Amazon EC2 Container Service (ECS) allows you to easily run and manage Docker-enabled applications across a cluster of Amazon EC2 instances. Applications packaged as containers locally will deploy and run in the same way as containers managed by Amazon ECS. Amazon ECS eliminates the need to install, operate, and scale your own cluster management infrastructure, and allows you to schedule Docker-enabled applications across your cluster based on your resource needs and availability requirements. Amazon ECS enables you to grow from a single container to thousands of containers across hundreds of instances without any additional complexity in how you run your application. You can run anything: applications, batch jobs, or microservices. Amazon ECS abstracts away all the complexity of the infrastructure so you can focus on designing, building, and running containerized applications.
With Amazon ECS, you have complete visibility and control of your cluster from creating and terminating Docker containers to viewing detailed cluster state information. You can integrate and use your own container scheduler or connect EC2 Container Service into your existing software delivery process (e.g., continuous integration and delivery systems).
Amazon EC2 Container Service supports Docker and enables you to run and manage Docker containers across a cluster of Amazon EC2 instances. Each EC2 instance in a cluster managed by Amazon ECS runs a Docker daemon, so whatever application you package as a container locally will deploy and run on Amazon ECS without the need for any configuration changes.
Managing your own container management infrastructure usually involves installing, operating, and scaling your own cluster management software, configuration management systems, and monitoring solutions. Architecting and managing the availability and scalability of these systems is difficult. Amazon EC2 Container Service removes the complexity of container management. With Amazon ECS, all you need to do is launch a cluster of Container Instances and specify the tasks you want to run; Amazon ECS handles all the cluster management for you.
Amazon EC2 Container Service allows you to define tasks through a declarative JSON template called a Task Definition. Within a Task Definition you can specify one or more containers required for your task, including the Docker repository and image, memory and CPU requirements, shared data volumes, and how the containers are linked to each other. You can launch as many tasks as you want from a single Task Definition file that you can register with the service. Task Definition files also allow you to version control your application specification.
Amazon EC2 Container Service provides you with a set of simple APIs to allow you to integrate and extend the service. The APIs allow you to create and delete clusters, register and deregister tasks, launch and terminate Docker containers, and provide detailed information about the state of your cluster and its instances. You can also use AWS CloudFormation to provision Amazon ECS clusters, register Task Definitions, and schedule containers.
Amazon EC2 Container Service includes schedulers that place containers across your clusters based on your resource needs (e.g., CPU or RAM) and availability requirements. Using the available schedulers, you can schedule long-running applications and services as well as batch jobs. The Amazon ECS APIs also provide you with complete cluster state information, allowing you to write your own schedulers or integrate existing third-party schedulers (e.g., Marathon). Amazon ECS is a shared state, optimistic concurrency system that presents the full state of the cluster to all schedulers. You can develop your own schedulers or integrate third-party schedulers by using the Amazon ECS APIs or Blox, a collection of open source projects for container management and orchestration. See the Blox GitHub page to learn more.
The Amazon ECS Service scheduler will automatically recover unhealthy containers to ensure you have the desired number of containers supporting your application.
Amazon ECS allows you to easily update your containers to new versions. You can upload a new version of your application Task Definition, and the Amazon ECS scheduler will automatically start new containers using the updated image and stop containers running the previous version. Amazon ECS will automatically register and deregister your containers from the associated ELB.
Amazon ECS is integrated with Elastic Load Balancing (ELB) allowing you to distribute traffic across your containers. You specify the Task Definition and the ELB to use, and the Amazon ECS Service scheduler will automatically add and remove containers from the ELB. You can specify a dynamic port in the Task Definition, which gives your container an unused port when it is scheduled on an EC2 instance. You can also use path-based routing to share an ELB with multiple services.
The Amazon EC2 Container Service CLI (Amazon ECS CLI) allows you to simplify your local development experience as well as easily set up an Amazon ECS cluster and its associated resources (e.g., EC2 instance). The Amazon ECS CLI supports Docker Compose, an open-source tool for defining and running multi-container applications. You can apply the same Compose definition used to define a multi-container application on your development machine as well as in production. The Amazon ECS CLI is open-source and available for download here.
Amazon ECS provides monitoring capabilities for your containers and clusters. You can monitor average and aggregate CPU and memory utilization of running tasks as grouped by Task Definition, Service, or Cluster through Amazon CloudWatch. You can also set CloudWatch alarms to alert you when your containers or clusters need to scale up or down.
You can send each container instance's ECS agent logs and Docker container logs to Amazon CloudWatch Logs to simplify issue diagnosis. You can also record all your Amazon ECS API calls and have the log files delivered to you through AWS CloudTrail. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by Amazon ECS. CloudTrail provides you a history of API calls made from the Amazon ECS Management Console, AWS SDKs, and AWS CLI and enables security analysis, resource change tracking, and compliance auditing.
Amazon EC2 Container Service can be used with any third party or accessible private Docker registry, or Docker Hub, a hosted Docker image repository. All you need to do is specify the repository in your Task Definition and Amazon ECS will retrieve the appropriate images for your applications.
Amazon EC2 Container Service allows you to specify an IAM role for each ECS task. This allows the ECS container instances to have a minimal role, respecting the ‘Least Privilege’ access policy and allowing you to manage the instance role and the task role separately. You will also gain visibility as to which task is using which role, tracked in the CloudTrail logs.