zoukankan      html  css  js  c++  java
  • [SAA + SAP] 06. Containers on AWS: ECS, Fargate, ECR & EKS

    SAA

    Overview

    For each container, there is ECS Agent attached to it. ECS Agent talk to ECS Service, ECR to pull image and send log to CloudWatch.

    There are two types of IAM roles:

    1. For EC2 instance, ECS Agent
    2. For Task defintion

    For each Task, will attach ENI to bind network IP.

    ECS Services & Tasks, Load Balancing

    • In a Cluster, you can have multi services
    • In a Service, you can run multi Tasks
    • You can attach Application Load Balacner

    • If you have Multi containers running in one Task
    • You can using Dynamic Port mapping, (give 0 in Port input), it randomlly assign port
    • ALB will connect to each ports
    • EC2 instance SG should allow ANY PORT from the ALB security Group (because port are dynamic)

    • ECS tasks can be invoked automaticlly by EventBridge or CloudWatch Event

    ECS Scaling

    • There are two types of scalings
    • Auto scaling group to add new Task to handle increase traffic
    • Scaling SEC Capacity Proivders to upgrade EC2 instance, in order to Launch more Tasks in EC2 instances


    SAP

    ECS - Security & Networking

    • IAM Security
      • EC2 instance Role must have basic ECS permissions
      • ECS Task level should have an IAM Task Role (maximum security)
    • Secrets and Configuration injection into parameters, environmnet variables
      • Integration with SSM Parameter Store & Secret Manager
    • Task Networking
      • none: no network connectivity, no port mapping
      • bridge: uses Docker's virtual container-based network
      • host: bypass Docker's netowkr, uses the underlying host netowrk interface
      • awsvpc:
        • Every tasks launched on instance gets its own ENI and private IP address
        • Simplified networking, enhanced security, security groups, monitoring, VPC flow logs
        • Default mode for Fargate

  • 相关阅读:
    page指令
    CMD设IP
    JDBC的几种驱动
    Python的闭包使用
    1189. 扫雷游戏
    1287. 递增的三元子序列
    Pip安装使用国内源的两种方法
    Python Classmethod和Staticmethod函数
    Git提交远程仓库
    Git分支管理
  • 原文地址:https://www.cnblogs.com/Answer1215/p/15036600.html
Copyright © 2011-2022 走看看