Amazon ECS Managed Instances FAQs

Amazon ECS Managed Instances is a fully managed compute option that eliminates infrastructure management overhead while providing access to a broad suite of EC2 capabilities including the flexibility to select instance types, access reserved capacity, and advanced security and observability configurations. By offloading operations to AWS, ECS Managed Instances helps you get started quickly, reduce total cost of ownership, and free your teams to focus on building applications that drive innovation. Customers get the flexibility to select desired instance types for performance, including GPUs and network-optimized EC2 instances, while AWS handles instance configuration, capacity provisioning, workload placement, patching, scaling, and maintenance. ECS Managed Instances strengthens security with advanced security and observability tooling, giving customers confidence in how their applications are deployed. With deep integration across AWS native services for storage, networking, and monitoring, ECS Managed Instances empowers customers to run reliable operations at any scale.

Amazon ECS Managed Instances is available for new and existing ECS clusters in all AWS Regions, except AWS GovCloud (US) and the China Regions.

To get started with ECS Managed Instances, use the AWS Console, Amazon ECS MCP Server, or your favorite infrastructure-as-code tooling to enable it in a new or existing Amazon ECS cluster.

Amazon ECS Managed Instances automatically provisions, configures, and manages EC2 instances to run your containerized applications. When you deploy tasks, the service selects appropriate instance types based on your requirements or, if you require specific compute, you can choose your desired EC2 instances, including accelerator-based instances. It launches instances with AWS security best practices and places your tasks optimally across the infrastructure. AWS handles all instance lifecycle management including security patching, maintenance, and automatic instance refresh every 14 days. The service continuously monitors your applications and optimizes the underlying infrastructure to meet their needs while maintaining high availability and cost efficiency.

With Amazon ECS Managed Instances, AWS expands its responsibility beyond just the ECS control plane to include managing the underlying compute infrastructure. AWS handles instance provisioning, security patching, OS updates, instance configuration, lifecycle management, and automatic instance refresh. The managed instances are preconfigured with AWS security best practices and automatically updated with the latest security patches. Additionally, these instances are secured by restricting SSH access, Amazon SSM, modifying the instance IAM role, modifying the root volume, or attaching additional network interfaces.

Amazon ECS Managed Instances shares the same operational benefits as AWS Fargate - both have AWS-managed operating systems. However, Managed Instances provides additional benefits including guaranteed performance, access to accelerated, burstable, and high-bandwidth instances, plus privileged containers with Linux capabilities. Unlike AWS Fargate, with Amazon ECS Managed Instances the underlying compute lives in the customers’ AWS account, and the customer is billed for EC2 instance price and an additional management fee per instance, not per task.

Amazon ECS Managed Instances enhances security through AWS-managed infrastructure and automation. AWS handles security patching, instance maintenance, and lifecycle management automatically. It enhances your security posture through regular security patching initiated every 14 days. You can use EC2 event windows to schedule patching to occur within weekly maintenance windows, minimizing the risk of interruptions during critical hours.

Amazon ECS Managed Instances provides several cost optimization features. Customers can use familiar EC2 purchase options, such as Reserved Instances or Savings Plans to optimize cost of instances. ECS Managed Instances optimizes resource efficiency by binpacking multiple tasks on each instance, selecting appropriate instance types based on workload requirements, and continuously monitoring usage to consolidate tasks and drain underutilized instances.

Amazon ECS Managed Instances supports two networking modes: aws vpc mode where each task gets its own elastic network interface (ENI) with a private IPv4 address; and host mode where tasks share the network namespace with the host EC2 instance. The awsvpc mode is recommended for most use cases as it provides better security isolation and simplified networking configuration.

Yes, the managed EC2 instances are visible in your AWS account through the EC2 console and APIs. However, because these instances are managed by AWS, certain actions are restricted to maintain AWS's ability to manage them effectively. You can customize instance selection through the instance attributes fields in the ECS capacity provider, including accelerator instance types for machine learning and high-performance computing applications.

Yes, Amazon ECS Managed Instances supports privileged Linux capabilities, including CAP_NET_ADMIN for network operations, CAP_SYS_ADMIN for system administration, and CAP_BPF for Berkeley Packet Filter programs. This enables advanced monitoring, observability, and security solutions that require elevated privileges. 

Amazon ECS Managed Instances provides visibility through AWS CloudWatch Metrics and AWS CloudWatch Container Insights. Additionally, Amazon ECS lifecycle events are sent to Amazon EventBridge where they can be captured and forwarded to CloudWatch Logs. Finally, Amazon ECS integrates with AWS CloudTrail for API call logging, provides detailed auditable information. 

You will be charged for the management of compute provisioned, in addition to your regular Amazon EC2 costs. See detailed pricing information on the Amazon ECS Managed Instances Pricing Page.