of software that includes everything it needs to run (code, runtime, libraries, packages, etc.). A popular, widely-used container platform is Docker. More on that here: https://www.docker.com
OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS
rights reserved. What does the landscape look like all together? Amazon ECS (available now) Amazon EKS (preview) Fargate mode for ECS (available now) Fargate mode for EKS (available 2018)
entire AWS platform ALB, Auto Scaling, Batch, Elastic Beanstalk, CloudFormation, CloudTrail, CloudWatch Events, CloudWatch Logs, CloudWatch Metrics, ECR, EC2 Spot, IAM, NLB, Parameter Store, and VPC Scales to support clusters of any size Service integrations (like ALB and NLB) are at container level 1 2 3
environmental metadata Network Load Balancer support Console support for SpotFleet Override parameters for RunTask and StartTask APIs Task Elastic Network Interface Application Load Balancer Support HIPAA eligibility Console UX improvements CLI V1.0 Container instance draining Windows containers Cron and Cloudwatch Event Task scheduling Support for Docker Privileged Mode Lifecycle Policies for container images Beijing Region Support for Device and Init flags Add attributes during boot Seoul Region Linux capabilities
underlying infrastructure, cluster resources, capacity, setup. Just give it a task definition or pod (in 2018), set some resource limits, and away you go.
rights reserved. “When someone asks you for a sandwich, they aren’t asking you to put them in charge of a global sandwich logistic chain. They just want a sandwich”
rights reserved. AMAZON CONTAINER SERVICES So you want to run a (managed) container on AWS Choose your orchestration tool 1 Choose your launch type 2 ECS EKS EC2 Fargate EC2 Fargate
mode? Depends on your workload. For Fargate: if you have a Task Definition, and you’re ok with awsvpc networking mode, try Fargate. Some caveats: can’t exec into the container, or access the underlying host (this is also a good thing) For EC2 mode: good if you need to customize!
rights reserved. What are the differences between ec2 mode and Fargate? • Change in networking mode: "networkMode": "awsvpc” • Only specify container port, no host port: • "portMappings": [{"containerPort": ”8081"}] • No links (only local loopback) • No ELB Classic, only ALB or NLB. ALB needs to use target type IP, not instance. • Launch Type: Fargate
rights reserved. New and important! requiresCompatibilities parameter. "requiresCompatibilities": ["FARGATE"] You can have tasks that have multiple compatibilities: "requiresCompatibilities": ["FARGATE”, “EC2”]
rights reserved. Hang on, what’s awsvpc? New task level networking type. Each Task is assigned an ENI (Elastic Network Interface), and a private IP (and optionally a public IP, if you’re using Fargate) from your subnet. This allows for simplified container networking: containers that are part of the same task (and thus on the same host) can use the local loopback interface. Containers not on the same host use the ENI/hostname/IP
rights reserved. Need some more info on working with awsvpc? https://aws.amazon.com/blogs/compute/task- networking-in-aws-fargate/ https://aws.amazon.com/blogs/compute/introd ucing-cloud-native-networking-for-ecs- containers/
rights reserved. Need help migrating between Fargate and EC2? https://aws.amazon.com/blogs/compute/migr ating-your-amazon-ecs-containers-to-aws- fargate/
networking, task placement etc. to fit your application needs. Shared responsibility with AWS (because managed service). ecs-agent is open source. Easy integration with other AWS services. EKS: managed, upstream Kubernetes. Can connect to clusters through kubectl and use existing tooling. Can opt in to managed version upgrades. Add resources to your cluster through EC2 (now), or with Fargate mode (2018). Fargate: underlying technology for containers on demand. Pass a Task Definition or Kubernetes Pod, set resource limits, and Fargate manages everything else. NO access to underlying host, no managing of resources. Great if you don’t want to handle scaling, orchestration, deployments, upgrades yourself. Not for those of you that are making changes to your infrastructure (i.e., bringing custom AMIs, or installing things through EC2 user-data) tl;dr
OG. Open source, includes most AWS services. • More info here: https://aws.amazon.com/cli/ • Github here: https://github.com/aws/aws-cli ecs-cli: also official, but just for ECS. Supports docker compose files. • More info here: https://github.com/aws/amazon-ecs-cli Some good unofficial options: Fargate cli: https://github.com/jpignata/fargate Coldbrew cli: https://github.com/coldbrewcloud/coldbrew-cli
preview: https://aws.amazon.com/eks/ • To get started with Fargate: https://aws.amazon.com/fargate/ • Blogs: https://aws.amazon.com/blogs/aws/aws-fargate/ • https://aws.amazon.com/blogs/aws/amazon-elastic-container-service-for-kubernetes/ • Liz Rice from Aquasec on Fargate: https://blog.aquasec.com/securing-struts-in-aws-fargate • Nathan Peck from AWS: https://medium.com/containers-on-aws/choosing-your-container-environment-on-aws- with-ecs-eks-and-fargate-cfbe416ab1a • Deepak Singh (containers GM at AWS): https://www.slideshare.net/AmazonWebServices/containers-on-aws-state- of-the-union-con201-reinvent-2017