Published on

Amazon ECS Cheat Sheet - Complete Container Orchestration Guide 2025

Authors

Amazon ECS (Elastic Container Service) is a fully managed container orchestration service that allows you to run Docker containers on AWS.

Core Concepts

  • You run ECS tasks on EC2 instances that you manage
  • Each instance must run the ECS agent to register with the ECS cluster
  • You are responsible for provisioning and maintaining the EC2 servers
  • Containers (ECS Tasks) are automatically placed on EC2s

Key Features

  • Serverless Experience: Eliminates the need to manage underlying servers when using AWS Fargate, enabling a serverless container experience
  • Seamless Deployment: Supports seamless deployment of container-based applications, either through scheduling or API calls
  • Automatic Management: Handles the management and monitoring of container clusters automatically
  • Regional Service: Amazon ECS is region-specific; clusters can only scale within a single AWS region
  • Dynamic Scaling: ECS clusters are dynamically scalable, allowing resources to be automatically added or removed based on workload
  • VPC Integration: ECS clusters can be launched within a new or existing Amazon VPC
  • High Availability: ECS provides a high availability guarantee with the AWS Compute SLA, which offers a Monthly Uptime Percentage of at least 99.99%
  • ECS Exec: Amazon ECS Exec allows users to execute commands inside a running container on either EC2 instances or Fargate. It supports both interactive shell sessions and single-command execution

After a cluster is created, users can define task definitions and services to specify which Docker container images should run across the cluster.

ECS Components

ComponentDescriptionUse Case
ClusterLogical group of EC2 instances or Fargate to run containersHost containerized microservices across environments (dev, staging, prod)
Task DefinitionBlueprint that defines your container setup (image, CPU, memory, ports, etc.)Define reusable container app specs for repeatable deployments
TaskA running container based on the Task DefinitionRun one-time jobs like data processing or scheduled cron tasks
ServiceKeeps a fixed number of tasks running, integrates with load balancersRun web apps with auto-scaling and high availability
ContainerThe Docker image runtime inside each taskDeploy any containerized application: API server, database, worker
ECS AgentRuns on EC2 to let ECS communicate with the instanceUsed in EC2 launch type to manage container lifecycle
Launch TypeEither EC2 (you manage infra) or Fargate (serverless)Choose EC2 for control or Fargate to reduce ops overhead

AWS Fargate

AWS Fargate is a serverless technology for running containers with Amazon ECS, removing the need to manage servers or EC2 clusters.

Key Benefits

  • No Infrastructure Management: You do not need to provision, configure, or scale virtual machines, nor decide on instance types, cluster scaling or packing strategies - AWS handles all of it for you
  • Simple Deployment: With the Fargate launch type, you package your application in containers, specify CPU and memory, define IAM roles and networking settings, and deploy the application directly
  • Complete Isolation: Each Fargate task runs in complete isolation with its own dedicated kernel, CPU, memory, and elastic network interface

Configuration

To use Fargate, set the requiresCompatibilities parameter in the task definition to FARGATE.

Supported Platform Versions

  • Amazon Linux 2 (platform version 1.3.0)
  • Bottlerocket OS (platform version 1.4.0)
  • Microsoft Windows Server 2019 (Full and Core editions)

Unless otherwise noted, documentation and behavior apply across all Fargate platforms.

ECS with Fargate includes additional considerations when defining tasks and services, especially with networking, security, and resource allocation.

Launch Type Comparison

Task Definitions for Fargate Launch Type

  • No Infrastructure Management: No need to manage EC2 instances. It's serverless
  • Simple Definition: You define a task definition, AWS runs it for you
  • Easy Scaling: Scaling is easy, it's just increasing the number of tasks
  • Simplified Management: Perfect for simpler management and exam questions
  • Auto Scaling Ready: Easier to use with auto scaling

Task Definitions for EC2 Launch Type

  • Manual Scaling: Scaling ECS Service doesn't scale the EC2 backend
  • Instance Management: You must also scale the EC2 instances

Two Ways to Scale EC2 Backend:

Auto Scaling Group (ASG)
  • Attach EC2 instances to an ASG
  • Scale based on CloudWatch metrics (like CPU)
ECS Cluster Capacity Provider (Recommended)
  • Automatically scales ASG when ECS tasks lack resources (CPU/RAM)
  • More integrated and intelligent

Amazon ECS Monitoring

Amazon ECS integrates with Amazon CloudWatch to provide comprehensive monitoring for your clusters, services, and tasks.

