AWS container orchestration service that runs and scales Docker applications without managing the underlying cluster infrastructure.
Amazon ECS (Elastic Container Service) is AWS's native container orchestration service. It runs Docker containers at scale with two launch modes: EC2 (you manage instances) and Fargate (serverless, AWS manages infrastructure).
ECS abstracts container orchestration complexity while maintaining deep integration with the AWS ecosystem. Unlike Kubernetes, ECS is designed specifically for AWS, resulting in less configuration and better integration with services like IAM, CloudWatch, and Application Load Balancer.
Its architecture is based on four fundamental concepts: task definitions (blueprints), tasks (running instances), services (desired state maintenance), and clusters (logical grouping). This conceptual simplicity allows teams to focus on their applications rather than orchestrator operational complexity.
| Concept | Function | K8s equivalent |
|---|---|---|
| Task Definition | Container blueprint (image, CPU, memory, ports) | Pod spec |
| Task | Running instance of a task definition | Pod |
| Service | Maintains N running tasks with load balancing | Deployment + Service |
| Cluster | Logical grouping of tasks and services | Cluster + Namespace |
{
"family": "web-app",
"networkMode": "awsvpc",
"requiresCompatibilities": ["FARGATE"],
"cpu": "256",
"memory": "512",
"executionRoleArn": "arn:aws:iam::123456789012:role/ecsTaskExecutionRole",
"taskRoleArn": "arn:aws:iam::123456789012:role/ecsTaskRole",
"containerDefinitions": [
{
"name": "web-server",
"image": "nginx:latest",
"portMappings": [
{
"containerPort": 80,
"protocol": "tcp"
}
],
"essential": true,
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/web-app",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "ecs"
}
},
"environment": [
{
"name": "ENV",
"value": "production"
}
],
"secrets": [
{
"name": "DB_PASSWORD",
"valueFrom": "arn:aws:secretsmanager:us-east-1:123456789012:secret:db-password"
}
]
}
]
}Capacity Providers determine where and how tasks run, with different cost and control tradeoffs:
{
"capacityProviders": ["FARGATE", "FARGATE_SPOT", "EC2"],
"defaultCapacityProviderStrategy": [
{
"capacityProvider": "FARGATE",
"weight": 1,
"base": 2
},
{
"capacityProvider": "FARGATE_SPOT",
"weight": 4
}
]
}minimumHealthyPercent and maximumPercent# CodeDeploy configuration
DeploymentConfiguration:
BlueGreenDeploymentConfiguration:
TerminateBlueInstancesOnDeploymentSuccess:
Action: TERMINATE
TerminationWaitTimeInMinutes: 5
DeploymentReadyOption:
ActionOnTimeout: CONTINUE_DEPLOYMENT
GreenFleetProvisioningOption:
Action: COPY_AUTO_SCALING_GROUP{
"deploymentConfiguration": {
"deploymentCircuitBreaker": {
"enable": true,
"rollback": true
},
"maximumPercent": 200,
"minimumHealthyPercent": 50
}
}{
"serviceRegistries": [
{
"registryArn": "arn:aws:servicediscovery:us-east-1:123456789012:service/srv-xyz",
"containerName": "web-server",
"containerPort": 80
}
]
}| Dimension | ECS | EKS |
|---|---|---|
| Operational complexity | Low — AWS manages control plane | High — requires K8s expertise |
| Ideal team size | 2-10 engineers | 10+ engineers with K8s dedication |
| Monthly cost (10 services) | ~$200 (compute only) | ~$270 ($72 control plane + compute) |
| Time to production | 1-2 weeks | 4-8 weeks |
| Portability | AWS lock-in | Multi-cloud, on-premises |
| Ecosystem | Native AWS tools | Helm, operators, CNCF ecosystem |
| Learning curve | Moderate | Steep |
Allows executing commands inside running containers, similar to kubectl exec:
# Enable ECS Exec in task definition
aws ecs execute-command \
--cluster my-cluster \
--task arn:aws:ecs:us-east-1:123456789012:task/abc123 \
--container web-server \
--interactive \
--command "/bin/bash"# Recommended CloudWatch Alarms
CPUUtilization: >80% for 5 minutes
MemoryUtilization: >85% for 5 minutes
TaskCount: <desired_count for 2 minutes
TargetResponseTime: >500ms for 3 minutesECS represents the sweet spot between simplicity and capability for most teams running containers on AWS. While Kubernetes offers more flexibility and portability, ECS significantly reduces operational complexity — no control plane to manage, updates to plan, or certificates to rotate. For teams that don't need Kubernetes' multi-cloud portability, ECS enables faster value delivery with less operational overhead. Native integration with IAM, CloudWatch, and other AWS services eliminates the typical friction of setting up observability and security that exists in Kubernetes ecosystems.
Container platform that packages applications with all dependencies into portable, consistent units that run identically in any environment.
Serverless compute engine for containers that eliminates server management, allowing Docker container execution paying only for consumed resources.
Architectural style structuring an application as a collection of small, independent, deployable services, each with its own business logic and data.
Collection of 13 Terraform modules published on the Terraform Registry for deploying serverless architectures on AWS, with 12 examples covering basic ECS to full-stack CRUD with DynamoDB and AgentCore with MCP.