What is Amazon ECS?

• Amazon ECS is a highly scalable, fast, container management service that allows you to
run, stop, and manage Docker containers on a cluster.

• Containers are defined in a Task Definition, which is used to run individual tasks or
multiple tasks within a service.

• ECS allows you to run tasks and services on either Fargate (serverless infrastructure) or
EC2 instances.

ECS Components

1. Containers:

o ECS uses Docker containers, which are packaged units of software including code,
runtime, libraries, and system tools.

o Containers are built from Images, which are read-only templates.

o Images are stored in Container Registries like Amazon ECR (Elastic Container
Registry).

2. Tasks and Task Definitions:

o A Task Definition is a JSON file describing one or more containers (up to 10) that
form an application.

o Tasks are instantiations of Task Definitions running on ECS clusters.

3. Clusters:

o A Cluster is a logical grouping of tasks or services.

o Clusters can run on EC2 instances or on Fargate.

o Fargate manages the infrastructure, allowing you to focus on application design

instead of cluster management.

ECS vs. Fargate

• ECS on EC2:

o Use when you need more control over the infrastructure.

o Tasks run on a cluster of EC2 instances.

o You are responsible for provisioning and scaling the EC2 instances.

• Fargate:

o Serverless: You don't need to manage the infrastructure.

o Each task gets its own Elastic Network Interface (ENI) and IP address.
 o Ideal for applications that require auto-scaling without managing EC2 instances.

ECS Use Cases

1. Consistent Build and Deploy:

o Automate the build and deployment of container-based applications.

2. Batch and ETL Workloads:

o Manage and scale batch processing tasks (e.g., pulling logs from RDS to S3).

3. Microservices:

o Build and manage microservices architectures, scaling each service independently.

ECS Features

• Task Scheduler:

o Schedules tasks across the cluster based on resource needs and availability.

• Container Agent:

o Runs on each container instance, reporting back to ECS on resource utilization and
task status.

• VPC Integration:

o ECS clusters run within an Amazon VPC, allowing for advanced networking and
security configurations.

Task Roles and Security

• Task IAM Roles:

o Assign IAM roles to tasks to manage permissions for containers.

o Similar to EC2 instance profiles but specifically for ECS tasks.

o Useful for tasks needing access to AWS services (e.g., S3 buckets).

ECS and Fargate with Load Balancers

• Fargate Tasks:

o Can be fronted by an Application Load Balancer (ALB).

o Each Fargate task can have its own ENI and IP address, enabling multiple
applications to run on the same port number without conflict.

Key Concepts to Remember

• Fargate vs. ECS on EC2: Understand the differences in infrastructure management and
when to use each.
 • Task Definitions: Know how to define and manage them, and their role in deploying
containers.

• IAM Roles: Understand how they apply to ECS tasks and how they secure containerized
applications.

What is the primary purpose of Amazon ECS?

• A) To manage and automate EC2 instance provisioning

• B) To host static websites on S3

• C) To run, stop, and manage Docker containers on a cluster

• D) To orchestrate Lambda functions

Which service allows you to run containers without managing the underlying infrastructure?

• A) Amazon EC2

• B) AWS Fargate

• C) Amazon S3

• D) AWS Lambda

In ECS, where are container images stored and retrieved from?

• A) Amazon Elastic Container Registry (ECR)

• B) Amazon S3

• C) AWS Lambda

• D) Amazon RDS

Which of the following is true about a Task Definition in ECS?

• A) It defines the physical EC2 instances on which containers run.

• B) It is a JSON file that describes one or more containers forming an application.

• C) It is a configuration file for an application load balancer.

• D) It defines the security group rules for a VPC.

Which ECS launch type requires you to manage the EC2 instances in your cluster?

• A) ECS on EC2

• B) Fargate

• C) Lambda

• D) AWS Batch
 What is a key benefit of using AWS Fargate over ECS on EC2?

• A) Lower cost for small workloads

• B) More control over network configuration

• C) Serverless infrastructure, eliminating the need to manage EC2 instances

• D) Support for large-scale batch processing

Which feature allows multiple ECS tasks to run on the same port without conflict when
using Fargate?

