Date: 20-05-2025

Topic: ECR, ECS and Fargate- Docker in AWS.

===================================================================================
===================================================================================
====
1.What is Docker?
Docker: Software Development platform to deploy apps.
Where in we can lift and shift the apps from any system to any other system.
The apps runs the same regardless of the machine, OS, language and any
compatibility issues.
The apps are packaged in various containers.
Use Case is microservice architecture.
Microservice Architecture means that the application has the various microservices
that are containerised separalty.

2.Docker on an OS.
docker agent in servers are used to run the various containers in the server.

3.Docker images
Docker Images are the blueprint of everything that can be used to run the
application in the container.
They are stored in the Docker repository. In AWS they are stored in the Docker Hub,
Docker ECR.
Docker Hub: Public Repository
Amazon ECR: Elastic Container Registry it is the private repository.

4.Docker Vs VM
VM Architecture: Infrastructure->Host OS->Hypervisor->VM
Docker Architecture: Infrastructure->VM/EC2->Docker Daemon->Docker, Container.
Docker Daemon: It is the core component of the Docker that helps in creation,
Management and execution of the containers.

5.How does the docker works

We have a docker file, which along with few other files build up to a docker image.
he docker image is pushed in the Docker Repository and when we require it, it is
pulled from it and than runs the code that we build in docker built. When the
docker build runs it becomes the docker container.
Docker built: it is the key feature of docker that allows the developer to create
the consistent images.

6.Amazon ECS: Elastic Container Services.

Amazon EKS: Elastic Kubernetes Services
AWS Fargate: Amazon's Serverless container platform.
Amazon ECR: Elastic Container Registry

##Elastic Container Services

ECS is an Orchestration means automatic coordination and management of multiple
containers.
ECS is an Elastic Container Services. Which is container orchestration services.
It lets docker container manage and run automatically.
Launch AWS app means = Launch ECS instance on ECS Cluster.
1.ECS Instance is an EC2. Each ECS instance has an ECS agent.
ECS agent is a small code that is used to register the ECS instance to the ECS
setup
And communicate with ECS control panel.
2.ECS Cluster is the group of ECS instance. This is where the ECS tasks are
scheduled and run. Think of it pool of resources.
And each instance consist of the container.
ECS control panel is managed by the AWS itself. It is used to bind the cluster and
the instance.

##ECS Fargate Launch Type

It is a launch type where everything is serverless.
We do not need ECS instances but we need ECS clusters.
We only need to create the task definitions.

###Amazon ECS IAM Roles

1.EC2 Instance Profile.
An IAM role attached to the EC2 instance which gives EC2 instance an permission so
that it can interact with other AWS services automatically.
The ECS instance is an EC2 instance which runs docker on it and has an ECS agent.
So to connect it with ECS service and the other services we need EC2 Instance
Profile.
The IAM roles are applied to the ECS agent in the EC2 Instance.
a. Pull the container from the Docker Repository.
b. Secret Manager
c. Send logs to the CloudWatch
d. Health Checkups.

2.ECS Task Role

Task role is an IAM role.
Each task role are assigned to the containers. Which allows the
container/application to interact with other AWS services.

#ECS load balancer

If we want to present our ECS container as a HTTP or HTTPS end point. Than we can
use ALB .NLB is used for high throughput and high performance. Classic Load
Balancer cannot be used for Fargate launch type.

#Amazon ECS-EFS Volumes

Mount EFS volume on the ECS container.
Works on both EC2 and Fargate.
EFS is also Serverless.
Tasks running in any AZ will share the same data.
S3 cannot be mounted as an File System.

Whenever we create an ECS account using the EC2 launch type the ASG is also created
Hands On
ECS->Create Cluster->Infrastructure(EC2 ,Fargate)-> other information than Cluster
is created.

Look at the ASG which is being created automatically.

If we keep the desired capacity of the number of instance in the ASG as 2 the
instance will start being created.

Than Capacity provider are used to assign the number of instances to be created
based on the demands. And if we need to scale up or down the number of EC2
instance SG will come into play.

Explanation:
Container images are stored in ECR. No container are created and left unused. Tasks
are defined that will be used when we require it to work Task definition is just
the Blueprint.
Adding the service means how many tasks to run ,How to connect them ,health checks.
Roles are IAM permission assigned to the instance or the Container.

ECS Capacity providers are used to provide the additional load balancing if we are
using EC2 launch type.
HandsOn2
Create a task definition in the ECS.
Launch Tacks definition as a service.

#Rolling update
From updating the version of the ECS service the downtime is zero.
Where from updating the version of the ECS the number of the tasks can be that can
be started or stopped.
it maintains two parameter. minimum Healthy percentage which defines the minimum
number of the ECS tacks to be healthy for the service to be working and maximum
healthy percentage are the number of the tasks that are maximum number of ECS tasks
that can be added to the System.

