4. What are containers?
A container is an atomic, self-contained package of software that
includes everything it needs to run (code, runtime, libraries,
packages, etc.).
A popular, widely-used container platform is Docker. More on that
here: https://www.docker.com
5. Let’s talk container basics
Docker pull
Docker build
Docker run
Docker tag
Docker push
6. Why are containers so popular?
• Portable
• Lightweight
• Standardized
• Easy to deploy
• Along with containers, comes the “monolith to microservices” story:
containers and microservices go hand in hand (more on that in a second)
7. OK, so what are microservices?
”Service oriented architecture
composed of loosely coupled elements
that have bounded contexts.”
- Adrian Cockroft
8. Why do containers and microservices go
together?
• One job, one service à container
• Can deploy and scale containers independently
• This means that a high traffic service, like a messaging service, might need
to be scaled frequently, but a low traffic service, like an internal
dashboard, doesn’t need to be scaled at the same time
10. Managing many containers is hard
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
15. ECS
Easiest way to deploy and manage
containers
Integration with entire AWS platform
ALB, Auto Scaling, Batch, Elastic Beanstalk,
CloudFormation, CloudTrail, CloudWatch Events,
CloudWatch Logs, CloudWatch Metrics, ECR, EC2 Spot,
IAM, NLB, Parameter Store, and VPC
Scales to support clusters of any size
Service integrations (like ALB and NLB) are at
container level
1
2
3
16. EKS
Managed Kubernetes on AWS
Highly available Automated
version upgrades
Integration with
other AWS
services
Etcd
Master
Managed
Kubernetes
control plane
CloudTrail, CloudWatch,
ELB, IAM, VPC, PrivateLink
20. So how do you know which one is right for you?
21. Fargate vs EC2 mode
• Depends on your workload.
• For Fargate: if you have a Task Definition, and you’re ok with awsvpc
networking mode, try Fargate. Some caveats: can’t exec into the
container, or access the underlying host (this is also a good thing)
• For EC2 mode: good if you need to customize!
27. ECS: can be totally managed, or can customize resource usage, networking, task placement
etc. to fit your application needs. Shared responsibility with AWS (because managed service).
ecs-agent is open source. Easy integration with other AWS services.
EKS: managed, upstream Kubernetes. Can connect to clusters through kubectl and use
existing tooling. Can opt in to managed version upgrades. Add resources to your cluster
through EC2 (now), or with Fargate mode (2018).
Fargate: underlying technology for containers on demand. Pass a Task Definition or
Kubernetes Pod, set resource limits, and Fargate manages everything else. NO access to
underlying host, no managing of resources. Great if you don’t want to handle scaling,
orchestration, deployments, upgrades yourself. Not for those of you that are making changes
to your infrastructure (i.e., bringing custom AMIs, or installing things through EC2 user-data)
tl;dr
31. How does ECS map to traditional workloads?
Instances: standard EC2 boxes. Once registered to a Cluster, your
Tasks run here
Services: layer that manages and places tasks
Tasks: container wrapper and configuration around processes
running on the instance
32. What does that mean?
• In EC2 mode, you’re responsible for configuring all three of those pieces:
instances, services, and tasks.
• Instances are configured through the ecs-optimized AMI (or your own
AMI), and/or you can configure with EC2 user-data
• Services and Tasks (and containers) are all configured through the ECS
API, which you can either access directly, or go through the CLI. Tasks are
defined through Task Definitions, and Containers are defined through
Container Definitions.
36. Primitives are shared with ECS
• Use the same primitives, and integrations as EC2 launch-type ECS tasks:
• VPC
• IAM
• CloudWatch
37. How do I know when to use Fargate vs EC2
mode?
• Depends on your workload.
• For Fargate: if you have a Task Definition, and you’re ok with awsvpc
networking mode, try Fargate. Some caveats: can’t exec into the
container, or access the underlying host (this is also a good thing)
• For EC2 mode: good if you need to customize!