• A) EC2 Auto Scaling

• B) Application Load Balancer

• C) Elastic Network Interface (ENI)

• D) Security Groups

What is the primary difference between ECS tasks and ECS services?

• A) Tasks are managed by Lambda, and services are managed by EC2.

• B) Tasks are individual executions of a Task Definition, while services maintain the
desired number of task instances.

• C) Tasks are for short-running processes, and services are for long-running processes.

• D) Tasks are stateless, while services are stateful.

In ECS, what does a Task IAM Role allow you to do?

• A) Define the EC2 instance type for the task

• B) Assign specific AWS service permissions to containers running in the task

• C) Manage the VPC settings for a task

• D) Automate task scheduling based on demand

When would you prefer using ECS on EC2 instead of Fargate?

• A) When you need more control over the underlying EC2 instances

• B) When you want to avoid managing any infrastructure

• C) When your application requires real-time monitoring

• D) When you need to run serverless workloads

 • Amazon ECS (Elastic Container Service) is a fully managed container orchestration
service.

• ECS allows you to run Docker containers on AWS infrastructure.

• ECS Cluster is a logical grouping of tasks or services, and it manages the EC2 instances
where containers are run.

Launch Types

• EC2 Launch Type:

o You manually provision and manage the EC2 instances.

o Each EC2 instance runs the ECS agent, which registers the instance with the ECS
cluster.

o Containers (ECS tasks) are placed on EC2 instances based on availability and
resources.

o Allows fine-grained control over the infrastructure.

• Fargate Launch Type:

o AWS manages the infrastructure, and you do not need to provision EC2 instances.

o It is a serverless option where AWS runs containers based on the CPU and RAM
requirements you specify.

o Easier to manage but with less control over the underlying infrastructure.

o Exam Note: Fargate is often recommended due to its simplicity and ease of use.

Steps to Create an ECS Cluster

1. Access ECS Console:

o Ensure you are using the new ECS console interface.

o Option to switch between old and new interfaces is available on the ECS homepage.

2. Create a Cluster:

o Click on "Create Cluster."

o Name the cluster (e.g., "Demo Cluster").

o Choose a VPC (use the default VPC and subnets).

3. Select Launch Type:

o By default, Fargate is selected.

o For the demo, select the EC2 launch type.

 o Configure an Auto Scaling Group (ASG):

▪ Select the operating system and instance type (e.g., t2.medium).

▪ Desired capacity: Set between 1 and 3.

▪ Choose or create a key pair for SSH access.

▪ Optionally, specify external instances (e.g., on-premises) using ECS

Anywhere (deselected for the demo).

▪ Monitoring and tagging options are available but can be left at default
settings.

4. Cluster Deployment:

o Click "Create" to deploy the cluster.

o Once deployed, the cluster status will show as "Active."

5. Cluster Details:

o View cluster details like registered container instances, CloudWatch monitoring,

and capacity providers.

o Capacity Providers:

▪ Fargate and Fargate Spot are available by default.

▪ The ASG provider will scale EC2 instances as needed.

o A CloudFormation stack is created during cluster setup to manage resources like

the ECS cluster, ASG, and other associated components.

6. Verify Cluster Creation:

o Check the EC2 dashboard to confirm the running instances.

o View the Auto Scaling Group in the ECS cluster for scaling settings and capacities.

What is the main difference between the EC2 and Fargate launch types in Amazon ECS?

• A) EC2 requires manual provisioning and management of instances, while Fargate is

serverless and managed by AWS.

• B) Fargate requires manual provisioning and management of instances, while EC2 is

serverless and managed by AWS.

• C) Both EC2 and Fargate require manual provisioning and management of instances.

• D) Both EC2 and Fargate are serverless and managed by AWS.

• Answer: A) EC2 requires manual provisioning and management of instances, while

Fargate is serverless and managed by AWS.
 In the context of Amazon ECS, what is an ECS cluster?

• A) A group of Docker containers running on EC2 instances.

• B) A logical grouping of tasks or services.

• C) A type of VPC designed for ECS workloads.

• D) A collection of IAM roles used for ECS task execution.

• Answer: B) A logical grouping of tasks or services.

Which of the following is true about ECS Fargate launch type?

