ECS is a container orchestration solution that lets organizations run and manage containers in a scalable and secure manner. ECS relieves organizations of the burden of installing, managing, and operating their cluster infrastructure.
ECS tightly integrates with other AWS services. For example, AWS Fargate supports serverless container deployments via ECS, and AWS CloudWatch can be used for monitoring and aggregating ECS logs and metrics.
Amazon’s recommended method for deploying containers to EC2 instances is to integrate ECS with Fargate. This is convenient, because it does not require configuring your own servers.
EKS is an AWS managed service that allows organizations to run, deploy, scale, and manage containerized applications in Kubernetes, either in an AWS cloud environment or on-premises. Kubernetes is a popular open source platform, first developed by Google, which is the world’s most popular container orchestrator.
When you run Kubernetes clusters on EKS, the service manages the scalability and availability of the Kubernetes control plane automatically. EKS handles container scheduling, managing the availability of containerized applications in a cluster, and other important tasks.
Because EKS is based on a native distribution of Kubernetes, it lets you take advantage of open source Kubernetes tools and add-ons, such as auto scaling, networking, metrics, and logging.
In this article
Whether you choose ECS or EKS, you pay for the hosting infrastructure to run your applications. Pricing varies depending on whether you are running your containerized application on a Fargate serverless model or on an EC2 instance—but whichever computing model you select, the price will be the same for ECS and EKS.
The main difference in pricing between the services is that with EKS, you pay $0.10 per hour per running cluster, or $70 for a month of continuous operation. ECS does not have a cost per cluster. This can be significant if you need to run numerous clusters on Amazon.
ECS is generally easier to use for IT organizations, but does not provide as much control as EKS.
ECS users can define several network options when creating a task (an application deployment configuration). However, the options are basic and not very customizable.
In contrast, EKS provides fine-grained control over the network. In the default network configuration of EKS, pods and nodes share network settings. EKS let you customize how pod networks work, via custom CNI configuration. With EKS, you can assign public and private addresses to different pods as needed, and they can run on different subnets.
Keep in mind that some network configuration options are not supported by EKS in Fargate mode.
Both EKS and ECS are initially set up through the AWS Management Console, but each service requires a different level of developer expertise and operational knowledge.
ECS is a native AWS solution, so there is no control plane. After initial cluster setup, developers can easily configure and deploy tasks directly from the admin console. It also has a simple API for creating containerized applications. The ECS architecture does not have many moving parts and does not use complex abstractions.
EKS, by contrast, is based on Kubernetes. AWS abstracts the management of the Kubernetes control plane into EKS to simplify the deployment of Kubernetes clusters for developers. But compared to ECS, Kubernetes is highly complex and has a steep learning curve. This means DevOps engineers and developers may need more experience, expertise, or knowledge to use EKS.
Both ECS and EKS have built-in monitoring capabilities and integrate with other tools.
In ECS, you can use the Container Insights feature of Amazon CloudWatch to monitor and aggregate metrics and logs. You can also set up alerts, track and filter metrics, and monitor and troubleshoot all your AWS resources in one place. ECS can also be used with third-party monitoring tools such as Grafana and Prometheus.
EKS also supports monitoring and logging with CloudWatch Container Insights. AWS also provides a GuardDuty feature, which analyzes Kubernetes audit logs to monitor control plane activity on EKS clusters. Additionally, integration with AWS CloudTrail gives you visibility into EKS management, operations, and audit trails.
AWS provides a similar level of security and reliability for all services, including ECS and EKS. Both services use identity and access management (IAM) policies to control or restrict access to tasks and pods. However, there are some operational differences.
In ECS, you secure containerized workloads through tight integration with AWS IAM. You can assign fine-grained permissions to tasks and containers for greater isolation. The service also integrates with many other security and governance tools.
In EKS, you need to use EKS EKS Kubernetes add-ons to enable AWS IAM features. Some of these add ons, such as KIAM, can make systems more complex and costly to run. However, EKS also provides access to Kubernetes native security tools. For example, administrators can analyze Kubernetes audits logs to investigate and identify security breaches or events.
Scenarios to prefer ECS
If you’re new to container orchestration and deployment, ECS is a good place to start because it is less expensive, and requires little or no expertise in managing Kubernetes clusters. AWS ECS is also a good choice if you are familiar with the AWS platform, because it offers tight integration with Amazon services.
Scenarios to prefer EKS
If you are looking for multi-cloud capabilities and portability of containerized workloads, EKS is the preferred choice because it doesn’t lock you into the Amazon cloud. EKS also provides additional features, more customization options, and fine-grained control over containerized applications. Keep in mind there is an extra charge of approx. $70 per month per cluster compared to ECS.
The distributed nature of containers (and microservices in general), whether running on ECS, EKS, or another orchestrator, means that your applications will typically require more than just monitoring with metrics and logs. In order to keep an eye on the many different services these applications are composed of, distributed tracing is critical to keep applications up and running smoothly.
Lumigo is a cloud native observability platform that delivers automated distributed tracing, purpose-built for distributed applications, including those running on ECS and soon, EKS.
Lumigo provides deep visibility into applications and infrastructure with all the relevant information on each component, enabling you to easily monitor and troubleshoot container applications.