs to Amazon CloudWatch Logs to simplify issue diagnosis. You can also record all your Amazon ECS API calls and have the log files delivered to you through AWS CloudTrail. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by Amazon ECS. CloudTrail provides you a history of API calls made from the Amazon ECS Management Console, AWS SDKs, and AWS CLI and enables security analysis, resource change tracking, and compliance auditing.
Amazon ECS can be used with any third party or accessible private Docker registry, or Docker Hub, a hosted Docker image repository. All you need to do is specify the repository in your Task Definition and Amazon ECS will retrieve the appropriate images for your applications.
Amazon ECS allows you to specify an IAM role for each ECS task. This allows the ECS container instances to have a minimal role, respecting the ‘Least Privilege’ access policy and allowing you to manage the instance role and the task role separately. You will also gain visibility as to which task is using which role, tracked in the CloudTrail logs.