Being an opinionated container management service from AWS, some constructs are unique to the ECS service. Since they are not commonly used across other tools or platforms in the container ecosystem, let’s briefly discuss them.
Important constructs used by ECS
Similar to how we declaratively define the state of our resources in a CloudFormation template, we use JSON-based manifests to outline the needs of our containers, how they are related to each other, as well as their integration with other services. The next step is to pass them over to ECS to manage.
Container definitions – the most basic level of container configuration
This is the lowest level ofconfiguration detail expected from the user. Within a container definition, you can define properties such as Docker images, CPU and memory allocation, networking, security, Linux parameters, volume mounts, port mappings, and so on.
A container definition includes all the information required by the orchestrator to host this application on a specific node and configure all the settings needed to have the application up and running. This construct maps one to one to the containers you would run to manage your application.
Task definitions – logically encapsulating related containers
After you have the container definitions chalked out, you can logically club them together into what is known as a task definition. This isan ECS-specific construct that can be used to define (and manage) your application components individually. Let’s say you have a web application within which the backend application container always communicates with the database container. So, these two can naturally fit into a single task definition as you won’t be exposing the database to the outside world anyways.
You can also define resources such as CPU and memory at the task definition level, which will then be further distributed among all the containers. For granular access control, task definitions can be attached to specific IAM roles, which then grant permissions to the containers for carrying out specific actions on a related AWS service.
Tasks – an instance of a task definition
A task is an instance of a task definition. You can run multiple tasks from the same task definition and ECS will ensure the desired count of instances, and other configurations, are met. Do keep in mind that all containers that are part of the task definition will be scaled up or down together. So, this is the unit of deployment in the ECS world.