• A) It requires you to manage EC2 instances.

• B) It provides fine-grained control over EC2 instance configuration.

• C) It abstracts the underlying infrastructure management.

• D) It is only available in specific AWS regions.

• Answer: C) It abstracts the underlying infrastructure management.

When creating an ECS cluster with the EC2 launch type, which of the following must you
configure?

• A) ECS Task Definition

• B) ECS Agent

• C) Auto Scaling Group (ASG)

• D) Fargate Capacity Provider

• Answer: C) Auto Scaling Group (ASG)

What is the role of the ECS agent in an EC2 launch type cluster?

• A) It manages the deployment of Docker containers.

• B) It registers the EC2 instance with the ECS cluster.

• C) It automatically scales EC2 instances based on load.

• D) It provides logging and monitoring for ECS tasks.

• Answer: B) It registers the EC2 instance with the ECS cluster.

Which AWS service is used to automate the creation of resources when an ECS cluster is
created?

• A) AWS Lambda

• B) AWS CloudFormation
 • C) AWS Auto Scaling

• D) AWS Elastic Beanstalk

• Answer: B) AWS CloudFormation

In an ECS cluster using the EC2 launch type, what happens when the load on instances
increases beyond the desired capacity?

• A) The ECS cluster automatically shuts down tasks.

• B) The ECS cluster creates additional EC2 instances using the ASG.

• C) The ECS cluster fails to launch new tasks.

• D) The ECS cluster scales down to conserve resources.

• Answer: B) The ECS cluster creates additional EC2 instances using the ASG.

What is the default launch type selected when creating a new ECS cluster using the ECS
console?

• A) EC2

• B) Fargate

• C) EC2 Spot

• D) Lambda

• Answer: B) Fargate

Which of the following is a benefit of using the Fargate launch type in ECS?

• A) Lower costs due to pay-per-use model.

• B) Full control over EC2 instance configurations.

• C) Ability to run containers on on-premises servers.

• D) Simplified management with serverless architecture.

• Answer: D) Simplified management with serverless architecture.

After creating an ECS cluster, which AWS service should you check to verify the creation of
underlying infrastructure components like EC2 instances?

• A) Amazon S3

• B) AWS Lambda

• C) Amazon EC2 Dashboard

• D) AWS IAM

• Answer: C) Amazon EC2 Dashboard

 • In Amazon ECS, task placement refers to the process of determining which EC2 instances
within your ECS cluster will host your tasks when using the EC2 launch type. ECS decides
the placement based on available resources such as memory, CPU, and ports on the EC2
instances.

Task Placement Policy & Constraints:

• Task Placement Policies are strategies that ECS uses to determine the best EC2 instance
to place a new task or which task to terminate when scaling in.

• Task Placement Constraints are rules that ensure tasks are placed on EC2 instances that
meet specific conditions.

Task Placement Strategies:

1. Binpack Strategy:

o Places tasks on instances with the least available amount of CPU or memory.

o Optimizes resource utilization and minimizes the number of EC2 instances in use,
leading to cost savings.

2. Random Strategy:

o Places tasks randomly across the available EC2 instances.

o Simple and straightforward, but not necessarily optimized for resource usage.

3. Spread Strategy:

o Spreads tasks evenly across specified values, such as instance ID or availability

zones.

o Maximizes high availability by ensuring tasks are distributed across multiple

availability zones.

o Example: If tasks are spread based on availability zones, they will be distributed
evenly across all zones to ensure redundancy and high availability.

Combining Strategies:

• ECS allows the combination of multiple placement strategies. For instance, you can spread
tasks across availability zones and then use a binpack strategy to optimize resource
utilization within each zone.

Task Placement Constraints:

1. Distinct Instance:

o Ensures that each task is placed on a different container instance, preventing

multiple tasks from running on the same instance.

2. Member Of:
 o Allows tasks to be placed on instances that satisfy a specific expression defined in
the cluster query language. This is an advanced option that provides granular
control over task placement.

Implementation in ECS:

• When creating an ECS service, you can select a task placement strategy. The default
strategy can be changed based on your requirements.

• ECS will create necessary infrastructure, such as load balancers and auto-scaling groups,
as part of the service creation process.

