How to Run Containers in AWS
Guille Ojeda
Posted on July 4, 2023
What are containerized applications?
Containerization is a revolutionary approach to software development and deployment. It encapsulates applications in a container with their entire runtime environment - all the files necessary for them to run. This technological advancement guarantees that the software will always run the same, regardless of its environment.
Containerized applications are neatly packed with all the elements they need to run correctly. These elements include code, runtime, system tools, libraries, and settings. Essentially, containerized applications are separated from their environments, which prevents the infamous "it worked on my machine" problem.
The key benefit of containerized applications is consistency. The encapsulated nature of containers means that they run the same way across all environments, be it a local setup, a testing environment, or a production server. Furthermore, containers are lightweight and can be created, started, and replicated quickly. They also isolate applications and their dependencies from each other, providing a clean, controlled environment for each application to run.
Containers have had a considerable influence on software development, making applications more portable and managing dependencies more straightforward. They simplify the process of building, shipping, and running applications, and help to ensure that the software runs as expected in different environments.
Why use containers instead of EC2?
While Amazon Elastic Compute Cloud (EC2) instances provide virtual servers in the cloud, containers offer a level of flexibility and efficiency that traditional virtual machines can't match. Here's why developers might lean towards containers over EC2 instances:
Consistency Across Environments: Containers package an application with everything it needs to run, ensuring consistency across all environments. It means the software runs the same, regardless of the deployment environment.
Efficient Resource Utilization: Containers are far more lightweight than virtual machines as they share the host system's kernel and don't require a full operating system per application. This results in less overhead, more efficient resource usage, and faster start-up times.
Greater Density: Containers are lightweight and require fewer resources, so you can run many more containers than VMs on a single host. This provides a higher level of efficiency and cost-effectiveness.
Isolation: Containers ensure that applications and their dependencies are isolated from each other and from the host system. This isolation prevents potential conflicts between application dependencies and increases security.
Portability: Containers are highly portable. They can be built once and run anywhere, making them an ideal choice for creating scalable, distributed applications and microservices.
Master AWS with Real Solutions and Best Practices. Subscribe to the free newsletter Simple AWS. 3000 engineers and tech experts already have.
AWS Containers services
When it comes to managing containers in the cloud, AWS provides several robust, feature-rich services. These services cater to different needs and use cases, offering flexibility in how you deploy and manage your containerized applications.
Amazon Elastic Container Service (ECS): ECS is a high-performance, highly scalable service for running Docker containers. With ECS, you can easily run applications on a managed cluster of Amazon EC2 instances. It supports Docker and allows you to run and manage Docker containers across a cluster of EC2 instances.
Amazon Elastic Kubernetes Service (EKS): EKS is a managed service for running Kubernetes on AWS. It makes it easy to deploy, manage, and scale containerized applications using Kubernetes. EKS also manages the Kubernetes control plane for you, providing high availability, automatic updates, and security.
AWS Fargate: Fargate is a serverless compute engine for containers that removes the need to manage the underlying infrastructure. It works with both ECS and EKS and lets you focus on building and running applications rather than managing infrastructure.
AWS App2Container: AWS App2Container (A2C) is a CLI tool to transform .NET and Java applications into containerized applications.
Amazon Elastic Container Registry (ECR)
Amazon Elastic Container Registry (ECR) is a fully-managed Docker container registry provided by AWS. It allows you to store, manage, and deploy Docker container images. ECR is integrated with Amazon ECS and Amazon EKS, allowing you to simplify your development and production workflows.
ECR is reliable and highly scalable. It uses the power of AWS to automatically scale to meet your needs. Plus, it integrates with AWS Identity and Access Management (IAM), providing resource-level control of each repository.
Use Cases
Here are some of the typical use cases of Amazon ECR:
Distributed application development: Amazon ECR enables you to version your application's code and dependencies, making it easier to collaborate across development teams. Your application can be built and tested as a set of small, independent services that can be developed and deployed quickly.
Microservices architecture: Amazon ECR is a great tool for implementing microservices architecture, a design approach where a single application is composed of many loosely coupled and independently deployable smaller services. ECR can store and manage images for each service, helping you to manage, scale, and deploy your microservices more effectively.
Continuous integration and continuous delivery (CI/CD): ECR can be integrated with AWS CodeBuild and AWS CodePipeline, enabling you to streamline your CI/CD workflow. Developers can easily push images to Amazon ECR, which can then be deployed to Amazon ECS or EKS as part of an automated pipeline.
How to Use ECR
Using Amazon ECR involves the following steps:
Create a repository: In the AWS Management Console, go to the Amazon ECR page, and create a new repository. Provide a unique name for the repository and configure any necessary permissions.
