Docker Containers Management on AWS

Day7

Docker Containers Management on AWS
Play this article

Amazon Elastic Container Service (Amazon ECS)

Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service that Amazon Web Services (AWS) provides. It helps you deploy, manage, and scale containerized applications using Docker containers. With ECS, you can efficiently run and manage containerized applications at scale without having to worry about the underlying infrastructure.

Key features of Amazon ECS include:

  1. Container Management: ECS allows you to create, launch, and manage Docker containers as tasks within a cluster. A task is a logical grouping of one or more containers that are deployed together on the same instance.

  2. Scalability: You can scale your applications up or down by adjusting the number of tasks in a service or using the built-in Auto Scaling features of ECS.

  3. Load Balancing: ECS integrates with Elastic Load Balancing to distribute incoming traffic across the tasks in a service.

  4. Service Discovery: ECS supports service discovery, making it easier for applications to find and communicate with each other using DNS-based service names.

  5. Task Definitions: Task definitions are used to define how containers should run within a task. They include information about the Docker images to use, the resources allocated to each container, networking settings, and more.

  6. Task Scheduling: ECS allows you to schedule tasks based on resource requirements, placement constraints, and placement strategies.

  7. Integration with AWS Services: ECS integrates with other AWS services like Amazon VPC for networking, AWS IAM for authentication and authorization, Amazon CloudWatch for monitoring, and AWS CloudFormation for infrastructure as code.

  8. Fargate: ECS offers an option called Amazon Fargate, which allows you to run containers without managing the underlying EC2 instances. With Fargate, you only focus on defining your tasks and ECS handles the infrastructure for you.

  9. CLI and SDKs: Amazon ECS provides a command-line interface (CLI) and software development kits (SDKs) in various programming languages for easier management and automation.

  10. Multi-tenancy: You can run multiple applications and services on the same cluster while isolating resources using task and service definitions.

Amazon Elastic Kubernetes Service (Amazon EKS)

Amazon Elastic Kubernetes Service (Amazon EKS) is a managed Kubernetes service that Amazon Web Services (AWS) provides. It enables you to deploy, manage, and scale containerized applications using Kubernetes, an open-source container orchestration platform. With Amazon EKS, you can run Kubernetes clusters without the operational overhead of managing the underlying infrastructure.

Key features of Amazon EKS include:

  1. Managed Kubernetes Control Plane: EKS takes care of provisioning and managing the Kubernetes control plane, including the master nodes, etcd clusters, and API servers.

  2. Auto Scaling and High Availability: EKS provides built-in capabilities for auto-scaling your worker nodes based on demand and ensuring high availability of your applications.

  3. Container Orchestration: EKS allows you to deploy and manage containerized applications using Kubernetes' powerful orchestration capabilities, including workload scaling, rolling updates, and load balancing.

  4. Integration with AWS Services: EKS integrates with various AWS services, including Amazon VPC for networking, AWS IAM for authentication and authorization, Amazon CloudWatch for monitoring, and more.

  5. Security: EKS offers features like Amazon VPC isolation, IAM integration, and network policies to enhance the security of your Kubernetes clusters and applications.

  6. Multi-AZ Deployment: EKS supports running Kubernetes clusters across multiple availability zones for increased availability and fault tolerance.

  7. Updates and Patches: EKS manages the Kubernetes control plane updates and patches, allowing you to focus on your applications rather than managing Kubernetes upgrades.

  8. Fargate Integration: Similar to Amazon ECS, EKS also offers integration with Amazon Fargate, allowing you to run Kubernetes pods without the need to manage the underlying EC2 instances.

  9. Managed Node Groups: EKS provides managed node groups, which simplify the process of launching and managing worker nodes within your Kubernetes clusters.

  10. CLI and SDKs: Amazon EKS provides a command-line interface (CLI) and software development kits (SDKs) in various programming languages for managing and interacting with your Kubernetes clusters.

Amazon Elastic Container Registry (Amazon ECR)

Amazon Elastic Container Registry (Amazon ECR) is a fully managed Docker container registry provided by Amazon Web Services (AWS). It serves as a secure and scalable repository for storing, managing, and deploying Docker container images. ECR is tightly integrated with other AWS services, making it a convenient choice for organizations using containers and AWS for their application deployments.

Key features of Amazon ECR include:

  1. Private Container Registry: ECR provides a private repository for your container images, ensuring that your images are securely stored and accessible only to authorized users.