• Task placement is crucial in ensuring that your ECS tasks are efficiently and reliably placed
across your EC2 instances, considering both performance and cost optimization.

Practical Example:

• In a lab scenario, an ECS service is created, and a task is launched using the selected
placement strategy. The process includes creating a cluster, defining a task, and configuring
a load balancer and security groups to access the container.

Summary:

• Task placement strategies and constraints in Amazon ECS allow for efficient and optimized
deployment of tasks across EC2 instances, ensuring high availability, cost-effectiveness,
and adherence to specific requirements.

What is the purpose of the Binpack task placement strategy in Amazon ECS?

• A) To randomly place tasks across EC2 instances

• B) To minimize the number of EC2 instances in use by placing tasks on instances with
the least available resources

• C) To ensure tasks are evenly spread across availability zones

• D) To guarantee that tasks are placed on distinct instances

Which task placement strategy would you use to ensure tasks are evenly distributed across
availability zones?

• A) Binpack

• B) Random

• C) Spread

• D) Distinct Instance

What does the "Distinct Instance" task placement constraint in ECS ensure?

• A) Tasks are placed randomly across EC2 instances

• B) Each task is placed on a different EC2 instance

 • C) Tasks are placed on instances with the most available resources

• D) Tasks are placed based on a specific query expression

Which ECS launch type does the task placement policy and strategy apply to?

• A) EC2

• B) Fargate

• C) Lambda

• D) EKS

Which task placement strategy should be selected if you want to prioritize cost savings by
using the fewest possible EC2 instances?

• A) Binpack

• B) Spread

• C) Random

• D) Member Of

What is the function of the "Member Of" task placement constraint in ECS?

• A) It places tasks on instances that satisfy a specific cluster query expression

• B) It ensures tasks are placed on distinct instances

• C) It randomly places tasks across all available instances

• D) It spreads tasks evenly across availability zones

Which strategy should be used to ensure that ECS tasks are placed on instances with the
least available CPU or memory resources?

• A) Binpack

• B) Random

• C) Spread

• D) Distinct Instance

When using the Spread strategy, which of the following values can be specified to determine
how tasks are spread?

• A) CPU usage

• B) Availability Zone

• C) Memory allocation

• D) EC2 instance size

 What happens when the Random task placement strategy is used in ECS?

• A) Tasks are placed on the instance with the most available resources

• B) Tasks are placed without any specific logic across available instances

• C) Tasks are evenly spread across all instances

• D) Tasks are placed based on specific constraints defined in the cluster query language

Which ECS task placement strategy would be most appropriate for maximizing high
availability across multiple availability zones?

• A) Binpack

• B) Random

• C) Spread

• D) Member Of

• Amazon EKS is a managed service that simplifies the process of running Kubernetes on
AWS without the need to install, operate, and maintain your own Kubernetes control plane.

• Kubernetes is an open-source system that automates the management, scaling, and

deployment of containerized applications.

Key Features and Benefits:

1. Simplified Cluster Management:

o Automates labor-intensive activities like provisioning Kubernetes clusters,

configuring service discovery, and managing networking.

o Ensures seamless compatibility with existing Kubernetes tools requiring minimal to

no adjustments.

2. Managed Kubernetes Control Plane:

o Amazon EKS manages the control plane, including master nodes, ETCD (a
distributed key-value store), and control plane components.

o Ensures high availability and scalability without requiring users to manage these
components.

3. Node Groups:

o EKS allows for the creation and management of groups of Amazon EC2 instances,
known as Node Groups, to serve as worker nodes.

o Node Groups can be auto-scaled based on CPU and memory utilization.

4. Integration with AWS Services:

 o EKS integrates seamlessly with services like Amazon RDS, Amazon S3, IAM, and
VPC, enhancing the capability to build and scale applications using AWS services.

5. Security:

o Offers robust security features, including role-based access control (RBAC),

network policies, and integration with AWS IAM for fine-grained access control.

o Monitoring and logging integration with AWS CloudWatch and AWS CloudTrail.

6. Load Balancing:

o EKS integrates with Elastic Load Balancers (ELB) to manage traffic to applications
and services.

