110. Elastic Container Service (ECS)
Question 1:
Your company decided to use Amazon ECS to set up a Docker container-based CI / CD environment on AWS. You are in charge of building this environment as a solutions architect. The requirement requested by your boss is to have a minimal spent on configuration when starting the container.
Choose how to set up ECS to achieve this requirement.
Options:
A. Select the auto scaling launch type in ECS
B. Select the Fargate launch type in ECS
C. Select the EC2 launch type in ECS
D. Select the Chef launch type in ECS
Answer: B
Explanation
The launch type of Amazon ECS determines the type of infrastructure in which tasks and services are hosted. And you can choose from two types, Fargate startup type and EC2 startup type.
The Fargate launch type allows you to run containerized applications without having to provision and manage your backend infrastructure. Simply register the task definition and Fargate will start the container. This configuration eliminates the need for tedious instance setup to launch a container. Therefore, option 2 is the correct answer.
Option 3 is incorrect. The EC2 launch type allows you to run containerized applications on a cluster of Amazon EC2 instances that you manage. It is an incorrect answer because it is a startup type that requires EC2 settings and does not meet the requirements.
Options 1 and 4 are incorrect because there are no other activation types.
Question 2:
An application running on an Amazon ECS container instance using the EC2 launch type needs permissions to write data to Amazon DynamoDB.
How can you assign these permissions only to the specific ECS task that is running the application?
Options:
A. Modify the AmazonECSTaskExecutionRolePolicy policy to add permissions for DynamoDB
B. Create an IAM policy with permissions to DynamoDB and assign It to a task using the taskRoleArn parameter
C. Use a security group to allow outbound connections to DynamoDB and assign it to the container instance
D. Create an IAM policy with permissions to DynamoDB and attach it to the container instance
Answer: B
Explanation
To specify permissions for a specific task on Amazon ECS you should use IAM Roles for Tasks. The permissions policy can be applied to tasks when creating the task definition, or by using an IAM task role override using the AWS CLI or SDKs. The taskRoleArn parameter is used to specify the policy.
CORRECT: “Create an IAM policy with permissions to DynamoDB and assign It to a task using the taskRoleArn parameter” is the correct answer.
INCORRECT: “Create an IAM policy with permissions to DynamoDB and attach it to the container instance” is incorrect. You should not apply the permissions to the container instance as they will then apply to all tasks running on the instance as well as the instance itself.
INCORRECT: “Use a security group to allow outbound connections to DynamoDB and assign it to the container instance” is incorrect. Though you will need a security group to allow outbound connections to DynamoDB, the question is asking how to assign permissions to write data to DynamoDB and a security group cannot provide those permissions.
INCORRECT: “Modify the AmazonECSTaskExecutionRolePolicy policy to add permissions for DynamoDB” is incorrect. The AmazonECSTaskExecutionRolePolicy policy is the Task Execution IAM Role. This is used by the container agent to be able to pull container images, write log file etc.
Question 3:
A leading social media analytics company is contemplating moving its dockerized application stack into AWS Cloud. The company is not sure about the pricing for using Elastic Container Service (ECS) with the EC2 launch type compared to the Elastic Container Service (ECS) with the Fargate launch type.
Which of the following is correct regarding the pricing for these two services?
Options:
A. Both ECS with EC2 launch type and ECS with Fargate launch type are charged based on vCPU and memory resources that the containerized application requests
B. Both ECS with EC2 launch type and ECS with Fargate launch type are charged based on EC2 instances and EBS volumes used
C. ECS with EC2 launch type is charged based on EC2 instances and EBS volumes used. ECS with Fargate launch type is charged based on vCPU and memory resources that the containerized application requests
D. Both ECS with EC2 launch type and ECS with Fargate launch type are just charged based on Elastic Container Service used per hour
Answer: C
Explanation
Correct option:
ECS with EC2 launch type is charged based on EC2 instances and EBS volumes used. ECS with Fargate launch type is charged based on vCPU and memory resources that the containerized application requests
Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service. ECS allows you to easily run, scale, and secure Docker container applications on AWS.
With the Fargate launch type, you pay for the amount of vCPU and memory resources that your containerized application requests. vCPU and memory resources are calculated from the time your container images are pulled until the Amazon ECS Task* terminates, rounded up to the nearest second. With the EC2 launch type, there is no additional charge for the EC2 launch type. You pay for AWS resources (e.g. EC2 instances or EBS volumes) you create to store and run your application.
Incorrect options:
Both ECS with EC2 launch type and ECS with Fargate launch type are charged based on vCPU and memory resources that the containerized application requests
Both ECS with EC2 launch type and ECS with Fargate launch type are charged based on EC2 instances and EBS volumes used
As mentioned above – with the Fargate launch type, you pay for the amount of vCPU and memory resources. With EC2 launch type, you pay for AWS resources (e.g. EC2 instances or EBS volumes). Hence both these options are incorrect.
Both ECS with EC2 launch type and ECS with Fargate launch type are just charged based on Elastic Container Service used per hour
This is a made-up option and has been added as a distractor.