AWS Compute Strategy: Determining When to Use Containers
Determining when to use containers
AWS Compute Strategy: Determining When to Use Containers
Determining the right compute environment is a core skill for the AWS Certified Solutions Architect - Associate (SAA-C03). This guide explores the transition from traditional Virtual Machines (EC2) to the high-efficiency world of containers and serverless orchestration.
Learning Objectives
After studying this guide, you should be able to:
- Differentiate between the architecture of Virtual Machines (VMs) and Containers.
- Identify the primary AWS services for container orchestration (ECS and EKS).
- Evaluate use cases for AWS Fargate versus EC2-backed container hosting.
- Determine when a workload is better suited for Lambda (Serverless) versus Containers.
- Understand the role of dependency isolation in modern application deployment.
Key Terms & Glossary
- Docker: An open-source platform used to automate the deployment of applications inside lightweight, portable containers.
- Container Image: A lightweight, standalone, executable package of software that includes everything needed to run an application (code, runtime, system tools, system libraries, settings).
- Orchestration: The automated configuration, management, and coordination of computer systems, applications, and services (e.g., ECS or Kubernetes).
- Microservices: An architectural style that structures an application as a collection of loosely coupled services.
- Fargate: A serverless compute engine for containers that works with both Amazon ECS and Amazon EKS.
The "Big Idea"
In traditional computing, every application requires a full Operating System (OS) to run. This is like building a whole new house just to use a single toaster. Containers change this by sharing the host's kernel, allowing you to run multiple "toasters" (applications) on one foundation (OS). This shift enables loose coupling, rapid scaling, and portability—allowing an application to run exactly the same way on a developer's laptop as it does in the AWS cloud.
Formula / Concept Box
Compute Comparison Matrix
| Feature | Amazon EC2 (VMs) | Containers (ECS/EKS) | AWS Lambda (Serverless) |
|---|---|---|---|
| Isolation Level | Hypervisor (Hardware) | OS Kernel (Software) | Event-driven Runtime |
| Start Time | Minutes | Seconds | Milliseconds |
| Control | Full OS Access | Application & Dependencies | Code Only |
| Best For | Legacy apps, deep monitoring | Microservices, portability | Short-lived tasks (<15 min) |
| Maintenance | High (Patching OS) | Medium (Managing Clusters) | Low (No infrastructure) |
Hierarchical Outline
- I. Container Fundamentals
- Efficiency: Share host kernel; smaller footprint than VMs.
- Consistency: Immutable infrastructure ensures dev/prod parity.
- Portability: Use of a
dockerfileto define environment exactly.
- II. AWS Orchestration Services
- Amazon ECS: AWS-native, deep integration with AWS ecosystem (IAM, VPC).
- Amazon EKS: Managed Kubernetes; best for hybrid or multi-cloud strategies.
- Amazon ECR: Secure registry for storing and managing container images.
- III. Compute Options for Containers
- EC2 Launch Type: User manages underlying instances; full control over instance types.
- Fargate Launch Type: Serverless; AWS manages the underlying infrastructure.
- IV. Selection Criteria
- Use Containers if: You need consistent environments, microservices, or rapid scaling.
- Use Serverless (Lambda) if: Tasks are event-driven and run for less than 15 minutes.
Visual Anchors
VM vs. Container Architecture
Compute Selection Logic
\begin{tikzpicture}[node distance=2cm, every node/.style={rectangle, draw, fill=blue!10, text width=3cm, align=center, rounded corners}] \node (start) {Start: Compute Requirement}; \node (duration) [below of=start] {Is task short-lived (<15m) and event-driven?}; \node (lambda) [right of=duration, xshift=3cm, fill=green!20] {Use AWS Lambda}; \node (control) [below of=duration, yshift=-1cm] {Do you need full OS control?}; \node (ec2) [right of=control, xshift=3cm, fill=yellow!20] {Use Amazon EC2}; \node (container) [below of=control, yshift=-1cm, fill=orange!20] {Use Containers (ECS/EKS)};
\draw[->] (start) -- (duration);
\draw[->] (duration) -- node[above] {Yes} (lambda);
\draw[->] (duration) -- node[left] {No} (control);
\draw[->] (control) -- node[above] {Yes} (ec2);
\draw[->] (control) -- node[left] {No} (container);\end{tikzpicture}
Definition-Example Pairs
- Dependency Isolation: The practice of packaging all software requirements within the container image so the app doesn't rely on the host system.
- Example: A Java app requires OpenJDK 17. Instead of installing it on the EC2 server, you include OpenJDK 17 inside the Docker image. If you move the container to a server with OpenJDK 11, the app still uses its internal version 17.
- Hybrid Deployment: Running containerized workloads across both on-premises data centers and the cloud.
- Example: Using ECS Anywhere to manage containers running on local hardware in a corporate data center via the AWS Management Console.
Worked Examples
Scenario 1: Migrating a Legacy Monolith
Problem: A company has a large web application running on a single EC2 instance. It takes 10 minutes to scale during traffic spikes and often fails because of library version mismatches between developer laptops and production servers. Solution:
- Refactor: Break the app into smaller microservices.
- Containerize: Create Docker images for each service to ensure dependencies are isolated.
- Deploy: Use Amazon ECS with Fargate to allow the services to scale in seconds without managing the underlying servers.
Scenario 2: Regulatory Data Residency
Problem: A financial firm must keep data processing on-premises due to local laws but wants to use AWS for orchestration and monitoring. Solution:
- Implement Amazon EKS Anywhere. This allows the firm to use the same Kubernetes operational tooling they use in AWS on their local physical servers, meeting compliance while gaining cloud-style management.
Checkpoint Questions
- What is the primary architectural difference that makes containers more efficient than virtual machines?
- You need to run a containerized application but want zero responsibility for managing the underlying EC2 instances. Which AWS technology should you use?
- If you are already heavily invested in Kubernetes on-premises and want to migrate to AWS with minimal changes to your tooling, should you choose ECS or EKS?
- A Lambda function is currently handling a task that occasionally takes 20 minutes to complete. What compute service should you migrate this task to?
▶Click to see answers
- Containers share the host's OS kernel, whereas VMs each require their own full Guest OS.
- AWS Fargate.
- Amazon EKS (Elastic Kubernetes Service).
- Amazon ECS or EKS (Containers), as Lambda has a 15-minute execution limit.