AWS Container Overview

Overview

This lecture explains how to run containers on AWS, covering container technology, its benefits, AWS orchestration services, and key considerations for successful container workloads in the cloud.

Introduction to Containers and AWS

Containers package applications and dependencies into isolated units for consistent deployment.
AWS offers scalable infrastructure and services for running containers at scale.
Containers solve compatibility issues by using OS-level virtualization instead of hardware virtualization like VMs.

Benefits of Containers

Enable rapid development and deployment due to lightweight, modular design.
Offer predictable results across environments by encapsulating dependencies.
Allow high resource efficiency and density by running many containers per host.
Provide portability across OS and platforms through the Open Container Initiative (OCI) standards.

AWS Container Services

AWS App Runner: Fully managed, simple deployment for containerized web apps and APIs.
Amazon ECS: Managed container orchestration supporting EC2 and Fargate launch types.
Amazon EKS: Managed Kubernetes service offering seamless Kubernetes workload migration and management.
AWS Fargate: Serverless compute for containers with automatic scaling and isolation.
Other options: AWS Batch (batch jobs), Elastic Beanstalk (web apps), Lambda (functions as container images), Lightsail, and ROSA (OpenShift on AWS).

Key Considerations for Containers on AWS

Container Runtime: Software (e.g., containerd, runc) to run and manage containers.
Container-enabled AMIs: Optimized OS images (Amazon Linux, Bottlerocket) for container workloads.
Compute Options: Broad instance types, including Graviton ARM-based for performance and efficiency.
Specialized Workloads: Support for GPUs, batch processing, and ML workloads with integrations like AWS Batch and DoEKS.
Scheduling: Automatic placement and scaling of containers/pods (ECS and Kubernetes schedulers).
Container Repositories: Amazon ECR stores and manages OCI-compliant images with features like scanning and replication.
Observability: Use CloudWatch, X-Ray, Prometheus, Grafana, and OpenTelemetry for logs, metrics, and tracing.
Storage: Options include bind mounts, Docker volumes, Amazon EFS, FSx, and Kubernetes persistent volumes.
Networking: Leverage VPC, security groups, CNI plugins, service discovery (Cloud Map, CoreDNS), and service mesh (App Mesh, VPC Lattice).
Security: IAM roles, audit logs, Secrets Manager, encrypted storage, network policies, image scanning, and minimal OS images for best practice.
Build & Deploy Automation: AWS Code Services, App2Container, GitOps with EKS, and integration with third-party CI/CD tools.
Infrastructure as Code: Tools include CloudFormation, Copilot CLI, eksctl, AWS CDK, and EKS Blueprints for automated, reusable environments.
Scaling: ECS and EKS support auto-scaling for clusters, nodes, and pods using policies like target tracking and horizontal/vertical pod autoscaling.

Key Terms & Definitions

Container — An isolated unit containing an application and its dependencies for consistent execution.
Container Runtime — Software that runs, manages, and isolates containers on a host.
AWS Fargate — Serverless compute engine for containers on AWS.
Amazon ECR — Managed container image registry for storing and distributing container images.
IAM (Identity and Access Management) — Service controlling user and container app access to AWS resources.
App Mesh — AWS service mesh for controlling and monitoring service-to-service traffic.

Action Items / Next Steps

Review relevant AWS documentation and best practice guides on ECS, EKS, App Runner, Dockerfiles, and security.
Explore AWS tools for automation: CloudFormation, Copilot CLI, AWS CDK, and GitOps.
Consider lab exercises to deploy containers using one or more AWS container services.