CloudWatch Integration

  • Automatic Metrics: ECS automatically sends metrics to CloudWatch, such as CPU and memory utilization, task and service counts, and deployment status
  • Container Insights: CloudWatch Container Insights offers detailed performance data, including per-container CPU, memory, disk, and network usage
  • Alarms: You can set CloudWatch Alarms based on ECS metrics to trigger notifications or automated scaling actions
  • Event Notifications: ECS events can notify you of task state changes, service deployments, failures, and other lifecycle events

Logging Options

  • CloudWatch Logs: Logs from containers can be sent to CloudWatch Logs
  • FireLens: Managed through FireLens for centralized log management
  • Host-Level Metrics: For EC2 launch type, additional host-level metrics can be collected using the CloudWatch Agent

Amazon ECS Tagging

Tags are key-value pairs you can assign to ECS resources such as tasks, services, task definitions and clusters.

Benefits

  • Organization: Helps organize and identify resources by attributes like environment, owner, or purpose
  • Management: You can add tags via Console, CLI, SDKs, or let ECS auto-tag during creation
  • Cost Tracking: Tags help filter/search resources and track cost in usage reports
  • Access Control: IAM controls tag access

Important Notes

  • Some tags are auto-added and can't be changed
  • Security Warning: Do not store sensitive data in tags, as some APIs expose tag information even if DescribeTags is denied

Amazon ECS Pricing

Launch TypeBilling ModelHighlights
Fargate (on-demand)Billed per vCPU‑second and GB‑second, 1 min minimum (5 min for Windows)US East: Linux/x86 ~0.04048/vCPUhr,0.04048/vCPU‑hr, 0.004445/GB‑hr; Linux/ARM ~0.03238/0.03238/0.00356; Windows/x86 ~0.09148+0.09148 + 0.01005 GB‑hr
Fargate SpotSame billing dimensions with up to ~70% discountvCPU ~0.01246/hr,RAM 0.01246/hr, RAM ~0.00137/GB‑hr
EC2 Launch TypeBilled for EC2 instances, EBS, networking; leverage On-Demand, Spot, Reserved, Savings PlansNo extra ECS fee; costs depend on instance type, usage, and discount options
ECS on OutpostsSame as EC2; you pay for Outposts capacity; control plane is freeNo ECS-specific fee
ECS Anywhere$0.01025 per hour per on-premises instance registered (minimum 1 min)Free tier available: 2200 instance‑hours/month for first 6 months

Best Practices

When to Choose Fargate vs EC2

Choose Fargate When:

  • You want serverless container management
  • You prefer operational simplicity
  • You have variable or unpredictable workloads
  • You want to focus on application development rather than infrastructure

Choose EC2 When:

  • You need more control over the underlying infrastructure
  • You have consistent, predictable workloads
  • You want to optimize costs with Reserved Instances or Spot Instances
  • You need specific instance types or custom AMIs

Scaling Strategies

Fargate Scaling

  • Simple task-based scaling
  • Built-in auto-scaling capabilities
  • No infrastructure considerations

EC2 Scaling

  • Requires both service and infrastructure scaling
  • Use ECS Cluster Capacity Provider for intelligent scaling
  • Consider CloudWatch metrics for scaling decisions

Security Considerations

  • Task Isolation: Each Fargate task runs in complete isolation
  • IAM Roles: Define appropriate IAM roles for task execution and task roles
  • VPC Configuration: Properly configure VPC, subnets, and security groups
  • Secrets Management: Use AWS Secrets Manager or Systems Manager Parameter Store
  • Network Security: Implement proper security group rules and NACLs

References

Discuss on TwitterView on GitHub