By Alexandr Ivenin, System Technical Lead, ClearScale
Containers are inherently lightweight and ephemeral. Their portability and reproducibility help ensure that containerized applications run the same anywhere. For all the benefits that containers offer, however, scalability can be an operational challenge.
Containers are typically used for microservices, with each service running in its own container. It’s not unusual for a single containerized app to require managing hundreds or even thousands of containers. It’s one thing to manage the deployment and maintenance of 10 containers. There’s a lot more complexity involved when there are 1,000 containers to manage.
That’s why when operating at scale, container orchestration is essential. Container orchestration is the automation of various aspects of container deployment and maintenance, so apps can be deployed faster and run reliability at scale.
There are various orchestration options available, including two popular services from AWS: Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS). While they have numerous similarities, ECS and EKS also have some significant differences. Understanding them can help you determine which is better suited to a particular project.
What is Amazon ECS
ECS is a fully managed, high-performance container orchestration service for deploying, managing, and scaling containerized apps in AWS cloud environments. It’s built to perform at scale and offers high availability and security. It’s also deeply integrated with a variety of AWS services, such as Elastic Load Balancing, Amazon VPC, and AWS IAM.
With ECS, you can run container workloads in the cloud or, using Amazon ECS Anywhere, on your own infrastructure.
ECS also offers you the option of two different launch types that define how compute resources are managed: EC2 instances, which are best for long-running tasks, or AWS Fargate, which works well for serverless tasks.
When using the ECS with EC2 instances, containers are deployed to EC2 instances (VMs) created for the cluster. ECS manages them together with tasks that are part of the task definition. This gives you full control over the type of EC2 instance used. You can also take advantage of Spot instances that reduce cloud costs by up to 90 percent. The downside is that you’re responsible for security patches and network security of the instances, as well as their scalability in the cluster.
Using ECS with AWS Fargate doesn’t require dealing with EC2 instances or servers. You simply choose the CPU and memory you need. AWS handles container availability and scalability. You can also use Fargate Spot, a capability that can run interruption tolerant ECS tasks at up to a 70% discount off the Fargate price.
However, ECS with Fargate supports only one networking mode – aws vpc, which limits your control over the networking layer. It also requires your task definitions to be stateless. No volumes can be attached to the containers defined in your tasks, preventing some types of containers from running in the ECS environment.
What is Amazon EKS
Amazon Elastic Kubernetes Service (Amazon EKS) is a managed Kubernetes service that automatically manages the availability and scalability of the Kubernetes control plane nodes that are responsible for scheduling containers, storing cluster data and other key tasks.
EKS makes it easy to deploy, run, and scale Kubernetes apps across just about any environment. For example, you can run fully managed EKS clusters on AWS. You can host and operate your Kubernetes clusters on-premise and at the edge with AWS Outposts and AWS Wavelength, and have a consistent cluster management experience with Amazon EKS Anywhere (coming later this year).
Like ECS, it also allows you to run Kubernetes apps on both EC2 and AWS Fargate. In addition, EKS is certified Kubernetes conformant, so existing apps that run on upstream Kubernetes are compatible with Amazon EKS.
Choosing ECS or EKS
The following are some of the areas where the two services differ ─ and that will influence your choice of which service to use.
- Management – ECS is easy to use. It has a simple API where you can create containerized applications without having to deal with complex abstractions. Once your cluster is set up, you can configure and deploy tasks directly from the AWS management console. It’s the way to go if you’re new to containerization and microservices. More expertise and operational knowledge are required to deploy and manage applications on EKS. You must first configure and deploy pods via Kubernetes because EKS is just another layer for creating K8s clusters on AWS.
- Portability – ECS is designed and served solely for workloads running on the AWS cloud or on-premises (thanks to Amazon ECS Anywhere). EKS enables you to run on any infrastructure. ECS currently offers deeper integration with other AWS services. If you’re only going to work in the AWS cloud or if you need an AWS-native solution to integrate easily with other AWS solutions, ECS may make the most sense. But if you don’t want to rely on a single cloud vendor or you’re considering developing multi-cloud or hybrid cloud architectures, then EKS is the way to go.
- Pricing – With ECS, users only pay for the AWS resources they use to run and store apps. There are no additional pricing concerns. For EKS, there are additional costs. Users pay $0.20/hour for each Amazon EKS cluster. It may not seem like much, but the costs can quickly add up if you create multiple clusters for each developer or team. However, users can take advantage of a single cluster to run multiple apps by taking advantage of Kubernetes namespaces and IAM security. If you’re just getting started or exploring microservices, then ECS may be more cost-effective. If you’re experienced in using microservices and need Kubernetes scalability, the additional costs may not be a big deal.
- Security – ECS and EKS both have access to AWS Identity and Access Management (IAM), an access control system that enables you to limit access to ECS tasks or EKS pods. ECS is deeply integrated with IAM, while EKS needs some add-ons to enable this functionality. There are options that allow similar functions in an EKS environment, but they entail extra costs. Note: EKS can support a much higher number of running pods (containers) per EC2 worker than ECS due to the way it uses ENIs.
- Networking – With ECS, you use the aws vpc network that receives an elastic network interface (ENI) attached to the container instance hosting it. The maximum number of ENIs you can assign varies by EC2 type. Even though AWS increased the limits, this might not be enough to support all the containers you want running on a particular instance. With EKS, you can assign a dedicated network interface to a pod to improve security. All the containers inside that pod share the internal network and public IP. You can share an ENI between multiple pods, which allows you to place more pods per instance.
- Support – AWS is the go-to source for information, support, and solving issues for ECS. You might have some third-party sources offering resources, but the most reliable information is going to come from AWS.EKS, on the other hand, benefits from the community support associated with open-source Kubernetes. That includes GitHub posts, Slack channels, and Stack Overflow, as well as a wealth of free resources such as blogs, tutorials, and online courses like official Kubernetes training. You also use community-maintained applications and tools, such as Helm Charts, Kubernetes Operators, or kubectl extensions.
ClearScale Knows Containers
When it comes to containers and container orchestration, ClearScale offers both expertise and experience. We know what works, what doesn’t, and what can best meet the specific requirements of your project. As an AWS Premier Consulting Partner, we also know how to make the best use of AWS services ─ including container-centric services like Amazon EKS and ECS, AWS Fargate, and more.
To learn more about how we’ve applied our knowledge of containers to help our customers, read:
- Microservices and Containers: A Match That Benefits Application Modernization
- Cloud-Native App Development: Containers and Serverless Computing