Xoxoftware - XOXO Creative Studio | Web & Mobile App Development | Fred Cheung | Hong Kong
AWSCompute

Amazon ECS and EKS

Container orchestration services — ECS with Fargate/EC2 launch types and EKS for managed Kubernetes, covering task definitions, services, and decision criteria.

Overview

Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS) are AWS's container orchestration platforms — ECS is AWS-native and tightly integrated with the AWS ecosystem, while EKS provides managed Kubernetes for teams that need Kubernetes compatibility or portability.

AspectECSEKS
OrchestratorAWS-proprietaryKubernetes (CNCF-compliant)
Control planeFully managed, no chargeFully managed, charged per cluster ($0.10/hr)
Learning curveLower — AWS-native conceptsHigher — full Kubernetes API surface
PortabilityAWS-onlyMulti-cloud / on-premises (EKS Anywhere)
EcosystemDeep AWS integration (CloudMap, App Mesh)Kubernetes ecosystem (Helm, Istio, ArgoCD)

Core Concepts

ConceptDescription
Task Definition(ECS) Blueprint for a container group — image, CPU, memory, ports, volumes, IAM role
Task(ECS) A running instance of a task definition; analogous to a Kubernetes Pod
Service(ECS) Maintains a desired count of tasks behind a load balancer; handles replacement on failure
ClusterLogical grouping of tasks/services (ECS) or pods/nodes (EKS)
Pod(EKS) Smallest deployable unit in Kubernetes — one or more containers sharing a network namespace
Node(EKS) An EC2 instance or Fargate micro-VM that runs pods
FargateServerless compute engine — AWS manages the underlying infrastructure for tasks/pods
EC2 Launch TypeTasks/pods run on self-managed EC2 instances registered to the cluster
ECRElastic Container Registry — managed Docker image repository integrated with ECS/EKS

Launch Types: Fargate vs EC2

CriteriaFargateEC2 Launch Type
Infrastructure managementNone — fully serverlessSelf-managed EC2 instances (patching, AMIs)
ScalingPer-task auto scalingCluster capacity providers + Auto Scaling groups
PricingPer vCPU + memory per secondEC2 instance pricing (can use RIs, Spot)
GPU supportNot supportedSupported (GPU instances)
Persistent storageEFS onlyEBS, EFS, instance store
Daemon tasksNot supportedSupported (one per instance)
Best forUnpredictable workloads, small teamsLarge-scale, cost-optimised, GPU, compliance

SAA/SAP Tip: When a question asks for "serverless containers" or "lowest operational overhead for containers," the answer is Fargate — not Lambda (which is for functions, not containers) or EC2-based ECS.

How ECS Works

ECS Cluster
├── Service A (desired count = 3)
│   ├── Task 1  [Fargate]  ← Task Definition v2
│   ├── Task 2  [Fargate]
│   └── Task 3  [Fargate]
│       └── ALB routes traffic across tasks
├── Service B (desired count = 2)
│   ├── Task 1  [EC2]  ← Task Definition v1
│   └── Task 2  [EC2]
└── Capacity Provider
    └── Auto Scaling Group (EC2) or Fargate

ECS Task Networking

Network ModeDescriptionUse Case
awsvpcEach task gets its own ENI + private IP (required for Fargate)Production, security groups
bridgeDocker bridge network; port mapping requiredLegacy EC2 workloads
hostTask shares EC2 host network namespacePerformance-sensitive EC2
noneNo network connectivityBatch jobs with no network

How EKS Works

EKS Cluster
├── Control Plane (managed by AWS)
│   ├── Kubernetes API Server
│   ├── etcd (managed, multi-AZ)
│   └── Controller Manager + Scheduler
└── Data Plane
    ├── Managed Node Group (EC2 Auto Scaling)
    │   ├── Node 1 → Pod A, Pod B
    │   └── Node 2 → Pod C
    ├── Fargate Profile
    │   └── Pod D (serverless)
    └── Self-Managed Nodes (custom AMI)

EKS Node Types

Node TypeManagement LevelUse Case
Managed Node GroupsAWS-managed AMI, scaling, updatesMost workloads — recommended default
Fargate ProfilesFully serverlessBatch jobs, microservices with no node management
Self-Managed NodesFull controlCustom AMIs, specialised kernels, GPU

ECS vs EKS Decision Guide

Decision FactorChoose ECSChoose EKS
Team runs Kubernetes today or needs portabilityNoYes
Multi-cloud or hybrid strategyNot a priorityRequired (EKS Anywhere)
Deep AWS-native integration desiredYesAvailable but more manual configuration
Need Helm, Istio, or CNCF ecosystemNot applicableYes
Prefer simplicity over flexibilityYesNo — accept Kubernetes complexity

SAA/SAP Tip: The exam rarely asks to choose between ECS and EKS directly. Focus on Fargate vs EC2 launch type and when to use containers vs Lambda vs EC2.

