Amazon Elastic Container Service (Amazon ECS) is a highly scalable, fast, container management service that makes it easy to run, stop, and manage Docker containers on a cluster.  Clusters can be on serverless architecture which is managed by Amazon ECS when you use the Fargate Launch Type.  Alternatively, your clusters can be created using EC2 instances which require you to manage the clusters.  This is known as the EC2 Launch Type.

Using EC2, you can launch and stop container-based application with API calls and manage all the core underlying components.  You can schedule the placement of containers on your clusters based on resource needs, isolation policies and availability requirements.  Typical ECS use cases include:

  • You can create distributed applications dividing your application into independent tasks or processes also termed as microservices. You can have separate containers for your web server, application server, message queue, and backend workers. Each component of your application can be made from different container image.
  • Containers can be used for batch and ETL jobs by packaging the job into a container and deploying it into a shared cluster. Different versions of the same job or multiple jobs can be run on the same cluster or even the same instance since containers are isolated.
  • Containers can be used for continuous integration and deployment. Docker enables you to setup image versioning and so you can set up your build process to pull your code from a repository, build it, package it into a Docker image, and push the newly created image into an image repository.

Amazon ECS Launch Types

There are two different launch types on offer:

  • Fargate launch type allows you to run your containerized applications without the need to provision and manage the backend infrastructure. Once you define your tasks definition, Fargate will launch the container and its underlying architecture and manage it for you.
  • The EC2 launch type allows you to run your containerized applications on a cluster of Amazon EC2 instances. You have full control to manage the EC2 Instances and the cluster.
    • The Fargate launch type only supports using container images hosted on Amazon ECR or publicly on Docker Hub
    • If you have a private repository, you can only use the EC2 Launch Type

ECS Features

Amazon ECS enables you to create Amazon ECS clusters within a new or existing VPC which can then be used to run application containers across multiple Availability Zones within a region.  Once configured, you need to configure Task definitions and services that specify which Docker container images to run across your clusters. Container images are stored in and pulled from container registries, and these can either exist within or outside of your AWS infrastructure.

In order to use ECS, your application must be designed to run in Containers.  Docker containers are standardized units that contain the software code, runtime, system tools and libraries and anything else needed by the application to run.

Key Points to Note:

  • Containers are created from a read-only template called a Docker Image. This will contain an image that will have a base image plus customizations.
  • Images are typically built from a Dockerfile. This is a text file that specifies all of the components that are included in the container
  • Images are stored in a registry from which they can be downloaded and run on your cluster. This can be Docker Hub or Amazon ECR, which is the managed EC2 Container Registry.  It offers support for private Docker repositories with resource-based permissions using IAM enabling specific users or EC2 instances to access the repositories and images.

Task Definitions

You have to create task definitions to run your container applications on ECS.  This is a JSON file that contains core information like the containers to use for your application and specify parameters such as:

  • Docker images to use with the containers in your task
  • CPU and memory to use with each container
  • Launch type to use
  • Docker networking mode to use for the containers in your task
  • Ports from the container to map to the host container instance
  • Data volumes that should be used with the containers in the task
  • IAM role that your tasks should use for permissions

The exact parameters you need to define will be different based on the launch type you use, i.e. Fargate vs. EC2. 

Tasks and Scheduling

Tasks allow you to instantiate a task definition on a cluster where you specify the number of tasks that will run on your cluster.  Task Scheduler is responsible for placing tasks within your cluster.  Options include:

  • Service Scheduler – ideally suited for long-running stateless services and applications. It ensures that the specified number of tasks are constantly running and reschedules tasks when a task fails. The service scheduler can ensure that are registered against an Elastic Load Balancing load balancer.
  • Manually Running Tasks – ideally suited for processes such as batch jobs that perform work and then stop. This is useful when you have a message queue system in place and tasks are run when work comes into the queue
  • Running Tasks on a cron-like Schedule – Use the Amazon ECS console to create a CloudWatch Events rule that runs one or more tasks in your cluster at specified times such as backup jobs etc.
  • Custom Schedulers – create your own schedulers that meet the needs of your business, or to leverage third-party schedulers. You can build custom schedulers and integrate third-party schedulers with Amazon ECS while leveraging Amazon ECS to fully manage and scale your clusters. Custom schedulers use the StartTask API operation to place tasks on specific container instances within your cluster
    • Important Note – Custom Schedulers are only compatible with tasks using the EC2 launch type. If you are using the Fargate launch type for your tasks, then the StartTask API will not work.
  • Task Placement – The Run Task and Create Service actions enable you to specify task placement constraints and task placement strategies to customize how Amazon ECS places your tasks


When you run tasks using Amazon ECS, you place them on a cluster, which is a logical grouping of resources. If you use the Fargate launch type with tasks within your cluster, Amazon ECS manages your cluster resources. If you use the EC2 launch type, then your clusters will be a group of container instances you manage. Amazon ECS downloads your container images from a registry that you specify and runs those images within your cluster

Container Agent

The container agent runs on each infrastructure resource within an Amazon ECS cluster. It sends information about the resource’s current running tasks and resource utilization to Amazon ECS, and starts and stops tasks whenever it receives a request from Amazon ECS.  The Amazon ECS container agent is included in the Amazon ECS-optimized AMI, but you can also install it on an EC2 instance that supports the Amazon ECS specification. The Amazon ECS container agent is only supported on EC2 instances.

  • Note: ECS Container agent will only work with Linux Instances and not Windows.



IAM Roles

  • EC2 Instance will require being configured with an IAM role to access ECS
  • ECS tasks also use IAM roles to access services and resources
  • When configuring IAM roles for your task, use the ‘Amazon EC2 Container Service Task Role’ service role and attach a policy with the required permissions. When you create a new task definition or a task definition revision you can then specify a role by selecting it from the ’Task Role’ drop-down or using the ‘taskRoleArn’ filed in the JSON format.

Security Groups

  • Security groups act as a firewall for associated container instances, controlling both inbound and outbound traffic at the container instance level and not at the container or task level.


ECS Exam Tips

  • Clusters are localized to a specific region; you cannot span a cluster across regions
  • Container instances can be part of a single cluster
  • IAM roles and policies enable you to restrict access to specific clusters
  • ECS agent can be used to connect EC2 instances to ECS clusters and work with Linux instances only
  • Security Groups work at instance level, not container level
  • Task Definition is used to run Docker containers in ECS
  • Task Definition are JSON files that describe the container for your application and contain information like CPU, RAM etc.
  • With ECS you can specify the desired number of instances of a task definition to run in ECS. This is like auto-scaling, but for ECS
  • ECS are logical grouping of container instances that you place tasks on


AWS Certification – 600 Practice Exam Questions – Get Prepared for your Exam Day!

Our AWS Exam Simulator with 600 practice exam questions comes with comprehensive explanations that will help you prepare for one of the most sought-after IT Certifications of the year.  Register Today and start preparing for your AWS Certification.