Container services

Natasha Ong
This is some text inside of a div block.
4 min read

In a nutshell:

EC2 offers flexibility, reliability, and scalability - but it might not be the best choice for use cases that prioritise speed.
Containers, such as Docker containers, provide efficiency and portability by packaging everything an application needs into one container. Containers are more lightweight and fast than EC2 instances.
It's a mission to manage hundreds or thousands of containers, so AWS has orchestration tools like Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS) to help with this.
Amazon Elastic Container Registry (ECR) is a container registry for storing templates for containers.

As a quick recap, Amazon EC2 lets you run virtual servers in the cloud. If you have applications that you want to run in Amazon EC2, you must do the following:

  • Create instances (virtual servers).
  • Upload your code.
  • Continue to manage the instances while your application is running.

EC2 is great for all sorts of different use cases, from running basic web servers, to running intense calculations. But, it's not the only option out there.

Imagine EC2 instances as fully built computers that are complete with their own operating systems. They're versatile, but they can only run one operating system at a time.

You'll need to run multiple instances at the same time on your computer to cater to different apps, which can get pretty clunky. Also, instances take their sweet time to start up - every time you run a instances, you need to wait for its operating system to get ready too (the few minutes this takes can really add up).


Containers are different from EC2 instances. They don't include a full operating system; they share the host machine's* operating system. Oooo, are you wondering how that happens?

*A host machine, often just called a "host," is like the main computer that manages and controls other computers or devices that the virtual machines/containers are connected to. It's like the central hub of a group of workers that keeps them working together.

Containers are portable because everything an application needs to run (including the application code, dependencies*, and configuration) are all packaged up together into one container.

*Dependencies are additional software that an app relies on to function correctly. Think of them as the backstage staff in a play. They're not the main stars (the app) but are essential to make everything run smoothly. For example, a delivery app like UberEats would rely on their location services (like Google Maps) working properly to display a map. This means Google Maps is a dependency for Uber Eats!

This is called containerisation. Imagine the host OS as a shared commercial kitchen, and each container is like a group of friends joining a cooking class. Everyone uses the same basic equipment and systems (the host OS), but they bring their own unique ingredients to make their favourite pizzas (applications). This way, everyone can build and enjoy their own pizza in an efficient and practical way. Now,  imagine having to build a kitchen from scratch for every single pizza that the group wants to make! What a mission.

When these elements are packaged together in a container, the container becomes a single, standalone entity that can be easily moved and run on different operating systems without the need for additional setup or adjustments. This is a big difference from virtual machines. With EC2, you have to set up the operating system and install all of the app's dependencies in every sing instance.

So, EC2 instances virtualise the whole computer, while containers make use of the hosts' operating system - so you'd only need to virtualise the app and its dependencies. There is no need to wait for a whole operating system to start up (which you'd do with EC2 instances), and containers use much far fewer resources. That's why containers are considered efficient and 'lightweight'!

How people use containers

Containers are perfect for creating solutions with a microservice architecture.

  • A microservice architecture breaks up a big app into smaller, independent pieces.
  • For example, you can separate your website into a front end (the pretty page you see when you load the website), a back end (the behind the scenes code that makes everything run smoothly), and a storage container (where all the website's videos and photos get stored).

This separation lets you manage, scale, and update each part independently. Say your website's back end is getting swamped, but the front end and storage are chill. With containers, you can scale up the back end without messing with the rest. And if you need to change the storage or tweak the front end, it won't disrupt the other parts.

Overall, containers can provide speed, but virtual machines offer the full strength of an operating system and its capabilities.

Docker and container orchestration

A popular containerisation platform is Docker.

  • Being a containerisation platform means Docket is the engine behind containers - they are the superheroes using operating system level virtualisation to deliver software in containers.
  • Docker helps customers create, package, deploy, and run containers.
  • It simplifies container isolation i.e. keeping individual containers separate from each other so that they can't interfere with or disrupt one another. This includes making sure each container has its own networking and storage space set up.
  • The containers that are made using Docker are called Docker containers.
  • Sometimes, Docker is also called a container runtime. A container runtime is responsible for running containers on a host system. It's one of the many tools in the wider containerisation platform.

Since containers are so portable, in AWS, containers can run on EC2 instances.

  • You might have a large EC2 instance and run a few containers on that instance.
  • In the real world, companies run many containers on many different EC2 instances. These EC2 instances would be spread out across different AWS data centres too.

When you use containers on AWS, you need processes to start, stop, restart, and monitor containers running across a whole bunch of EC2 instances.

  • This bunch of EC2 instances is called a cluster.
  • The process of managing these tasks is called container orchestration.
  • If you have a few containers, orchestration is not so bad.
  • But once you get to hundreds or thousands of containers you are managing, it can be quite complex.

