ECS and EKS are both container orchestration services from AWS – in this post we take a look at ECS vs EKS to see which one will be more appropriate for your containerized workloads.
Container adoption is on the rise – the technology has become popular due to it’s efficient resource utilisation and portability. A container is essentially a software package which includes code, configurations and dependencies so that an application can be quickly launched and reliably run on any computing environment. This means that a developer can develop an app in a container on their laptop, then run that container on any cloud or on premise infrastructure without making any changes to it. Virtualisation is handled at the operating system level rather than the hardware level, meaning containers can make much more efficient use of the underlying infrastructure. Whereas multiple virtual servers can share the same physical hardware, multiple containers can share the same operating system.
There are a number of different types of containers available – Docker is one of the most widely recognised and adopted, other container formats include:
- Windows Server Containers
- Hyper-V Containers
Containers can achieve very high density compared to virtual machines – but this in itself presents a management or ‘orchestration’ challenge when operating containers at scale. This is where container orchestration has become a necessity. Container orchestration manages the entire life-cycle of containers, taking care of tasks including:
- Provisioning and deployment of containers on the underlying compute infrastructure
- Container availability and redundancy
- Container elasticity (scale up, scale down)
- Compute resource allocation
- Monitoring containers and hosts
- Application Deployment
ECS vs EKS
Enter ECS and EKS – 2 solutions from AWS which help to solve the challenge of container orchestration. Let’s firstly take a look at the two AWS services, then compare and contrast ECS vs EKS to help you decide which is the best option for you.
Amazon ECS (Elastic Container Service) is a fully managed container orchestration service – essentially ‘Docker as a Service’. ECS is a tried and tested solution which is used to power many other AWS services including Amazon.com’s recommendation engine, Amazon SageMaker and Amazon Lex. This means that ECS is production ready in terms of security, reliability and availability.
ECS integrates with AWS Fargate enabling a true ‘Serverless’ compute option for running containers on AWS, removing the need to provision and manage servers. But it can also be used with EC2 instances, or a mix of Fargate managed resources and EC2 instances, providing a truly flexible environment to run your containers and match resource fees to application utilization.
ECS pulls container images from ECR – Elastic Container Registry where container images can be built and stored. Containers can also be pulled from other third party container image repositories such as Docker Hub. Users then define the container images and resources needed for their application in ECS, and ECS can launch the application either onto EC2 or Fargate. ECS then takes care of scaling the application and ensuring application availability.
ECS has the ability to self heal – failed containers are re-launched automatically using Auto-Recovery.
ECS works on the concept of ‘Tasks’ – a task definition is written in JSON (Java Script Object Notation).
ECS supports both Docker containers and Windows containers.
Amazon EKS (Elastic Kubernetes Service) is a fully managed Kubernetes service. Kubernetes is an open source system for automating the deployment, scaling and management of containerized applications. Amazon EKS enables AWS customers to run Kubernetes on AWS without needing to build and maintain their own Kubernetes control plane, which consists of a kube-apiserver, etcd, kube-scheduler, kube-controller-manager and cloud-controller-manager.
The Kubernetes control plane nodes are responsible for starting & stopping containers, scheduling containers on virtual machines, storing cluster data and other tasks. Amazon EKS automatically manages the scaling and availability of the Kubernetes control plane nodes.
EKS provides a scalable, highly available Kubernetes control plane that spans three AWS availability zones.
Like ECS, EKS can integrate with AWS Fargate which removes the need to provision and manage servers for the Kubernetes nodes or worker machines on which the containers will run. EKS also integrates with other AWS networking and security services, including the Application Load Balancer for load distribution, Identity and Access Management (IAM) for role based access control, and Virtual Private Cloud (VPC) for secure Kubernetes pod networking.
EKS works on the concept of ‘Pods’ – pods are defined by a ‘manifest file’ which is written in YAML (YAML Ain’t Markup Language). An EKS Pod is equivalent to an ECS Task.
EKS supports both Windows and Linux worker nodes in the same cluster.
Read more about EKS and competitive offerings in this earlier post
Amazon ECS vs Kubernetes
So now we understand that EKS and ECS are both fully managed container orchestration services offered by AWS. So what’s the difference, and why choose one over the other? Let’s take a look at some of the key differences between the two services.
Vendor Lock In
ECS is an AWS proprietary technology, whereas EKS runs Kubernetes which is open source.
One of the key benefits of containers is that they can run anywhere, so when deciding between ECS and EKS you need to ask yourself ‘Will I want to run my containers anywhere other than AWS?’. If the answer is yes, you’ll need to go with Kubernetes and EKS. If the answer is no, then ECS will work just fine for you.
With ECS, ENIs (Elastic Network Interfaces, ie Virtual NICs) can be allocated to a ‘Task’, and an EC2 instance can support up to 120 tasks. With EKS, ENIs can be allocated to and shared between Kubernetes pods, enabling the user to place up to 750 Kubernetes pods per EC2 instance (depending on the size of the instance) which achieves a much higher container density than ECS.
From a security perspective, there is little difference between ECS and EKS. Previously, it was not possible to associate an IAM role to a container in EKS, but this functionality was added in late 2019.
Both ECS and EKS pull container images from secure storage in ECR (Elastic Container Registry) which is AWS’ service for storing Docker images.
Simplicity of Deployment
ECS is an out of the box solution which can easily be deployed via the AWS console. As it is a fully managed PaaS service from AWS there is no control plane to configure – once ECS is set up, users can start deploying tasks straight away from within the AWS console.
EKS is a little more complex and requires more configuration and therefore more expertise. After setting it up in the AWS console, users then need to configure and deploy Kubernetes pods using Kops.
AWS do not charge for the use of ECS – you simply pay for the compute resources consumed by your containers, whether that be on EC2 instances or serverless compute with Fargate. For EKS there is a charge of $0.10 per hour per for each EKS cluster that is created.
ECS vs EKS – which one to Choose?
ECS and EKS are both very capable container orchestration solutions which will help you to manage containers at scale, so there is no right or wrong answer.
If you are a complete container novice, then you’ll find it easier to get started with ECS.
If you are experienced with containers already, or if you are already running Kubernetes clusters, then EKS will be a better fit. And as mentioned above, if you are concerned about vendor lock in and may want to run container workloads outside of AWS, then EKS is the right choice.
Whatever choice you make when deciding between ECS vs EKS, Logicata AWS Managed Services are available to help out with the deployment and ongoing management of your containerised workloads.