7. Auto-scaling:

o Automatically scales worker nodes in Node Groups based on application resource

demands, ensuring smooth operation during traffic spikes.

8. Fargate Integration:

o Provides an option to run containers using AWS Fargate, a serverless compute

engine, eliminating the need to manage underlying infrastructure.

Use Cases:

1. Deploy Across Hybrid Environments:

o Manage Kubernetes clusters and applications across hybrid environments,

including on-premises data centers.

2. Machine Learning Workflows:

o Efficiently run distributed training jobs using EC2 GPU instances and deploy training
and inference using Kubeflow.

3. Web Applications:

o Build applications that can automatically scale and run across multiple availability
zones with high availability.

Key Components:

1. Nodes:

o Master Nodes: Managed by EKS, responsible for the Kubernetes control plane.

o Worker Nodes: EC2 instances in Node Groups that run container workloads.

2. Node Groups:

o Collections of EC2 instances serving as worker nodes. Can be auto-scaled based

on resource requirements.
 3. Pods:

o Groups of containers that share networking, storage, IP addresses, and port spaces.

4. Control Plane:

o The central management and control hub for the EKS cluster, including master
nodes and ETCD database.

5. API Servers:

o Manages API interactions, including those with kubectl and REST API.

6. Controller Manager:

o Manages VMs, storage, databases, and other resources associated with the
Kubernetes cluster.

7. Scheduler:

o Determines when and where workloads should run, integrating with the Controller
Manager and API Servers.

8. Kubectl & Kubeconfig:

o kubectl: Command-line tool for interacting with the Kubernetes cluster.

o kubeconfig: Configuration file providing access to the EKS cluster.

Deployment Options:

1. On AWS Cloud:

o Deploy using EC2 instances or Fargate for serverless containers.

2. AWS Outposts:

o Run EKS on-premises using AWS Outposts, extending AWS infrastructure services
to customer data centers.

3. EKS Anywhere:

o Set up Kubernetes on on-premises infrastructure.

Pricing:

• EKS Cluster: $0.10 per hour per cluster.

• EC2 Instances: Pay for resources like EC2 instances, EBS volumes, etc.

• Fargate: Pricing based on vCPU and memory resources used.

• EKS on AWS Outposts: Same pricing as in the cloud, $0.10 per hour per cluster.

Conclusion:
 • Amazon EKS simplifies the management of containerized applications, reduces operational
overhead, and leverages Kubernetes for orchestrating containers in a scalable and highly
available manner.

Which service does Amazon EKS integrate with to provide a managed container registry for
storing Docker images?

• A) Amazon S3

• B) Amazon ECR

• C) AWS Lambda

• D) Amazon RDS

What is the primary role of Amazon EKS in a Kubernetes environment?

• A) Managing EC2 instances

• B) Managing the Kubernetes control plane

• C) Handling DNS resolution

• D) Running machine learning models

Which feature of Amazon EKS allows you to automatically scale the worker nodes based on
resource utilization?

• A) Auto-scaling Groups

• B) Elastic Load Balancer

• C) Node Groups

• D) AWS Fargate

Which of the following AWS services is used by Amazon EKS to monitor and log cluster
activity?

• A) AWS IAM

• B) AWS CloudWatch

• C) Amazon S3

• D) AWS Lambda

In Amazon EKS, what is a Node Group?

• A) A collection of master nodes

• B) A database used for storing configuration data

• C) A collection of EC2 instances serving as worker nodes

 • D) An S3 bucket used for storing container images

Which of the following is a key component of the Kubernetes control plane managed by
Amazon EKS?

• A) Elastic Load Balancer

• B) ETCD

• C) Amazon RDS

• D) AWS Lambda

What AWS service can be integrated with Amazon EKS to provide a serverless compute
environment for containers?

• A) Amazon EC2

• B) AWS Fargate

• C) Amazon S3

• D) AWS Lambda

Which Kubernetes feature is responsible for grouping containers that share networking and
storage resources in Amazon EKS?

• A) Node Group

• B) Pods

• C) Control Plane

• D) Load Balancer

What is the pricing structure for Amazon EKS?

