AWS Certified Developer Associate Hints - ECS, ECR, Fargate, CloudFormation, Beanstalk, SAM (Part V)

Amazon ECS

EC2 Launch Type:

  • Deploys Docker containers on AWS by launching ECS tasks on an ECS cluster.
  • Requires manual provisioning and maintenance of infrastructure.
  • Each EC2 instance must run the ECS Agent to register in the ECS Cluster.

Fargate:

  • Serverless container management; no need to provision EC2 instances.
  • Define task definitions, and AWS manages ECS tasks based on CPU/RAM requirements.

IAM Roles for ECS:

  • EC2 Instance Profile (EC2 launch type only).
  • ECS Task Role (valid for both EC2 and Fargate).

Data Volumes:

  • EFS storage can be mounted onto ECS tasks (for EC2 and Fargate launch types).
  • Tasks running across different Availability Zones can share data.
  • Fargate + EFS = Fully serverless storage.

ECS Service Auto Scaling

  • Uses Application Auto Scaling based on:
    • ECS service CPU and memory utilization.
    • ALB request count per target.
    • Target Tracking, Step Scaling, Scheduled Scaling.
  • EC2 Cluster Auto Scaling accommodates ECS scaling by adding/removing EC2 instances.

ECS Rolling Updates:

  • Minimum and maximum healthy percent for controlled deployments.

Amazon ECS - Task Definition:

Contains metadata in JSON format, including:

  • Image name, port bindings, memory/CPU requirements, environment variables.
  • Networking configuration, IAM role, logging settings.

ECS Load Balancing:

  • EC2 Launch Type:
    • ALB dynamically maps ports if only a container port is defined.
    • Security groups must allow ALB-to-instance connections.
  • Fargate Launch Type:
    • Each task gets a unique private IP.
    • Only the container port is required (host port is irrelevant).

ECS Task Placement Strategies (EC2 Only):

  • Binpack: Optimizes CPU/memory usage for cost savings.
  • Random: Tasks are placed randomly.
  • Spread: Distributes tasks across instances/AZs.

Amazon ECR (Elastic Container Registry)

  • Stores and manages Docker images.
  • Private and public repositories.
  • Fully integrated with ECS.
  • IAM-protected, supports vulnerability scanning, versioning, and lifecycle policies.

ECR Commands:

  • Login: aws ecr get-login-password --region region | docker login --username AWS --password-stdin aws_acc_id.dkr.ecr.region.amazonaws.com
  • Pull/Push: docker pull aws_acc_id.dkr.ecr.region.amazonaws.com/demo:latest

AWS CloudFormation

Benefits:

  • Infrastructure as Code (IaC).
  • Version-controlled in Git, automated deployments.
  • Reproducible and scalable infrastructure management.

CloudFormation Building Blocks:

  • Resources: AWS resources (mandatory).
  • Parameters: Dynamic inputs.
  • Mappings: Static variables.
  • Outputs: Shared references.
  • Conditionals: Conditional resource creation.
  • Metadata: Additional configuration information.

CloudFormation Functions:

  • Fn::Ref – Reference parameters and resources.
  • Fn::GetAtt – Retrieves resource attributes.
  • Fn::FindInMap – Retrieves a value from mappings.
  • Fn::ImportValue – Imports exported stack values.
  • Fn::Sub – String substitution.

CloudFormation Rollback:

  • Default rollback if stack creation fails.
  • Option to disable rollback for debugging.

AWS Elastic Beanstalk

Overview:

  • Simplifies application deployment on AWS.
  • Uses EC2, Auto Scaling Groups (ASG), ELB, RDS.
  • Managed service with full control over configuration.
  • Free service, but underlying AWS resources are billed.

Beanstalk Deployment Modes:

  • Single instance.
  • High availability with Load Balancer.

Beanstalk Deployment Strategies:

  • All-at-once: Fast but causes brief downtime.
  • Rolling: Updates a few instances at a time.
  • Rolling with additional batches: Spins up new instances before replacing old ones.
  • Immutable: Deploys new instances in a separate ASG, then swaps traffic.
  • Blue/Green: Creates a parallel environment and switches traffic when ready.
  • Traffic Splitting: Canary release with gradual traffic shifts.

Elastic Beanstalk CLI Deployment Process:

  1. Define dependencies.
  2. Package and upload application.
  3. Deploy using CLI.
  4. Beanstalk distributes to EC2 instances and starts services.

Beanstalk Lifecycle Policy:

  • Stores up to 1000 application versions.
  • Old versions must be removed to prevent deployment limits.
  • Lifecycle policies clean up outdated versions automatically.

AWS SAM (Serverless Application Model)

Overview:

  • Framework for serverless application development.
  • Simplifies CloudFormation templates for Lambda, API Gateway, and DynamoDB.
  • Uses YAML format for configurations.
  • Supports automated deployments with CodeDeploy.

SAM Features:

  • Policy Templates for Lambda permissions.
  • SAM Local for local testing.
  • Serverless Application Repository for reusable templates.

SAM Deployment Workflow:

  1. Define resources: AWS::Serverless::Function, AWS::Serverless::Api, AWS::Serverless::SimpleTable.
  2. Package and deploy: 
    aws cloudformation package / sam package
aws cloudformation deploy / sam deploy

SAM Policy Templates:

  • Predefined permissions for Lambda functions.
  • Examples: S3ReadPolicy, SQSPollerPolicy, DynamoDBCrudPolicy.

SAM CodeDeploy Features:

  • Traffic Shifting between Lambda versions.
  • Pre/Post traffic hooks to validate deployments.
  • Automatic rollback using CloudWatch Alarms.

Conclusion

This post covers ECS, ECR, Fargate, CloudFormation, Beanstalk, and SAM, essential AWS services for container orchestration, infrastructure automation, and serverless application development. Understanding these topics is crucial for AWS Certified Developer Associate exam success.