AWS Containerization: ECS, EKS, and ECR
Containerization is a lightweight alternative to a virtual machine that involves encapsulating an application in a container with its own operating system. It provides portable, lightweight, standardized, and easy to deploy. Along with containers, comes the monolith to the microservices – containers and microservices go hand in hand. AWS offers Elastic Container Service(ECS), Elastic Container Service for Kubernetes(EKS), and Elastic Container Registry(ECR) for containerization. ECR provides image registry that stores your docker container right there in the data center where you will run it. AWS ECS and AWS EKS provide management that the API interface you use to launch applications, track application state and connect applications to other resources.
AWS containerization supports the following use cases:
- Microservices: run applications as independent components with native integration to AWS services and enables continuous integration and continuous deployment.
- Batch processing: package batch processing and ETL jobs into containers to start jobs quickly and scale them dynamically in response to demand.
- Machine learning: use containers to quickly scale machine learning models for training and inference and run them close to your data sources on any platform.
- Application migration to the cloud: containerize legacy enterprise applications and move to the cloud without needing to make any code changes.
- Platform as a service: remove the infrastructure management with the standardized applications’ deployment and management on scalability.
- Hybrid applications: build cloudbusting for applications that run between on-premises and cloud environments when the demand for computing capacity spikes.
AWS ECS is a highly scalable, fast, container management service that makes it easy to run, stop, and manage Docker containers on a cluster. ECS offers cluster management, container orchestration, and deep AWS integration. It can access many AWS features such as IAM roles, security groups, load balancers, AWS CloudWatch Events, AWS CloudFormation templates, and AWS CloudTrail logs. You can also use powerful open source deployment management tooling like coldbrew, deplojo, convox, etc. ECS provides scheduling, placement, task management/health checks, and management control plane updates.
AWS ECS has two launch types AWS EC2 launch type and AWS Fargate launch type. The AWS Fargate launch type is more expensive but provides an easier way to build and operate containerized applications. The difference between the two launch types:
- AWS EC2 launch type: it is a traditional way to launch containers on EC2. You will have greater control of EC2 instances to support compliance and governance requirements or broader customization options.
- AWS Fargate launch type: it is sort of serverless on the container. There is no cluster or infrastructure to manage or scale. Everything is handled at the container level and scale seamlessly on demand.
Two different charge models for AWS ECS:
- Fargate Launch Type Model: pay for the amount of vCPU (e.g. $0.04048 per vCPU per hour in US East region) and memory resources (e.g. $0.004445 per GB per hour in US East region). A minimum charge of 1 minute applies.
- EC2 Launch Type Model: pay for AWS resources (e.g. EC2 instances or EBS volumes)
AWS EKS runs the Kubernetes management infrastructure for you across three AWS availability zones to eliminate a single point of failure. It provides the platform for the enterprises to run production-grade and Kubernetes-grade installations. Applications running on any standard Kubernetes environment are fully compatible and can be easily migrated to AWS EKS.
AWS uses the shared responsibility model on AWS EKS:
- AWS handles the control plane: Automatically detects and replaces unhealthy control plane instances. Provides automated version upgrades and patching for them. Ensure high availability by running Kubernetes control plane instances across multiple Availability Zones. EKS is also integrated with many AWS services to provide scalability and security for your applications. These services include Elastic Load Balancing for load distribution, IAM for authentication, AWS VPC for isolation, AWS PrivateLink for private network access, and AWS CloudTrail for logging.
- You handle the worker nodes: Any AWS EC2 instance type can be used as a worker node. You can use reserved or spot instances for worker nodes in the same way as the other EC2 instances. The work nodes run in the customer controlled VPC. The recommended AWS CloudFormation templates for EKS already come with an autoscaling group that launches the on-demand worker instances.
Two costs apply to AWS EKS:
- AWS EKS Cluster: $0.20 per hour for each AWS EKS cluster
- Worker Node Group: AWS resources (e.g. EC2 instances or EBS volumes) for Kubernetes worker nodes
To optimize the cost, you can run Kubernetes Workloads on Amazon EC2 Spot Instances with Amazon EKS.
AWS ECR is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images. This Docker container registry integrated with ECS and the Docker CLI to provide secure, highly available and simplified workflow. AWS ECR uses Amazon S3 to store images that eliminates the need to operate and scale the infrastructure required to power your container registry. Since AWS ECR currently only supports private images, you may not use ECR if you only use the public images.
Two costs apply to AWS ECR:
- Data store in the repositories: $0.10 per GB-month (* Free Tier of 500MB-month of storage)
- Data transferred to the Internet: depends on the region and the size of the data
If you just want the applications up and running, AWS ECS will provide you simple and mature orchestration solution that’s deeply integrated into AWS infrastructure. The learning curve in AWS ECS is much lower than AWS EKS. But Kubernetes is widely adopted by the industry. Kubernetes offers many more choices regarding add-ons in its ecosystem. The open source with the big community is iterating pretty quick and the problems are addressed quickly. So AWS EKS does offer cloud provider flexibility. The overhead of learning Kubernetes is worth for the long term.