Push an image: Before pushing an image, authenticate your Docker client to the Amazon ECR registry that you just created. Afterward, you can build a Docker image on your local machine and push it to the ECR repository.
Pull an image: Now you can pull the Docker image from the ECR repository to any location where it's needed, for example, an ECS or EKS cluster.
Delete an image: If an image is not required anymore, you can delete it from the ECR repository to save storage space.
Using Amazon ECR, you can store and manage your Docker images reliably and securely, which can be seamlessly deployed to Amazon's ECS or EKS services.
Amazon Elastic Container Service (ECS)
Amazon Elastic Container Service (ECS) is a fully managed container orchestration service provided by AWS. It allows you to easily run, scale, and secure Docker container applications across a cluster of servers. ECS is deeply integrated with other AWS services, providing a complete solution for running a wide range of containerized applications or services.
Advantages of ECS
Deep Integration with AWS: ECS is natively integrated with many AWS services such as Elastic Load Balancer (ELB) for load distribution, ECR for Docker images, CloudWatch for logs, and IAM for role management. This seamless integration makes it easy to create a complete solution using familiar AWS services.
Scalability: ECS allows you to easily scale your applications up or down with simple service calls, and you can ensure high availability by running applications across multiple availability zones.
Security: With ECS, you can take advantage of IAM roles and policies for your applications. You can define granular access permissions for each service or container.
No Additional Cost: ECS comes at no extra cost. You only pay for the AWS resources (e.g., EC2 instances or EBS volumes) you create to store and run your applications.
Simplicity: ECS is simpler to use than other container orchestration services such as Kubernetes, which can be complex to set up, manage, and maintain.
Disadvantages of ECS
Limited Features: Compared to Kubernetes, ECS has a smaller feature set. Kubernetes offers a more mature and flexible platform with advanced networking, scaling, and load balancing features.
AWS Specific: ECS is an AWS-specific service, meaning it doesn't offer the same portability as Kubernetes, which can run on virtually any public or private cloud.
Service Discovery: ECS has limited service discovery capabilities compared to Kubernetes, which can make it challenging to coordinate containers that depend on each other.
How to Use ECS
To get started with Amazon ECS, you typically follow these steps:
Create a Docker image: Your application needs to be containerized as a Docker image. This image contains the application code and all its dependencies.
Store the Docker image: Once the Docker image is built, it needs to be stored in a Docker registry. AWS offers ECR for this purpose, but you can use any Docker-compliant registry.
Create a Task Definition: This JSON file describes the Docker container(s) that form your application. It specifies things like what Docker images to use, how much CPU and memory to allocate, what ports to open, and much more.
Create a Service: The service maintains a specified number of instances of your task definition simultaneously. If any of your tasks should fail or stop, the service scheduler launches another instance of your task definition to replace it and maintain the desired count of tasks.
Create a Cluster: A cluster is a logical grouping of tasks or services. When you first use Amazon ECS, a default cluster is created for you, but you can create multiple clusters in an account to keep your resources separate.
Run Your Application: Once your service is created, you can run your application. You can monitor the run state of your application through the Amazon ECS console, the AWS CLI, or the Amazon ECS API.
ECS is a powerful orchestration service for Docker containers. While it has its trade-offs, it can be a great tool for teams already working in AWS environments, looking for simplicity, and needing to get a containerized application up and running quickly.
Amazon Elastic Kubernetes Service (EKS)
Amazon Elastic Kubernetes Service (EKS) is a managed service that allows you to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane. It provides the flexibility of Kubernetes with the security, scalability, and availability of AWS.
Advantages of EKS
Managed Kubernetes: With EKS, you don’t need to worry about operating your own Kubernetes control plane. This takes a significant load off of your operations team, allowing them to focus on building applications.
Compatibility: EKS runs upstream Kubernetes, so you can use all the existing plugins and tooling from the Kubernetes community. Applications running on any standard Kubernetes environment are fully compatible and can be easily migrated to EKS.
Highly Available and Scalable: EKS automatically manages the availability and scalability of the Kubernetes API servers and etcd persistence layer for each cluster, making it a reliable choice for production workloads.
Integration with AWS Services: EKS is natively integrated with AWS services such as AWS CloudTrail, Amazon RDS, and Amazon S3, providing a seamless experience for application deployment.
Security: EKS integrates with AWS IAM for authentication and Kubernetes RBAC (Role-Based Access Control) for authorization, providing robust security for your applications.
Disadvantages of EKS
Cost: Unlike ECS, EKS comes with an additional cost for the managed service on top of the EC2 instance costs.
Complexity: Kubernetes has a steep learning curve and managing a Kubernetes environment can be complex. While EKS alleviates some of this complexity by managing the control plane, teams still need to manage their own worker nodes.
Limited Customization: As a managed service, EKS may not allow for the same level of customization that a self-managed Kubernetes environment would.
