Amazon ECS Features

Amazon Elastic Container Services (Amazon ECS) is a fully managed container orchestration service that helps organizations easily deploy, manage, and scale containerized applications. Versionless and opinionated, the Amazon ECS control plane deeply integrates with the rest of the AWS environment to provide a secure and easy-to-use solution for running container workloads in the cloud. Amazon ECS can run with Amazon Elastic Compute Cloud (Amazon EC2), AWS Fargate, or even with on-premises infrastructure with Amazon ECS Anywhere.

Key Features

AWS Fargate is built into Amazon ECS, which means you no longer have to worry about managing servers, handling capacity planning, or figuring out how to isolate container workloads for security. Just define your application’s requirements, select AWS Fargate as your launch type in the console or Command Line Interface (CLI), and AWS Fargate takes care of all the scaling and infrastructure management required to run your containers across flexible compute options, with automatic integrations to other supporting AWS services that your application needs.

With Amazon ECS Anywhere, you can use the same familiar Amazon ECS console and operator tools to manage your on-premises container workloads for a consistent experience across your container-based applications. You can also use Amazon ECS on AWS Outposts to run containerized applications that require particularly low latencies to on-premises systems.

Amazon ECS natively integrates with the Security, Identity, and Management and Governance tools you already trust, which helps you get to production quickly and successfully. You can assign granular permissions for each of your containers, giving you a high level of isolation when building your applications. Launch your containers with the security and compliance levels you have come to expect from AWS. And, through integrations with Amazon GuardDuty, you can quickly and easily detect external threats to your workloads before they escalate.

Amazon ECS is a fully-managed container orchestration service, with AWS configuration and operational best practices built-in, and no control plane, nodes, or add-ons for you to manage. It natively integrates with both AWS and third-party tools to make it easier for teams to focus on building the applications, not the environment.

Development

Amazon ECS supports management of Windows containers. An Amazon ECS-optimized Windows Amazon Machine Image (AMI) provides enhanced instance and container launch time performance and visibility into CPU, memory utilization, and reservation metrics.

The AWS Copilot CLI is a tool for developers to build, release, and operate production ready containerized applications on Amazon ECS and AWS Fargate. Copilot takes best practices, from infrastructure to continuous delivery, and makes them available to customers from the comfort of their command line. You can also monitor the health of your service by viewing your service's status or logs, scale up or down production services, and spin up a new environment for automated testing. Download AWS Copilot.

Amazon ECS can be used with any third-party hosted Docker image repository or accessible private Docker registry, such as Docker Hub and Amazon Elastic Container Registry (ECR). All you need to do is specify the repository in your task definition and Amazon ECS retrieves the appropriate images for your applications.

Management

Amazon ECS allows you to define tasks through a JavaScript Object Notation (JSON) template called a Task Definition. Within a Task Definition, you can specify one or more containers that are required for your task, including the Docker repository and image, memory and CPU requirements, shared data volumes, and how the containers are linked to each other. You can launch as many tasks as you want from a single Task Definition file that you can register with the service. Task Definition files also give you version control over your application specification.

Amazon ECS provides you with a set of simple API actions to allow you to integrate and extend the service. The API actions allow you to create and delete clusters, register and deregister tasks, launch, and terminate Docker containers, and provide detailed information about the state of your cluster and its instances. You can also use AWS CloudFormation to provision Amazon ECS clusters, register task definitions, and schedule containers.

Amazon ECS allows you to easily update your containers to new versions. You can upload a new version of your application task definition, and the Amazon ECS scheduler automatically starts new containers using the updated image and stop containers running the previous version. Amazon ECS automatically registers and deregisters your containers from the associated Application Load Balancer.

Amazon ECS will automatically recover unhealthy containers to ensure that you have the desired number of containers supporting your application.

Capacity Providers allow you to define flexible rules for how containerized workloads run on different types of compute capacity, and manage the scaling of the capacity. Capacity Providers work with both Amazon Elastic Compute Cloud (Amazon EC2) and AWS Fargate. When running tasks and services, you can split them across multiple Capacity Providers, enabling new capabilities such as running a service in a predefined split percentage across Fargate and Fargate Spot.

Amazon Elastic Block Store (Amazon EBS) is an easy-to-use, scalable, high-performance block-storage service that allows you to provision cost-performant storage for your Amazon ECS and AWS Fargate deployments. You can use all EBS configurations and capabilities with your container workloads deployed on Amazon ECS.

Amazon Elastic File System (Amazon EFS) is a simple, scalable, fully managed elastic file system, enabling you to build modern applications, and persist and share data and state, from your Amazon ECS and AWS Fargate deployments. All aspects of using Amazon EFS with containers, including connectivity, is cared for, zero management required. You can simply focus on your applications, not infrastructure. Learn more about persistent file storage.

Scheduling and Task Placement

Amazon ECS includes multiple scheduling strategies that place containers across your clusters based on your resource needs (for example, CPU or RAM) and availability requirements. Using the available scheduling strategies, you can schedule batch jobs, long-running applications and services, and daemon processes.

