Mastering AWS ECS: Scaling Containers with Fargate and EC2

By /

Listen to this Post

Featured Image

Introduction

AWS Elastic Container Service (ECS) is a powerful yet cost-effective solution for deploying and managing containers. Unlike Kubernetes, ECS simplifies container orchestration while offering flexibility through Fargate (serverless) and EC2 (traditional) compute options. This guide explores best practices for scaling ECS tasks and handling resource allocation efficiently.

Learning Objectives

  • Understand the differences between Fargate and EC2 in ECS deployments.
  • Configure auto-scaling policies for ECS tasks and services.
  • Troubleshoot common ECS scaling issues and optimize resource usage.

You Should Know

1. Deploying ECS with Fargate

Command:

aws ecs create-service --cluster my-cluster --service-name my-service \ 
--task-definition my-task:1 --launch-type FARGATE \ 
--network-configuration "awsvpcConfiguration={subnets=[subnet-12345],securityGroups=[sg-12345]}"

Step-by-Step Guide:

  1. Define your task in a JSON file (my-task-definition.json) with CPU/memory limits.

2. Register the task:

aws ecs register-task-definition --cli-input-json file://my-task-definition.json

3. Deploy the service using the above `create-service` command. Fargate automatically scales tasks based on load, but you must configure Service Auto Scaling policies separately.

  1. Scaling ECS Tasks with Service Auto Scaling

Command:

aws application-autoscaling register-scalable-target \ 
--service-namespace ecs --scalable-dimension ecs:service:DesiredCount \ 
--resource-id service/my-cluster/my-service --min-capacity 1 --max-capacity 10

Step-by-Step Guide:

  1. Attach a scaling policy to adjust task count based on CloudWatch metrics (e.g., CPU utilization): 
    aws application-autoscaling put-scaling-policy --policy-name cpu-scale-out \ 
--service-namespace ecs --scalable-dimension ecs:service:DesiredCount \ 
--resource-id service/my-cluster/my-service --policy-type TargetTrackingScaling \ 
--target-tracking-scaling-policy file://scaling-policy.json

2. Example `scaling-policy.json`:

{ "TargetValue": 70, "PredefinedMetricType": "ECSServiceAverageCPUUtilization" }

3. Scaling Underlying EC2 Instances

Command (for EC2 Auto Scaling Groups):

aws autoscaling put-scaling-policy --policy-name ec2-scale-out \ 
--auto-scaling-group-name my-ecs-cluster --scaling-adjustment 2 \ 
--adjustment-type ChangeInCapacity

Step-by-Step Guide:

  1. Ensure your ECS cluster uses an EC2 Auto Scaling Group (ASG).
  2. Configure ASG scaling based on metrics like CPUReservation: 
    aws cloudwatch put-metric-alarm --alarm-name "ECS CPU High" \ 
--metric-name CPUReservation --namespace AWS/ECS --statistic Average \ 
--period 300 --threshold 80 --comparison-operator GreaterThanThreshold \ 
--evaluation-periods 2 --alarm-actions arn:aws:autoscaling:region:account-id:scalingPolicy:policy-id

4. Troubleshooting ECS Scaling Failures

Command (Check ECS Events):

aws ecs describe-services --cluster my-cluster --services my-service \ 
--query 'services[].events[] | [?contains(message, <code>ERROR</code>)]'

Common Fixes:

  • Insufficient IAM Permissions: Ensure `ecs:RegisterTaskDefinition` and `application-autoscaling:` are allowed.
  • Resource Limits: Fargate tasks may fail if AWS account limits are exceeded. Check with: 
    aws service-quotas get-service-quota --service-code ecs --quota-code L-12345ABCD

5. Securing ECS Tasks

Command (Task Execution Role):

aws iam create-role --role-name ecs-task-role \ 
--assume-role-policy-document file://trust-policy.json

Step-by-Step Guide:

  1. Restrict task roles to least-privilege policies. Example trust-policy.json: 
    { "Version": "2012-10-17", "Statement": [{ 
"Effect": "Allow", "Principal": { "Service": "ecs-tasks.amazonaws.com" }, 
"Action": "sts:AssumeRole" 
}]}
  2. Encrypt secrets using AWS Secrets Manager and reference them in task definitions: 
    "secrets": [{ "name": "DB_PASSWORD", "valueFrom": "arn:aws:secretsmanager:region:account-id:secret:db_creds" }]

What Undercode Say

  • Key Takeaway 1: Fargate simplifies scaling but requires explicit Service Auto Scaling policies. EC2 offers more control but demands ASG management.
  • Key Takeaway 2: Monitoring `CPUReservation` is critical for EC2-backed clusters to avoid resource starvation.

Analysis:

ECS strikes a balance between simplicity and functionality, but misconfigured scaling can lead to downtime or cost overruns. Future updates may blur the line between Fargate and EC2, with AWS likely introducing more automated scaling features. Proactive monitoring and IAM hardening remain non-negotiable for production workloads.

For deeper insights, refer to Avinash Dalvi’s guide on ECS scaling.

IT/Security Reporter URL:

Reported By: Darryl Ruggles – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Related Posts: