Amazon ECS Managed Instances FAQs

Amazon ECS Managed Instances is a fully managed compute option that eliminates infrastructure management overhead while providing access to a broad suite of EC2 capabilities including the flexibility to select instance types, access reserved capacity, and advanced security and observability configurations. By offloading operations to Amazon Web Services, ECS Managed Instances helps you get started quickly, reduce total cost of ownership, and free your teams to focus on building applications that drive innovation. Customers get the flexibility to select desired instance types for performance, including GPUs and network-optimized EC2 instances, while Amazon Web Services handles instance configuration, capacity provisioning, workload placement, patching, scaling, and maintenance. ECS Managed Instances strengthens security with advanced security and observability tooling, giving customers confidence in how their applications are deployed. With deep integration across Amazon Web Services native services for storage, networking, and monitoring, ECS Managed Instances empowers customers to run reliable operations at any scale.

Amazon ECS Managed Instances is available for new and existing ECS clusters in the following Amazon Web Services regions: cn-north-1 and cn-northwest-1. To get started with ECS Managed Instances, use the Amazon Web Services Console, or your favorite infrastructure-as-code tooling to enable it in a new or existing Amazon ECS cluster.

Amazon ECS Managed Instances automatically provisions, configures, and manages EC2 instances to run your containerized applications. When you deploy tasks, the service selects appropriate instance types based on your requirements or, if you require specific compute, you can choose your desired EC2 instances, including accelerator-based instances. It launches instances with Amazon Web Services security best practices and places your tasks optimally across the infrastructure. Amazon Web Services handles all instance lifecycle management including security patching, maintenance, and automatic instance refresh every 14 days. The service continuously monitors your applications and optimizes the underlying infrastructure to meet their needs while maintaining high availability and cost efficiency.

With Amazon ECS Managed Instances, Amazon Web Services expands its responsibility beyond just the ECS control plane to include managing the underlying compute infrastructure. Amazon Web Services handles instance provisioning, security patching, OS updates, instance configuration, lifecycle management, and automatic instance refresh. The managed instances are preconfigured with Amazon Web Services security best practices and automatically updated with the latest security patches. Additionally, these instances are secured by restricting SSH access, Amazon SSM, modifying the instance IAM role, modifying the root volume, or attaching additional network interfaces.

Amazon ECS Managed Instances shares the same operational benefits as Amazon Fargate - both have Amazon Web Services -managed operating systems. However, Managed Instances provides additional benefits including guaranteed performance, access to accelerated, burstable, and high-bandwidth instances, plus privileged containers with Linux capabilities. Unlike Amazon Web Services Fargate, with Amazon ECS Managed Instances the underlying compute lives in the customers’ Amazon Web Services account, and the customer is billed for EC2 instance price and an additional management fee per instance, not per task. Find more details here.

Amazon ECS Managed Instances enhances security through Amazon Web Services - managed infrastructure and automation. Amazon Web Services handles security patching, instance maintenance, and lifecycle management automatically. It enhances your security posture through regular security patching initiated every 14 days. You can use EC2 event windows to schedule patching to occur within weekly maintenance windows, minimizing the risk of interruptions during critical hours.

Amazon ECS Managed Instances provides several cost optimization features. Customers can use familiar EC2 purchase options, such as Reserved Instances or Savings Plans to optimize cost of instances. ECS Managed Instances optimizes resource efficiency by binpacking multiple tasks on each instance, selecting appropriate instance types based on workload requirements, and continuously monitoring usage to consolidate tasks and drain underutilized instances.

Amazon ECS Managed Instances supports two networking modes: Amazon vpc mode where each task gets its own elastic network interface (ENI) with a private IPv4 address; and host mode where tasks share the network namespace with the host EC2 instance. The Amazon vpc mode is recommended for most use cases as it provides better security isolation and simplified networking configuration.

Yes, the managed EC2 instances are visible in your Amazon Web Services account through the EC2 console and APIs. However, because these instances are managed by Amazon Web Services, certain actions are restricted to maintain Amazon Web Services’s ability to manage them effectively. You can customize instance selection through the instance attributes fields in the ECS capacity provider, including accelerator instance types for machine learning and high-performance computing applications.

Yes, Amazon ECS Managed Instances supports privileged Linux capabilities, including CAP_NET_ADMIN for network operations, CAP_SYS_ADMIN for system administration, and CAP_BPF for Berkeley Packet Filter programs. This enables advanced monitoring, observability, and security solutions that require elevated privileges. 

Amazon ECS Managed Instances provides visibility through Amazon CloudWatch Metrics and Amazon CloudWatch Container Insights. Additionally, Amazon ECS lifecycle events are sent to Amazon EventBridge where they can be captured and forwarded to CloudWatch Logs. Finally, Amazon ECS integrates with Amazon CloudTrail for API call logging, provides detailed auditable information. 

You will be charged for the management of compute provisioned, in addition to your regular Amazon EC2 costs. See detailed pricing information on the pricing page.