That's why orchestration services were created! Orchestration tools were created to help you run and manage containers, like:

  • How to place your containers on your instances
  • What happens if your container fails
  • What happens if your instance fails
  • How to monitor deployments of your containers

Container services in AWS

AWS provides container-related services to help us create, run and manage containers easily. The fact that 80% of cloud based containers are run on AWS shows just how easy AWS makes it!

The service you choose to run your containers on AWS depends on how much control you want, and how confident you are with running containerised applications.

Amazon Elastic Container Service (Amazon ECS)

Amazon ECS is the most simple way of running secure and scalable containerised applications on AWS.

  • ECS is a fully managed orchestration service that takes all the heavy lifting out of spinning up new containers. It handles deploying, managing and scaling for you.
  • With deep integration in the wider AWS ecosystem, you can enable your workloads to be container-based with as little disruption as possible.
  • ECS helps you run, scale, and manage Docker containers on a cluster of EC2 instances or AWS Fargate (more on Fargate in the next topic!).

Example scenario: Imagine you’re developing a microservices-based e-commerce platform. With Amazon ECS, you can containerise each microservice, like user authentication, inventory management, and payment processing. As we've learnt, ECS will handle the deployment, scaling, and load balancing of these containers, ensuring seamless integration and efficient resource utilisation.

When the Amazon ECS container instances are up and running, you can:

  • Launch and stop containers
  • Get cluster state i.e. check your cluster's current status and settings
  • Scale in and out
  • Sort out the placement of containers across your cluster
  • Assign permissions

An ECS container is called a task. To prepare your application to run on ECS, you create a task definition.

  • A task definition is like a blueprint that describes the resources you need to run a container.
  • Things that go in a task definition are computing power, memory, storage, and more.
  • The task definition is a text file, in JSON* format, that describes one or more containers.
*JSON is like a digital language that helps computers store and organise information neatly. It's used in everyday applications like websites, apps, and even your smartphone to send and receive data between devices or servers. It's like a digital filing system where information is stored with labels, making it easy for computers to find and use the data.

Here is an example of a task definition written in JSON (you don't need to understand this! We'll walk through JSON with you in the exercises):

{"family": "webserver","containerDefinitions": [ {"name": "web","image": "nginx","memory": "100","cpu": "99"} ],"requiresCompatibilities": [ "FARGATE" ],"networkMode": "awsvpc","memory": "512","cpu": "256"}

Amazon Elastic Kubernetes Service (Amazon EKS)

Amazon EKS is a managed service for Kubernetes* workloads (a popular container orchestration tool).

*Kubernetes helps manage and run applications stored in containers. Note that Kubernetes and Docker are not competitors. In many scenarios, Docker is used to build and package applications into containers, while Kubernetes is used to orchestrate and manage the deployment of these Docker containers.
  • This means you can run Kubernetes on AWS without needing to install, operate, and maintain your own nodes. Nodes = the individual machines/instances within a Kubernetes cluster that run the containers.
  • EKS provides you with all the familiarity of using a Kubernetes environment, with the inherent scalability and availability the cloud provides.
  • As new updates release for Kubernetes, you can easily apply these updates to your applications managed by Amazon EKS.

Example scenario: Imagine you’re building a data analytics platform that processes large volumes of data. With EKS, you can deploy your analytics application using Kubernetes. EKS manages the underlying Kubernetes infrastructure, such as control plane management and worker node provisioning. This allows you to focus on data processing logic and leveraging Kubernetes features like autoscaling to handle varying workloads.

Psssst... Amazon EKS does essentially the same thing as ECS, except:

  • ECS runs on AWS native technology. EKS runs on Kubernetes.
  • In ECS, a container instance = an EC2 instance that has an ECS manager installed to run containers. In Amazon EKS, the machine that runs the containers is called a worker node or Kubernetes node.
  • An ECS container is called a task. An EKS container is called a pod.

Amazon Elastic Container Registry (ECR)

Amazon ECR is a fully managed container registry. A registry is where you can host your container images* and their artefacts** securely and cost effectively.

*Container images = blueprints for containers. They contain all the necessary ingredients for an application, including the code and configurations, bundled together in a single package. Think of a container image as a recipe, and a container as the meal prepared using that recipe.
*Artefacts = components, files, and dependencies included in the image. These artefacts collectively define how an application should run within a container and are part of what makes up a container image.

- You can integrate ECR with Amazon Inspector to check for security vulnerabilities in your container images.

- AWS Key Management Service (KMS) can be used to ensure that your container images are encrypted.

- Amazon ECR is highly available by default, storing your images in Amazon S3, which is known for its exceptional durability (11 9's - if you need a refresher on what 11 9's means, check out the Amazon S3 topic 😉) that prevents data loss.