  2. Integration with Amazon ECS and EKS: ECR seamlessly integrates with Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS), allowing you to easily deploy containerized applications using the images stored in ECR.

  3. Permissions and Authentication: ECR integrates with AWS Identity and Access Management (IAM) for access control. You can manage permissions to your repositories, allowing specific users or services to push, pull, and manage images.

  4. Scalability and Performance: ECR is designed for scalability and high availability, ensuring that you can store and retrieve container images quickly and reliably.

  5. Image Lifecycle Policies: You can define lifecycle policies for your ECR repositories, which automate actions such as image deletion based on criteria like image age or count.

  6. Image Encryption: ECR supports encryption at rest using AWS Key Management Service (KMS), ensuring that your container images are stored securely.

  7. Docker CLI Compatibility: ECR is compatible with the Docker command-line interface (CLI) and ecosystem, allowing you to easily push and pull images using familiar commands.

  8. Cross-Region Replication: You can set up cross-region replication for your ECR repositories, which helps in distributing container images across multiple regions for improved availability and performance.

  9. Image Vulnerability Scanning: ECR integrates with third-party security tools to perform vulnerability scanning on your container images, helping you identify and address security risks.

  10. Container Image Signing: ECR supports image signing using digital signatures, which adds an extra layer of security by verifying the authenticity and integrity of images.

Amazon ECS - EC2 Launch Type

  • ECS = Elastic Container Service

  • Launch Docker containers on AWS = Launch ECS Tasks on ECS Clusters

  • EC2 Launch Type: you must provision & maintain the infrastructure (the EC2 instances)

  • Each EC2 Instance must run the ECS Agent to register in the ECS Cluster

  • AWS takes care of starting/stopping containers

Amazon ECS – Fargate Launch Type

  • Launch Docker containers on AWS

  • You do not provision the infrastructure (no EC2 instances to manage)

  • It’s all Serverless!

  • You just create task definitions

  • AWS just runs ECS Tasks for you based on the CPU / RAM you need

  • To scale, just increase the number of tasks. Simple - no more EC2 instances

How to Create the ECS Cluster-Lab

Step 1:

  1. Login Into the Aws console

    Click here

  2. Click on Create Cluster

  3. Under Cluster configuration, for Cluster name, enter a unique name.

  4. Leave everything as default and click on create

Step 2: Create a task definition

  1. choose Task Definitions.

  2. Choose Create new Task Definition, Create new revision with JSON.

Copy and paste the following example task definition into the box and then choose Create.

{
    "family": "sample-fargate", 
    "networkMode": "awsvpc", 
    "containerDefinitions": [
        {
            "name": "fargate-app", 
            "image": "public.ecr.aws/docker/library/httpd:latest", 
            "portMappings": [
                {
                    "containerPort": 80, 
                    "hostPort": 80, 
                    "protocol": "tcp"
                }
            ], 
            "essential": true, 
            "entryPoint": [
                "sh",
        "-c"
            ], 
            "command": [
                "/bin/sh -c \"echo '<html> <head> <title>Amazon ECS Sample App</title> <style>body {margin-top: 40px; background-color: #333;} </style> </head><body> <div style=color:white;text-align:center> <h1>Amazon ECS Sample App</h1> <h2>Congratulations!</h2> <p>Your application is now running on a container in Amazon ECS.</p> </div></body></html>' >  /usr/local/apache2/htdocs/index.html && httpd-foreground\""
            ]
        }
    ], 
    "requiresCompatibilities": [
        "FARGATE"
    ], 
    "cpu": "256", 
    "memory": "512"
}

Step 3: Create the service

  • Choose Clusters, and then select the cluster you created in Step 1.

  • choose the service and click to create

  • Under Deployment configuration, specify how your application is deployed.

    1. For Task definition, choose the task definition you created in Step 2

    2. For the Service name, enter a name for your service.

    3. For Desired tasks, enter 1.

  • Under Networking, you can create a new security group or choose an existing security group for your task. Ensure that the security group you use has the inbound rule listed and must have port 80 open for inbound traffic. Add the following inbound rule to your security group.

    • Type: HTTP

    • Protocol: TCP

    • Port range: 80

    • Source: Anywhere (0.0.0.0/0)

Step 4: View your service

  1. choose Clusters.

  2. In the Services tab, under Service name, choose the service you created.

  3. choose Open address. The screenshot below is the expected output.

Thank you! Happy Learning

Did you find this article valuable?

Support awscloudlab by becoming a sponsor. Any amount is appreciated!