FluentsDevExam Prep
/Amazon ECS & Container Services
Concept Detail

Amazon ECS & Container Services

Difficulty: medium

Overview

Launch Types:

  • EC2: You manage EC2 instances. ECS Agent registers instances. More control.
  • Fargate: Serverless. No EC2 to manage. Define CPU/memory per task.

Core Concepts:

  • Task Definition: Blueprint (image, CPU/memory, IAM roles, env vars, log config). Versioned.
  • Service: Maintains desired task count. Handles failure replacement. Integrates with ALB.
  • Cluster: Logical grouping of services and tasks.

IAM Roles:

  • Task Role: App permissions to call AWS services (S3, DynamoDB).
  • Task Execution Role: ECS Agent permissions (pull from ECR, write to CloudWatch, fetch secrets).

Networking:

  • awsvpc (Fargate + EC2): Each task gets own ENI and private IP. SGs per task.
  • bridge (EC2 only): Docker bridge, port mapping.

ECR: Managed container registry. Auth: aws ecr get-login-password | docker login.

Fargate Spot: Up to 70% cheaper. Can be interrupted.

ECS Rolling Update: Configure minimum healthy % and maximum %. ECS drains old tasks while starting new.

Practice Linked Questions

medium

Q1. A developer runs a containerized application on ECS Fargate. They want to pass the database connection string securely to the container at runtime without embedding it in the Docker image. What is the recommended approach?

Select one answer before revealing.

easy

Q2. A developer needs to run a one-time data migration job in ECS. The job should start, run to completion, and stop. No long-running service is needed. Which ECS launch type and run mode is appropriate?

Select one answer before revealing.

medium

Q3. An ECS Fargate task is failing to pull its Docker image from ECR with "CannotPullContainerError: access denied." The task definition references the correct ECR image URI. What is the most likely cause?

Select one answer before revealing.

medium

Q4. An ECS service is running 10 tasks behind an Application Load Balancer. The developer wants new tasks to receive traffic only after passing a health check, and failed health checks to remove tasks from the ALB target group. Which ECS feature handles this?

Select one answer before revealing.