ECS (Elastic Container Service) is AWS's service for running Docker containers in the cloud.

Running a Docker container on AWS = running an ECS Task inside an ECS Cluster.

• Connect dots with docker

ECS gives you two ways to run containers:

1. EC2 Launch Type — You Manage the Servers

You provision and maintain EC2 instances. ECS places and runs containers on those instances.

• Each EC2 instance must run the ECS Agent to register into the cluster
• AWS starts and stops containers, but you manage the EC2 instances themselves
• When you create a cluster, an Auto Scaling Group is automatically created for it

Use when: You need full control over your servers or specific hardware.

2. Fargate Launch Type — Serverless

No EC2 instances to provision or manage. AWS handles all infrastructure.

You define a task (CPU + RAM needed)
    |
    v
AWS automatically finds resources and runs your container
    |
    v
To scale: just increase number of tasks

• Completely serverless — no servers to manage
• You only define task definitions (what the container needs)
• Scaling is simple — add more tasks, not more EC2 instances

Use when: You want zero infrastructure management. Preferred for most use cases.

EC2 Launch Type vs Fargate

3. IAM Roles for ECS

EC2 Instance Profile (EC2 Launch Type only)

This role is attached to the EC2 instance itself. It is used by the ECS Agent to interact with AWS services.

EC2 Instance Profile --> used by ECS Agent to talk to:
    - ECS     (register instance, report task status)
    - ECR     (pull Docker images)
    - CloudWatch Logs (send container logs)
    - Secrets Manager / SSM Parameter Store (optional, for secrets)

This role is only for the ECS Agent (infrastructure level). It has nothing to do with what the containers themselves can access.

ECS Task Role

Each individual task (container) gets its own role with its own permissions.