Capacity creation - Amazon Elastic Container Service

Capacity creation

An Amazon ECS container instance is an Amazon EC2 instance that is running the Amazon ECS container agent and has been registered into an Amazon ECS cluster. When you run tasks with Amazon ECS using the EC2 launch type, External launch type or an Auto Scaling group capacity provider, your tasks are placed on your active container instances. You are responsible for the container instance management and maintenance.

Amazon ECS provides the Amazon ECS-optimized AMIs that are preconfigured with the requirements and recommendations to run your container workloads. We recommend that you use the Amazon ECS-optimized Amazon Linux 2023 AMI for your Amazon EC2 instances unless your application requires Amazon EC2 GPU-based instances, a specific operating system or a Docker version that is not yet available in that AMI. For information about the the Amazon Linux 2 and Amazon Linux 2023 instances, see Comparing Amazon Linux 2 and Amazon Linux 2023 in the Amazon Linux 2023 User Guide.

Although you can create your own Amazon EC2 instance AMI that meets the basic specifications needed to run your containerized workloads on Amazon ECS, the Amazon ECS-optimized AMIs are preconfigured and tested on Amazon ECS by AWS engineers. It is the simplest way for you to get started and to get your containers running on AWS quickly.

You can run either Linux or Windows on your container instances. You can choose the instance type based on your application requirements such as CPU architecture, network throughput, and architecture. As a general rule, the CPU and memory must be large enough to hold at least one replica of the task that you want to run. You can launch more tasks at the same time with larger instances. You can scale out in a more fine-grained way to save costs with smaller instances. You don't need to choose a single Amazon EC2 instance type that to fit all the applications in your cluster. You can create multiple Auto Scaling Groups with different instance types to fit all the applications. For more information, see Amazon EC2 Instances.

To determine which instance types you can use, start by eliminating the instance types or instance families that don't meet the specific requirements of your application. For example, if your application requires a GPU, you can exclude any instance types that don't have a GPU. However, you should also consider other requirements, too. For example, consider the CPU architecture, network throughput, and if instance storage is a requirement. Next, examine the amount of CPU and memory provided by each instance type. As a general rule, the CPU and memory must be large enough to hold at least one replica of the task that you want to run.

You can choose from the instance types that are compatible with your application. With larger instances, you can launch more tasks at the same time. And, with smaller instances, you can scale out in a more fine-grained way to save costs. You don't need to choose a single Amazon EC2 instance type that to fit all the applications in your cluster. Instead, you can create multiple Auto Scaling Groups,. Each group can have a different instance type. Then, you can create an Amazon EC2 Capacity Provider for each one of these groups. Last, in the Capacity Provider strategy of your service and task, you can select the Capacity Provider that best suits its needs. For more information, see Amazon EC2 Instances.

Use the following guidelines for networking your instances:

  • We recommend launching your container instances inside a VPC, because Amazon VPC delivers more control over your network and offers more extensive configuration capabilities. For more information, see Amazon EC2 and Amazon Virtual Private Cloud in the Amazon EC2 User Guide for Linux Instances.

  • If any of the containers associated with your tasks require external connectivity, you can map their network ports to ports on the host Amazon ECS container instance so they are reachable from the internet. Your container instance security group must allow inbound access to the ports you want to expose. For more information, see Create a Security Group in the Amazon VPC Getting Started Guide.

  • Container instances need access to communicate with the Amazon ECS service endpoint. This can be through an interface VPC endpoint or through your container instances having public IP addresses.

    For more information about interface VPC endpoints, see Amazon ECS interface VPC endpoints (AWS PrivateLink).

    If you do not have an interface VPC endpoint configured and your container instances do not have public IP addresses, then they must use network address translation (NAT) to provide this access. For more information, see NAT gateways in the Amazon VPC User Guide and HTTP proxy configuration for Linux container instances in this guide. For more information, see Create a virtual private cloud.