The old setup of the ECS service is replaed by the new ECS service without down
time Ex
4 ECS service in V1
Maximum Health can be 100 and minimum health can be 150%
So 2 more task can be created and a opair of old task can be removed and then once
again two more task can be created and two more left over old task can bwe removed
and than complete ECS system gets updated with 0 downtime.
===================================================================================
===================================================================================
====
Amazon ECS Task Definition
The ECS task definition is the JSON file which consist of multiple things but some
of the most important are the:
1.CPU utilization, CloudWatch, IAM role, port and protocols, Docker image,
Environment Variables and Networking information.

Scenario: When connecting the EC2 defined container to the ECS it requires the host
and the container port.

#Load Balancing EC2 Launch Type.

Dynamic Host port mapping -> means a new port is allotted to the host every time to
the host(EC2 Instance).
If the EC2 instance has the Dynamic Host port mapping enabled than the new port is
allotted to the host every time.
So for the Load balancer to find the correct port number for each request the ALB
is used as it has Dynamic host port mapping enabled
The security group of the EC2 must have all the ports open for the traffic coming
from the ALB.

#Load Balancing for the ECS Cluster launched in the Fargate.

Here we do not have the host and the port so each task/container has its own unique
Dynamic Ip which is generated by the ENI(Elastic network interface) and each ENI
port is going to get the same port.

#IAM Roles are assigned per task definition.

Task role are the IAM roles assigned to the container through the task definition.

#Enviorment Variables in the Task variables.

Environment Variables are the used to store the additional data for the
application.
It could be different modes in which the application work and different URLs and
the different configuration settings for the Task.
Passwords and other sensitive data shall be stored in the SSM Parameter store or in
the Secret manager. An when these files re needed by the application they are
fetched from the SSM parameter store or the Secret manager.
And for the bulk enviorment files S3 shall be used.

#Data Volumes
A Single Task Definition can have multiple containers involved.
This means that thee task definition is used to involve thee single or the multiple
tsks to perform as a single unit.
So the data needs to be shared between the containers defined in the Task
definition.
There are two types of the containers in the Task definition being Application
containers or the Side car definition.
So for the EC2 launched tasks the EC2 instance storage is only used for the Bind
Mounting.
And for the Fargate launched tasks the Ephermal storage is used.

hands on
While creating an container it is aked if the container is essential or not and if
the e=task is essential and we close the container than the task also closes.
===================================================================================
===================================================================================
====
ECS Task Placement.
Placing of the ECS container launched by the EC2 based on the CPU, memory and
constraints.
Which task to terminate while scaling the ECS.
This can be monitored by using ECS task placement strategy or the Task placement
constraints.

#Whenever an container is build it ECS uses the following process to select the
instance where it shall be placed:
1.Where dos the container fits well in accordance with the memory, CPU and the
Port.
2.Task placement constraints
3.Task placement Strategy.

#Task placement Strategy.

Bin pack: Place the tasks in such a way that minimum EC2 instances are created.
Random :When the Tasks are assigned randomly to the EC2 instances.
Spread: Spreading each introduced task in the instances so that all the instances
re used evenly.
These can be mixed together.

#ECS Task placement Constraints.

1.distinct Instance: Each task shall be places in the different instances.
2. member of: place the task in such a way that it satisfies the filter. The filter
can be any instance type or anything such.

===================================================================================
===================================================================================
====
ECR:
All the permission to the ECR is managed by the IAM.
===================================================================================
===================================================================================
====
Amazon Copilot.
it is the CLI tool for the build, release and operate the containerized Apps.
Instead on hosting the app and then building it on the AppRunner, ECS or the
Fargate we can directly run the app on the Copilot.
No need to setup the Infrastructure it is done by the AWS itself.
===================================================================================
===================================================================================
====
EKS; elastic Kubernetes Services
It is an open source service that is used to automatically deploy, scale and manage
the Docker container.
Alternate to ECS but the has very different API's
There are two types of the deployment type. EC2 or the Fargate.
It can be used on any cloud platform like GCP., Azure., AWS.

EKS Architecture
There are EKS pods that are running into EKA nodes

Types of the EKS nodes:

1.Managed Nodes group
Where nodes are created and managed for the user .
Part of the ASG .
Support on demand and Spot instances.
2.Self Managed Nodes
Theses are crated and managed by ourself
3. AWS Fargate
No nodes are created we can directly run the app on the container.

#Amazon EKS data volumes

We need to specify the storageClass manifest in the EKS cluster.
""In Amazon EKS, you define a StorageClass to tell Kubernetes how to create and
manage storage volumes (like EBS). It includes settings like the type of storage
(e.g., gp3), file system, and behavior.""

Leverages an Container Storage interface(CSI) compliant driver.

""CSI (Container Storage Interface) is a standard used to connect Kubernetes (like
in EKS) to storage systems, including AWS storage services.""

Supports for the

Amazon EBS
Amazon EFS
Amazon FSx