Amazon ECS task scheduling allows you to run processes that perform work and then stop, such as batch processing jobs. Task scheduling starts tasks automatically from a queue of jobs, or based on a time interval that you define.

Learn more about scheduling Amazon ECS tasks »

Amazon ECS service scheduling allows you to run stateless services and applications. This scheduling strategy ensures that a specified number of tasks are constantly running and restarts tasks if failure occurs. Customers can ensure that tasks are registered against an Elastic Load Balancing load balancer and can perform health checks that users define for running tasks.

Amazon ECS daemon scheduling automatically runs the same task on each selected instance in your ECS cluster. This makes it easy to run tasks that provide common management functionality for a service like logging, monitoring, or backups.

Amazon ECS allows users to customize how tasks are placed onto a cluster of Amazon EC2 instances based on built-in attributes such as instance type, Availability Zone, or user-defined custom attributes. Use attributes such as environment = production to label resources, list API actions to find those resources, and the RunTask and CreateService API actions to schedule tasks on those resources.

With Amazon ECS, use placement strategies such as bin pack and spread to further define where tasks are placed. Policies can be chained together to achieve sophisticated placement capabilities without writing any code.

Networking

Amazon ECS Service Connect simplifies service discovery, connectivity, and traffic observability for Amazon ECS. It helps you build applications faster by letting you focus on the application code and not on your networking infrastructure. You can use ECS Service Connect to define logical names for your service endpoints and use them in your client applications to connect to dependencies. ECS Service Connect helps send your traffic to healthy endpoints and provides rich traffic telemetry in the ECS console and in Amazon CloudWatch. Native ECS deployments are more robust with ECS Service Connect, as it supports automatic connection draining that helps your client applications switch to a new version of the service endpoint without encountering traffic errors.

With ECS Service Connect, you can:

• Set the way client applications connect to their dependencies in just one step

• Write and operate resilient distributed applications with logical naming

• Monitor and distribute traffic between ECS tasks without deploying and configuring load balancers

• Deploy services faster and deliver seamless integration of ECS microservices comprising an application

Learn more about migrating existing Amazon ECS services from service discovery to ECS Service Connect »

Amazon ECS is integrated with AWS Cloud Map to make it easy for your containerized services to discover and connect with each other. AWS Cloud Map is a cloud resource discovery service that lets you define custom names for your application resources. It increases your application availability because your web service will always discover the most up-to-date locations of these dynamically changing resources.

Learn more about migrating existing Amazon ECS services from service discovery to ECS Service Connect »

Amazon ECS supports Docker networking and integrates with Amazon VPC to provide isolation for containers. This gives you control over how containers connect with other services and external traffic. With Amazon ECS, you can choose between four networking modes for your containers that cater towards different use cases:

Task Networking/awsvpc
This mode assigns each running ECS task a dedicated elastic networking interface, allowing containers full networking features in a VPC, just like EC2 instances.

Bridge
This mode creates a Linux bridge that connects all containers running on the host in a local virtual network, which can be accessed through the host's default network connection.

Host
This mode adds containers directly to the host’s network stack, exposing containers on the host's network with no isolation.

None
This mode disables external networking for containers.

Amazon ECS is integrated with Elastic Load Balancing, allowing you to distribute traffic across your containers using Application Load Balancers or Network Load Balancers. You specify the task definition and the load balancer to use, and Amazon ECS automatically adds and removes containers from the load balancer. Specify a dynamic port in the task definition, which gives your container an unused port when it is scheduled on an EC2 instance. In addition, use path-based routing to share a load balancer with multiple services.

Monitoring and Logging

Amazon ECS provides monitoring capabilities for your containers and clusters through Amazon CloudWatch. You can monitor average and aggregate CPU and memory utilization of running tasks as grouped by task definition, service, or cluster. Set CloudWatch alarms to alert you when your containers or clusters need to scale up or down.

Amazon ECS allows you to record all your Amazon ECS API calls and have the log files delivered to you through AWS CloudTrail. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by Amazon ECS. CloudTrail provides you a history of API calls made from the AWS Management Console, AWS SDKs, and AWS CLI. It enables security analysis, resource change tracking, and compliance auditing.

AWS Config integrates with Amazon ECS to provide you visibility into your configuration of AWS resources in your AWS account. AWS Config allows users to monitor and track how resources were configured, how they relate to one another, and how the configurations and relationships change over time. AWS Config enables you to simplify compliance and security, operational troubleshooting, and resource administration.

Hybrid Deployments

You can use Amazon ECS on AWS Outposts to run containerized applications that require particularly low latencies to on-premises systems. Outposts is a fully managed service that extends AWS infrastructure, AWS services, APIs, and tools to virtually any connected site. With Amazon ECS on Outposts, you can manage containers on-premises with the same ease as you manage your containers in the cloud.

With Amazon ECS Anywhere, you can use the same familiar Amazon ECS console and operator tools to manage your on-premises container workloads for a consistent experience across your container-based applications. The AWS Systems Manager (SSM) integration automatically and securely establishes trust between your on-premises hardware and the AWS control plane.

Learn more about Amazon ECS Anywhere »