Week 10 – AWS Containers

Dr. Choiru Za'in

Overview
• Containers and Microservices
• AWS Container Services
• Deploying applications with Elastic Beanstalk
Containers and Microservices
Shipping containers

Before shipping containers After shipping containers

• Goods were shipped in a variety of vessels • Uniformly sized shipping containers
with no standardized weight, shape, or size. simplified loading, unloading, storing, and
transferring between transport types.
• Transporting goods was slow, inefficient, and
costly. • Abstraction of shipment details improved
efficiency, increased productivity, and
reduced costs.

© 2021, Amazon Web Services, Inc. or its affiliates. All rights

4
reserved.
 Evolution of deployment models:
Bare-metal servers

Applications compete for server

resources

Applications A, B, C Library versions must be shared

across applications
Libraries

Host OS

Host server Inflexible hardware costs

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. 5
Evolution of deployment models:
VMs

Isolated applications
VM VM VM
Application Application Application
Isolated libraries A B C
Libraries Libraries Libraries
More OS maintenance
Guest OS Guest OS Guest OS More server space for OS

Virtualization platform
Better resource
Host OS
utilization
Host server

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. 6
 Evolution of deployment models: Containers
Lightweight, efficient,
and fast

Highly portable ; Container Container Container

applications run identically across Application
Application B Application C
environments A
Bins/libs Bins/libs Bins/libs
Shared or isolated
libraries Shared libraries

Containerization platform

Shared OS kernel Host OS

Host server

Better resource
utilization
© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. 7
 Docker container virtualization platform

Lightweight container Tools to create, store, Integration with

virtualization platform manage, and run automated build, test,
containers and deployment
pipelines

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. 8
Docker container benefits
• Portable runtime application
environment
• Application and dependencies can be
packaged in a single, immutable
artifact
• Ability to run different application
versions with different dependencies
simultaneously
• Faster development and deployment
cycles
• Better resource utilization and
efficiency

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. 9
 Docker container components
Layer 4
Layer 3
Layer 2
Layer 1

Dockerfile Container image

Plain text file that provides Read-only template that is used to
instructions to create a create writable containers
container image

Container layer Container Container registry

Thin read/write layer that is used to Runnable instance of Private or public images that you can
make changes to the running container an image base other images on
© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. 10
Dockerfile simple example

# Start with the Ubuntu latest image

FROM ubuntu:latest

# Output hello world message

CMD echo "Hello World!"

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. 11
Dockerfile example:
Common tasks
# Start with CentOS 7 image
FROM centos:7

# Update the OS and install Apache

RUN yum –y update && yum –y install httpd

# Expose port 80—the port that the web server

“listens to”
EXPOSE Port 80

# Copy shell script and give it run permissions

ADD run-httpd.sh /run-httpd.sh
RUN chmod –v +x /run-httpd.sh

# Run shell script

CMD ["/run-httpd.sh"]

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. 12
 Each line of the Dockerfile adds aImage
layerlayers (read-only)

# 1 Start with CentOS 7 image

FROM centos:7 4 RUN chmod –v +x /run-httpd.sh

# 2 Update the OS and install Apache

RUN yum –y update && yum –y install httpd 4 ADD run-httpd.sh /run-httpd.sh

# 3 Expose port 80
EXPOSE Port 80 3 EXPOSE 80

# 4 Copy shell script and give it run

permissions RUN yum –y update && yum –y
2
ADD run-httpd.sh /run-httpd.sh install httpd
RUN chmod –v +x /run-httpd.sh
1 Base: CentOS 7
CMD ["/run-httpd.sh"]

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. 13
Comparing monolithic and microservice architectures
Monolithic Storefront UI
Account service
Cart service

Browser Load Shipping service

balancer Database
Data access service

Microservices
Account service (Node.js)
Storefront
Cart service (Python)
UI (Node.js)
Browser Load Shipping service (Java)
balancer
© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. 14
 Microservices and containers
Microservices design Container characteristics
• Decentralized, evolutionary • Each container uses the language and technology that are best suited for the service.
design • Each component or system in the architecture can be isolated, and can evolve separately,
• Smart endpoints, dumb pipes instead of updating the system in a monolithic style.

• Independent products, not • You can use containers to package all of your dependencies and libraries into a single,
projects immutable object.

