AWS's solution to running ECS & EKS

Published Date :

One of the key value propositions that cloud computing offers is unified infrastructure. This might seem impossible when running disparate container orchestration platforms.

AWS MSPs are often faced with the challenge of running containers in hybrid or multi-cloud environments. This could happen when an organization has security or regulatory sensitivities or wishes to leverage investment in on-premises hardware. As always, AWS has a solution: ECS Anywhere and EKS Anywhere!

AWS’s Anywhere platform allows organizations to run ECS and EKS clusters using any hardware or cloud provider. It does this by unifying the control plane across multiple networks through agents. So you can run a container outside of AWS using the same configuration and patterns as you would on the AWS cloud, without compromising on the benefits and support of a robust, SLA-backed managed service.

While ECS and EKS have many similarities, they are designed for differing objectives. As their taglines suggest, ECS is designed for ‘powerful simplicity’ and EKS for ‘open flexibility’. Thus implementing ECS is far more streamlined, but the tradeoff is flexibility, which EKS offers, thanks to its larger community and open source approach. Nevertheless, both ECS and EKS extend their respective dynamics respective to their Anywhere versions.

ECS Anywhere

ECS Anywhere allows deployment and management of containerized workloads on any infrastructure. This allows a consistent user and API experience and eliminates the need to manage different architectures. Furthermore, one can use similar tools for cluster/workload management, scheduling, and monitoring on on-premises and cloud implementations.

ECS clusters on ECS Anywhere are defined the same way as on ECS, i.e. in the control panel, through API, or using standard IAC (Infrastructure-As-Code) tooling such as Terraform.

outside of the typical ECS Agent, and Docker, there is a prerequisite to joining an ECS Anywhere cluster: the AWS Systems Manager Agent (SSM Agent). SSM agent, which is used to run Amazon EC2 at edge locations, supports hybrid deployments. This essentially transforms any machine in any given location into an SSM Managed Instance.

Even on ECS Anywhere, the AWS ECS control plane remains in the region, and uses the same familiar ECS interface (for ECS Anywhere), more: ECS Anywhere does not affect the on-premises infrastructures. It only sends information necessary to manage a task to the Amazon control plane. All other information remains on-premises, so security and governance processes remain unaffected.

ECS Anywhere works with virtual machines, bare metal, Raspberry Pi, or any hardware running supported operating systems and architecture and is compatible with any infrastructure.
If the non-AWS infrastructure loses connectivity, ECS Anywhere continues to run tasks unless it is stopped manually. When connectivity is restored, node credentials are automatically renewed and normal functionality continues.

Like ECS itself, ECS Anywhere is designed for simplicity. It allows users to leverage existing infrastructure with the simplicity of traditional container management orchestration and control. This makes ECS Anywhere a fitting choice for companies that want to run ECS on-premises without incurring the cost of setting up and managing Kubernetes clusters.

EKS Anywhere

While ECS is designed for simplicity and easy adoption, EKS has a larger community and is extendible via a multitude of options, which makes it the tool of choice when building scalable, complex, and distributed platforms. In terms of flexibility, EKS offers greater workload and configuration flexibility than probably any other AWS managed Service.

Through EKS Connector, and the open source service, EKS Distro, EKS Anywhere offers centralized visibility of multiple Kubernetes clusters. At this point, EKS Anywhere can be run using VMware vSphere, and it supports the creation of local clusters using docker.

Soon, Amazon plans to provide support for other deployment options, including bare metal. Because of the EKS distro’s opinionated configuration and fixed platform requirements, EKS Anywhere cannot be positioned as a turnkey solution for heavily customized clusters. However, for standard operations, it does enable simplified cluster creation with fewer architectural decisions, and the added advantage of a centralized view into all clusters, wherever they are—on cloud or on-premises. Although both ECS & EKS are AWS Managed Services, EKS comes under Amazon’s “Shared Responsibility” model, and AWS differentiates between managed and “anywhere” and the support extended to each. From a hardware perspective, the EKS Anywhere cluster has components that are clearly beyond AWS support, but with an Enterprise Support Agreement, users can count on AWS for support with EKS Anywhere clusters.

Furthermore, one can opt for tools like Weave’s eksctl, which help simplify provisioning and “Day 2” operations. EKS Anywhere also utilizes Cillium as the default CNI—excellent for observability capabilities, combined with extensive security and encryption options, and bolstered by easy-to-manage policy enforcement.

While EKS Anywhere doesn’t quite solve all of the difficulties in running multiple clusters in a hybrid architecture, it does offer simplifications in the design and implementation of the model.

In a nutshell

There are many reasons why a company might choose to maintain a hybrid Kubernetes strategy. For instance, they might seek to leverage existing infrastructure and investments in this to lower cloud costs; they may need it for regulatory and compliance mandates, and security requirements to add additional resiliency. Such situations would formerly require organizations to maintain multiple operating environments, typically with different configuration and deployment options. Amazon’s new ‘Anywhere’ solution is a step towards unifying and solving some of the resulting headaches. And it allows orchestration of ECS containers from the ECS control plane, regardless of who is running the container and where: It could be in the AWS cloud, on-premises, or in a cloud run by another provider, it doesn’t matter. Anywhere allows users to view and maintain their container workloads through a single pane of glass.

Hybrid architectures can quickly become extremely complicated. What might seem like a straightforward architecture or tooling choice in a cloud-native environment can quickly become a web of different requirements, with management overheads and failure point to consider. ECS Anywhere and, to some extent, EKS Anywhere, provide a framework to smoothen the management of this hybrid world.

If you haven’t already begun to experience the benefits of containerization, it’s never too late. Contact us to learn about the benefits that come with successful container architectures and how. As an AWS Advanced Partner Teleglobal can help you leverage containers to meet your specific requirements and deliver high value for you and your customers.

Share Blog :