• A) Based on the number of containers running

• B) Per EC2 instance in the cluster

• C) Based on the number of API requests

• D) $0.10 per hour per EKS cluster

Which Amazon EKS deployment option allows you to run Kubernetes clusters on your on-
premises infrastructure?

• A) EKS CloudFormation

• B) EKS Fargate

• C) AWS Outposts

• D) AWS Lambda
Overview of AWS ECR:

• AWS Elastic Container Registry (ECR) is a secure, scalable, and managed container image
registry service in AWS.

• It is similar to Docker Hub but is AWS-managed, allowing you to store, manage, and deploy
Docker container images.

• ECR supports both private and public container image repositories.

• It integrates with AWS services like ECS, EKS, Lambda, and the Docker CLI.

Key Components of ECR:

1. Registry:

o Each AWS account gets a registry automatically.

o You can create multiple image repositories within this registry.

o Requires an authorization token for client access, ensuring that the client must
authenticate as an AWS user before pushing or pulling images.

2. Repositories:

o Stores Docker images, Open Container Initiative (OCI) images, and OCI-compatible
artifacts.

o Images in the repository can be used by local development environments, ECS task
definitions, and EKS pod specifications.

3. Authorization Workflow:

o An EC2 instance or other service assumes an IAM role that grants access to issue a
GetAuthorizationToken.

o This token is used to authenticate and retrieve the image from ECR.

ECR Features:

1. Lifecycle Policies:

o Manage the lifecycle of images within a repository by defining rules that clean up
unused images.

o Only one action is available for lifecycle policies: Expire.

o Two options for expiration:

▪ Since image pushed: Time-based expiry after the image was pushed.

▪ Image count more than: Expire if the number of images exceeds a certain
count.

2. Image Scanning:
 o Identifies software vulnerabilities in container images.

o Can be set to automatically scan on push, or manually after the image is stored in
the repository.

3. Cross-Region and Cross-Account Replication:

o Allows replication of images across different regions and accounts.

o Enables sharing of images between AWS accounts.

4. Encryption:

o ECR provides default encryption for images at rest.

o Enhanced security is possible by using AWS Key Management Service (KMS) for
encrypting repository images.

What is AWS Elastic Container Registry (ECR)?

• A) A service for running containerized applications on AWS.

• B) A managed container image registry service in AWS.

• C) A service for managing Kubernetes clusters on AWS.

• D) A managed service for creating Docker containers in AWS.

Which AWS services can directly integrate with ECR for pulling container images?

• A) AWS S3, AWS Lambda, AWS RDS

• B) AWS CloudFront, AWS EC2, AWS SQS

• C) AWS ECS, AWS EKS, AWS Lambda

• D) AWS RDS, AWS DynamoDB, AWS SNS

Which of the following actions can be defined in ECR lifecycle policies?

• A) Expire

• B) Delete

• C) Archive

• D) Replicate

What type of repositories does ECR support?

• A) Public repositories only

• B) Private repositories only

• C) Both public and private repositories

 • D) Encrypted repositories only

What is required for a client to push and pull images from an ECR repository?

• A) API Gateway

• B) Authorization Token

• C) SSL Certificate

• D) Security Group

Which of the following encryption options is available for images stored in ECR?

• A) KMS encryption for repository images

• B) AES-256 encryption for all images

• C) No encryption options are available

• D) S3 default encryption for images

How can ECR be used to scan images for vulnerabilities?

• A) By configuring automatic scanning on push

• B) By enabling CloudTrail logs

• C) By integrating with AWS Shield

• D) By using Amazon Inspector

What does the ECR authorization workflow involve for an EC2 instance?

• A) Directly pulling images without authentication

• B) Assuming an IAM role, getting an authorization token, and pulling the image

• C) Using an API Gateway to pull images

• D) Authenticating with a username and password

What type of images can be stored in an ECR repository?

• A) Only Docker images

• B) Docker images, OCI images, and OCI-compatible artifacts

• C) Only Amazon Linux images

• D) Only third-party container images

Which of the following is true about cross-region replication in ECR?

• A) It is automatically enabled for all repositories.

• B) It allows replication of images across different regions and accounts.

• C) It only works within a single AWS account.

• D) It is only available for public repositories.