• Designed for failure • You can gracefully shut down a container when something goes wrong and create a new
instance. You start fast, fail fast, and release any file handlers.
• Disposable
• The development pattern is like a circuit breaker. Containers are added and removed,
workloads change, and resources are temporary because they constantly change.
• Development and production • Containers can make development, testing, and production environments consistent.
parity • This consistency facilitates DevOps, in which a containerized application that works on a
developer's system will work the same way on a production system.

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. 15
AWS Container Services
Challenges of managing containers at scale

• State of containers
• Scheduling of starts and stops
• Resources available on each
server
• Maximizing availability,
resilience, and performance

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. 17
Container orchestration platforms

Scheduling Placement Service integration

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. 18
Amazon ECS
Fully managed container
orchestration service
• Scales rapidly to thousands of
containers with no additional
Amazon Elastic
complexity Container Service
• Schedules placement across managed (Amazon ECS)
clusters
• Integrates with third-party schedulers
and other AWS services

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. 19
Amazon ECR
Fully managed container registry that you can use to
easily store, run, and manage container images for
applications that run on Amazon ECS
Amazon Elastic
• Scalable and highly available Container Registry
(Amazon ECR)
• Integrated with Amazon ECS and
Docker CLI
• Secure:
• Encryption at rest
• Integration with the AWS Identity and
Access Management Service (IAM)

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. 20
 Amazon ECS solution architecture
Pull the container
image from
a registry

Select the
Amazon launch type AWS
ECR Fargate

Amazon
ECS Define your Manage
application your containers

Other Amazon
container EC2
registry

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. 21
 Amazon ECS with Fargate or Amazon EC2
Containers
Amazon ECS cluster Amazon ECS cluster
backed by Fargate Container instance Container instance Container instance backed by Amazon EC2
1 2 3

App 1 App 2 App 3

You manage
Bins/libs Bins/libs Bins/libs
You manage
Docker engines (one per OS in the cluster)
AWS manages
VM guest operating systems in the Amazon ECS cluster

Choose Fargate: Choose Amazon EC2:

• Services subject to wide swings in demand • More predictable resource requirements, or the option of
• Large workloads that are optimized for low overhead using reserved instances to reduce costs
• Small test environments • Large workloads that are optimized for price
• Batch workloads that run on a schedule • Compliance with organizational security requirements
• Excess Amazon EC2 capacity
© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. 22
Creating an Amazon ECR repository and pushing an image
# Create a repository called hello-world
> aws ecr create-repository \
--repository-name hello-world \
--region us-east-1

# Build and tag an image

> docker build -t hello-world .
> docker tag hello-world:latest aws_account_id.dkr.ecr.us-east-1.amazonaws.com/hello-
world:latest

# Authenticate Docker to your Amazon ECR registry

# You can skip the `docker login` step if you have amazon-ecr-credential-helper set up
> aws ecr get-login-password --region region | docker login --username AWS --password-stdin
aws_account_id.dkr.ecr.region.amazonaws.com

# Push an image to your repository

> docker push aws_account_id.dkr.ecr.us-east-1.amazonaws.com/hello-world:latest

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. 23
Amazon EKS
• Managed service that runs Kubernetes on
the AWS Cloud

• Built with the Kubernetes community

Amazon Elastic
Kubernetes Service • Conformant and compatible
(Amazon EKS)
• Secure by default

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. 24
 Amazon EKS

Fargate

Amazon EKS

Run Kubernetes
Amazon EC2 applications
Provision an Deploy worker Connect to
Amazon EKS nodes for your Amazon EKS
cluster Amazon EKS
cluster

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. 25
Section 5 key takeaways
• Container orchestration services
(or systems) simplify managing
containers at scale.
• Amazon ECS is a fully managed
container orchestration service
that you can use to launch
containers to either Fargate or EC2
instances.
• Amazon ECR is a fully managed
container registry service.
• Amazon EKS is a managed service
that you can use to run Kubernetes
in the cloud.