How to Use EKS
To get started with Amazon EKS, you typically follow these steps:
Create an EKS Cluster: In the AWS Management Console, go to the Amazon EKS page, and create a new cluster. Provide details such as cluster name, Kubernetes version, role, and VPC details.
Launch and Configure EKS Worker Nodes: You have to create and configure the worker nodes for your cluster. These worker nodes register with the Kubernetes endpoint and become part of the EKS cluster.
Create a kubeconfig File: This file is used to tell Kubernetes where it can communicate with your cluster. Once created, it allows you to use 'kubectl', the Kubernetes command-line tool, to interact with your cluster.
Deploy Your Application: With your cluster set up, you can now deploy your application. You will define your application in a Kubernetes Deployment manifest, a YAML file that describes the desired state for your application. Once the Deployment is created, Kubernetes begins the work of launching your application containers.
Monitor and Scale Your Application: You can use Amazon CloudWatch and Auto Scaling groups to monitor the performance of your application and adjust the number of containers in your deployment, or the size of your worker node group, to meet the needs of your application.
Amazon EKS provides a powerful, scalable platform for running containerized applications. While it requires more expertise than ECS, it provides the extensive feature set and customizability of Kubernetes, making it an excellent choice for complex, large-scale applications.
AWS App2Container
AWS App2Container (A2C) is a command-line tool for modernizing .NET and Java applications into containerized applications. A2C analyzes and builds an inventory of all applications running in virtual machines, on-premises or in the cloud. You simply select the application you want to containerize, and A2C packages the application artifact and identified dependencies into container images, configures the network ports, and generates the ECS task and Kubernetes pod definitions.
Advantages of App2Container
Simplicity: A2C simplifies the process of containerizing existing applications. It automates the identification of application dependencies, the creation of Dockerfiles, and the generation of Kubernetes manifests or ECS task definitions.
Integrated with AWS Ecosystem: A2C integrates well with other AWS services. It creates images that are ready to be stored in the Amazon Elastic Container Registry (ECR), and produces application configurations for ECS or EKS.
Application Inventory: A2C provides an inventory of all your applications, giving you a clear overview of your landscape. This can be useful for tracking and management purposes.
Disadvantages of App2Container
Limited Application Support: Currently, A2C only supports Java and .NET applications. If your application is written in another language, you can't use A2C.
Initial Setup: Some users have found the initial setup and configuration of A2C to be somewhat complex. However, once set up, the process of containerizing applications is typically straightforward.
Less Control: Because A2C automates much of the containerization process, you have less control over the specifics of that process. This might not be ideal for complex applications with specific needs.
How to Use App2Container
To containerize an application with AWS App2Container, you typically follow these steps:
Install A2C: First, download and install the A2C CLI tool on the server where your application is running.
Inventory Applications: Run the
a2c inventory
command. This analyzes the applications on your server and creates an inventory of all discovered applications.Analyze Application: Choose an application from the inventory and run the
a2c analyze
command with the application ID. This will identify application dependencies, ports, processes, and generate a report.Containerize Application: Run the
a2c containerize
command with the application ID. This will generate Docker images for your application, including all its dependencies.Deploy: Once your images are ready, you can deploy your newly containerized application to ECS or EKS. The
a2c generate app-deployment
command generates a CloudFormation template to simplify the deployment.
A2C is a powerful tool for quickly containerizing existing applications, allowing you to benefit from the portability and standardization offered by containers.
How to choose the right AWS containers service
Choosing the right AWS container service requires you to consider the specific needs of your application and your team's expertise. Here are some factors to consider:
Managed vs. Unmanaged: If you prefer to focus more on developing your application and less on managing the infrastructure, then ECS or EKS running on Fargate might be the right choice for you.
Orchestration: If your team has experience with Kubernetes, then EKS could be a fitting choice. If not, ECS could be the right choice as it is more straightforward and more integrated with other AWS services.
Pricing: Pricing is also a crucial factor to consider. Both ECS and EKS are free to use - you only pay for the AWS resources you create to run and store your applications.
Integration: If you need seamless integration with other AWS services, ECS might be a better choice, while EKS could be more suitable if you're planning on running your application across multiple clouds or in a hybrid environment.
By understanding your requirements and the strengths and limitations of each service, you can choose the right container service that suits your application's needs.
Master AWS with Real Solutions and Best Practices.
Join over 3000 devs, tech leads, and experts learning real AWS solutions with the Simple AWS newsletter.
Analyze real-world scenarios
Learn the why behind every solution
Get best practices to scale and secure them
Simple AWS is free. Start mastering AWS!
If you'd like to know more about me, you can find me on LinkedIn or at www.guilleojeda.com
Posted on July 4, 2023
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.