Integration with Other Services

IntegrationECSEKS
Load BalancingALB, NLB (native)ALB, NLB (via AWS LB Controller)
Service DiscoveryAWS Cloud MapCoreDNS + Cloud Map
SecretsSecrets Manager, SSMSecrets Manager CSI driver
LoggingCloudWatch Logs (FireLens)Fluent Bit / Fluentd
IAMTask RoleIAM Roles for Service Accounts (IRSA)
Service MeshAWS App MeshIstio, Linkerd, App Mesh

Common Use Cases

  • Microservices architecture — Run dozens of independently deployable services with ALB path-based routing and service discovery.
  • Batch processing — Use Fargate Spot or EC2 Spot with ECS to run cost-efficient, fault-tolerant batch jobs.
  • CI/CD pipelines — Build and deploy container images with CodePipeline, CodeBuild, and ECR.
  • Machine learning inference — Deploy models on EKS with GPU node groups or Inferentia instances.
  • Kubernetes migration — Lift-and-shift existing Kubernetes workloads to EKS with minimal rework.
  • Hybrid deployment — EKS Anywhere extends Kubernetes to on-premises data centres.

SAA/SAP Exam Tips

SAA/SAP Tip: Fargate removes the need to manage EC2 instances for containers. However, it does not support GPU workloads, daemon sets, or Windows containers with EKS. If any of these are required, use the EC2 launch type.

Exam Trap: ECS Task Roles are the mechanism for granting containers access to AWS services — not instance roles. When a question mentions "least privilege for a containerised application," the answer involves Task Roles (ECS) or IAM Roles for Service Accounts / IRSA (EKS).

SAA/SAP Tip: Amazon ECR is the go-to container registry. Images are stored in S3 and can be replicated cross-region for multi-region deployments. ECR supports image scanning for vulnerabilities.

Cross-Cloud Equivalents

ECS

ProviderService / SolutionNotes
AWSAmazon ECSBaseline
AzureAzure Container Instances (ACI)Serverless containers; no orchestration layer
GCPGoogle Cloud RunServerless containers; auto-scales to zero
On-PremisesDocker Compose, HashiCorp NomadSimpler orchestrators for single-host or small clusters

EKS

ProviderService / SolutionNotes
AWSAmazon EKSBaseline
AzureAzure Kubernetes Service (AKS)Free control plane; similar managed experience
GCPGoogle Kubernetes Engine (GKE)Autopilot mode offers serverless-like Kubernetes
On-PremisesSelf-managed Kubernetes, Rancher, OpenShiftFull control; significant operational overhead

Pricing Model

DimensionECSEKS
Control planeFree$0.10/hr per cluster (~$72/month)
Fargate computePer vCPU-second + per GB-secondSame as ECS Fargate pricing
EC2 computeStandard EC2 pricing (RIs, Spot apply)Standard EC2 pricing (RIs, Spot apply)
ECR storage$0.10/GB-month$0.10/GB-month
Data transferStandard VPC/internet transfer ratesStandard VPC/internet transfer rates

Related Services / See Also

Amazon EC2

Elastic Compute Cloud — virtual servers in the cloud covering instance types, AMIs, placement groups, Nitro, tenancy, and pricing models.

AWS Elastic Beanstalk

Platform as a Service (PaaS) — deploy and manage web applications without infrastructure complexity, covering deployment policies, environment tiers, and .ebextensions.

Built by Fred Cheung @CookedRicer · Powered by Fumadocs & Github Copilot

On this page

OverviewCore ConceptsLaunch Types: Fargate vs EC2How ECS WorksECS Task NetworkingHow EKS WorksEKS Node TypesECS vs EKS Decision GuideIntegration with Other ServicesCommon Use CasesSAA/SAP Exam TipsCross-Cloud EquivalentsECSEKSPricing ModelRelated Services / See Also