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. 26
Deploying applications with
Elastic Beanstalk
Elastic Beanstalk
• Service for deploying and scaling web
applications and services

• Automatically handles deployment details like capacity provisioning,

AWS Elastic Beanstalk load balancing, automatic scaling, and application health monitoring
• Provides a variety of platforms on which to build your applications
• Use to manage all of the resources that run your application as an
environment

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. 28
 Elastic Beanstalk components
Component Description
Application Logical collection of Elastic Beanstalk components. Conceptually similar to a folder.
Application
Specific, labeled iteration of deployable code for a web application.
version
Environment Collection of AWS resources that run an application version.
Designation of the type of application that the environment runs. Determines what resources Elastic Beanstalk
Environment tier
provisions to support it.
Environment
Collection of parameters and settings that define how an environment and its associated resources behave.
configuration
Saved
Template that you can use as a starting point for creating unique environment configurations.
configuration
Combination of an OS, programming language runtime, web server, application server, and Elastic Beanstalk
Platform
components. You design and target your web application to a platform.
Elastic Beanstalk CLI for Elastic Beanstalk. Provides interactive commands that simplify creating, updating, and monitoring
CLI environments from a local repository.

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. 29
 IAM permissions in Elastic Beanstalk environments
IAM roles assigned during environment creation

Service role Instance profile User policies

• Assigned during creation • Assigned during creation • Optionally assigned
• Elastic Beanstalk assumes that • Applied to instances that are • Can be attached to users or
it uses other services on your launched in your environment groups who create and
behalf • Default instance profile: manage Elastic Beanstalk
• Default service role: applications and environments
aws-
aws- elasticbeanstalk- • Two managed user policies are
elasticbeanstalk- ec2-role available to grant either full
service-role administrative access or read-
only access

© 2021, Amazon Web Services, Inc. or its affiliates. All rights

30
reserved.
 Service role policy
AWSElasticBeanstalkEnhancedHealth
example
"Effect": "Allow",
"Action": [
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetHealth",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:GetConsoleOutput",
"ec2:AssociateAddress",
"ec2:DescribeAddresses",
"ec2:DescribeSecurityGroups",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeAutoScalingInstances",
"autoscaling:DescribeScalingActivities",
"autoscaling:DescribeNotificationConfigurations",
"sns:Publish"
],
"Resource": [
"*"
]

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. 31
Elastic Beanstalk simplifies container deployment
Getting started with Getting started with
Amazon ECS Elastic Beanstalk
1. Create a task definition 1. Write a Dockerrun.aws.json file and
2. Create and configure a cluster provide your zipped code
including: 2. Select the platform for your
• EC2 instances language
• VPC settings 3. Launch your application
• IAM role definition
3. Create a service to run and
maintain a specified number of
instances of a task

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. 32
 Multicontainer Docker platform
Elastic Beanstalk

Auto Scaling group, Amazon ECS cluster

app1.elasticbeanstalk.com:80 Instance 1 Instance 2

Task 1-1 Task 1-2

Elastic
Load
app1.elasticbeanstalk.com:9000
Balancing

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. 33
Dockerrun.aws.json file

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. 34
Elastic Beanstalk deployment policies
Deployment option namespaces
aws:elasticbeanstalk:command
• Choose the deployment policy
• Set a timeout
• Choose options for size and type of batches to use
• Choose whether to cancel deployment on a failed health check

aws:elasticbeanstalk:trafficsplitting
• Choose the percentage of traffic to go to new instances
• Choose how long to wait before continuing to shift more traffic
© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. 36
Example of traffic splitting (canary testing)

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. 37
 Blue/green deployments on Elastic Beanstalk
myapp.useast-1.elasticbeanstalk.com myapp_new.useast-1.elasticbeanstalk.com
3 Swap the
CNAMEs

Elastic Beanstalk Elastic Beanstalk

environment (blue) environment (green)

2 Deploy and test

in the new
environment
1 Clone the
environment

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. 38
Additional Resources
• Blog posts
• Building Container Images on Amazon ECS on AWS Fargate:
https://aws.amazon.com/blogs/containers/building-container-images-on-
amazon-ecs-on-aws-fargate/
• Developing Twelve-Factor Apps Using Amazon ECS and AWS Fargate:
https://aws.amazon.com/blogs/containers/developing-twelve-factor-apps-
using-amazon-ecs-and-aws-fargate/
• Amazon ECS Workshop: https://ecsworkshop.com/
 • You can use Elastic Beanstalk to
Section 6 key manage all of the resources that run
takeaways your application as an environment.
• You can quickly launch a Docker
multicontainer environment with
Elastic Beanstalk without worrying
about Amazon ECS configuration
details.
• Deployment options include traffic
splitting and blue/green to support
testing new versions.

© 2021, Amazon Web Services, Inc. or its affiliates. All

40
rights reserved.
Labs
• Go to AWS Academy Module 8
• lab 8.1
• lab 8.2