39. Resource configuration with ECS
• Choose your own instance type, with any combination of resources
• Controlled through the Service ASG launch configuration, like with any
other EC2 cluster.
• Supports GPUs
42. Traditional Docker networking
Bridge: docker0. This is the default behavior. Containers on the same
network can communicate via IP address. No automatic service discovery.
Connect containers with ---link
None: no network interface, only local loopback (which I’ll explain shortly)
Host: connect to host network (container maps to host)
43. awsvpc (the longer version)
• With awsvpc, each task is allocated an ENI (Elastic Network Interface)
• Containers launched as part of the same task can use the local loopback
interface (remember that one?), since containers part of the same task
share an ENI
• With the ENI allocation comes a private IP. Public IPs can also be
allocated.
44. VPC integration in Fargate
• Launch your Fargate Tasks into subnets
• Beneath the hood :
• We create an Elastic Network Interface (ENI)
• The ENI is allocated a private IP from your subnet
• The ENI is attached to your task
• Your task now has a private IP from your subnet!
• You can also assign public IPs to your tasks
• Configure security groups to control inbound & outbound traffic
45. Looking for more networking details?
https://aws.amazon.com/blogs/compute/task-
networking-in-aws-fargate/
https://aws.amazon.com/blogs/compute/introducing-
cloud-native-networking-for-ecs-containers/
47. Hybrid clusters are possible
The same cluster can run tasks of type Fargate, and of type EC2
FAQ: how do I exec into a Fargate container?
Short Answer: you don’t
Longer answer: if it were me, I’d stop the Fargate container and restart as
type EC2 for debugging, then switch back over. Long term, something we’re
looking at building.
48. The Fargate wizard doesn’t let me use my own
VPC
The wizard is just for learning Fargate concepts and how it works. You
can absolutely use (and should use) your own VPC.
Wait what?
The wizard/getting started flow in Fargate will create a VPC and subnets for
you. You can both a) edit the resources created through the wizard, or
launch Fargate tasks into a previously created VPC through the regular
console flow/the CLI.
49. I get by with a little help from my
friends (CLIs).
50. CLIs (that I know of) for Fargate/ECS:
• aws-cli: the official OG. Open source, includes most AWS services.
• More info here: https://aws.amazon.com/cli/
• Github here: https://github.com/aws/aws-cli
• ecs-cli: also official, but just for ECS. Supports docker compose files.
• More info here: https://github.com/aws/amazon-ecs-cli
Some good unofficial options:
• Fargate cli: https://github.com/jpignata/fargate
• Coldbrew cli: https://github.com/coldbrewcloud/coldbrew-cli
52. We want to hear from all of you!
• More focus on supporting Tasks as compute primitive, more focus on
removing undifferentiated heavy lifting.
• Our roadmap is driven by feedback:
53. How can I get started?
• To join the EKS preview: https://aws.amazon.com/eks/
• To get started with Fargate: https://aws.amazon.com/fargate/
• Blogs: https://aws.amazon.com/blogs/aws/aws-fargate/
• https://aws.amazon.com/blogs/aws/amazon-elastic-container-service-for-kubernetes/
• Liz Rice from Aquasec on Fargate: https://blog.aquasec.com/securing-struts-in-aws-fargate
• Nathan Peck from AWS: https://medium.com/containers-on-aws/choosing-your-container-environment-on-
aws-with-ecs-eks-and-fargate-cfbe416ab1a
• Deepak Singh (containers GM at AWS): https://www.slideshare.net/AmazonWebServices/containers-on-aws-
state-of-the-union-con201-reinvent-2017
56. Need a little help?
Community Slack channels:
awsdevelopers.slack.com
amazon-ecs.slack.com
Or reach out to one of us directly:
@abbyfuller or abbyfull@amazon.com
@nathankpeck
@brentcontained
@paulmaddox
@ric_harvey