Containers Explained

The concept for containers comes from shipping containers, which have a standard size, shape, and common mechanisms for loading and locking containers on to ships to ship products around the world. With software, you need to package up a product and, ship it. But the problems are:

  1. different programming languages and run-times
  2. different types of tooling for DevOps practices
  3. different considerations for deployment

Docker is an open platform for developing, shipping, and running applications using containerization. In 2015, Docker and other leaders created the Open Container Initiative, or OCI. This initiative was to create a set of specifications for containers that were platform neutral. What using a container does, is it essentially bundles up:

  1. your application
  2. its dependencies
  3. its configuration, and
  4. its entire runtime

in a portable and isolated, self-contained environment. Containers rely on two features of the Linux kernel:

namespacesCreate a view of the operating system that is isolated to your container.
cgroupsLimit the resources available to a container, like CPU and memory.

Docker builds on these features, meaning we can isolate the processes running on a machine, and share the underlying resources without having to do any of the isolation or virtualization work ourselves. Once you have a Docker container built, it can then be run consistently on any machine that has Docker installed.

Containers vs Virtual Machines

Containers are similar to virtual machines.

Virtual MachinesVirtualization by hypervisor mimics a hardware environment.
Each VM has its own operating system.
ContainersContainer engine has a layer of virtualization for the operating system.
Each container only has the application and what the app needs to run.
No need to have a full guest OS for each container.
Every container instance can use the features and resources of the host.

On AWS, you would likely run containers on top of a VM. A container is able to consume less resources when compared to VMs, and oftentimes become available more quickly than traditional VMs do, which is a great benefit of using containers. Containers can be smaller and more lightweight than VMs. So you can pack more of them onto a single host.

In microservice architectures, application components are broken down into multiple smaller services that communicate and make up a larger application. With containers, you can easily deploy and scale services on an individual basis. Another win for using containers is portability, you can package up the application and easily move it from machine to machine. The benefits of containers include:

  1. Resource utilization: fit multiple lightweight containers onto a single virtual machine and increase resource efficiency and density.
  2. Automation: easier to automate software development lifecycle tasks.
  3. Speed: containers are quick to run.
  4. Scalability: enable microservices architectures, you can horizontally scale out quickly and efficiently to meet demand.
  5. Developer productivity.
  6. Portability: workload will behave the same across environments

Basic Concepts of Docker

Docker has 3 main components:

Docker commandProvides developers a way to interact with Docker daemon through a command line interface, or CLI.
Sends requests to the daemon.
Docker daemonInstalled on a host machine, and essentially acts as the brain of Docker that creates and manages your Docker images on your behalf.
Image registryStores Docker images, which are lightweight, executable packages that include everything you need in it.

How to pull and run an image, and turn it into a container running on a host?

  1. Issue docker run command.
  2. The Docker client will communicates that command to the Docker daemon.
  3. The daemon will check to see if the appropriate image exists on the Docker host.
    • If it does not, the daemon downloads the image from the Image registry.
  4. The daemon spins up the Docker container on the Docker host using that image.

A container is simply a running instance of a Docker image. You can pass configuration data into the containers at runtime, through environment variables or through volumes.

Build Docker Images

You provide the instructions in something called Dockerfile to the Docker daemon, which then builds the image for you. Once you have this Dockerfile in place, you run the docker build command with the Docker client and the Docker daemon builds the Docker image.

Each instruction in the Dockerfile creates what is called a layer. A Docker image is composed of multiple layers that are stacked on top of each other, and each layer can then be used across multiple images.

Docker uses Union File Systems for the efficient storage of these layers. A Union File System allows you to overlay multiple layers so that they appear as a unified view to the container. Docker mounts a writeable layer on the top of the lower read-only layers. If a file that exists in a lower layer needs to be modified, it would be copied to the write-able layer, not modifying the copy from the lower layer.

Amazon Elastic Container Registry

Registries are repositories for images that you can use to securely store and retrieve images. Amazon Elastic Container Registry (ECR) is a fully managed AWS Docker registry service that is secure, scalable, and reliable. It supports both public and private repositories, it also supports resource-based permissions using IAM, so you can limit access to specific users or virtual machines.

You need to authenticate with ECR as your default registry. That way, when you go to use the docker commands, it can push and pull images with Amazon ECR. The command

aws ecr get-login-password

allows you to simplify this authentication process.

Next you can create a repository to hold the image. The command to create the repository is

aws ecr create-repository

Finally, let’s push the container image. To do this, we must first use command docker tag to tag the image, providing the URL to our repository; then use command docker push to push the image.

docker tag ... <URL>
docker push <URL>

Run Your Containerized Applications

Containers are a very convenient way to deploy applications and control access to resources. AWS has incorporated containers into all of the services mentioned here.

AWS App Runner

On AWS, App Runner is a fully managed container application service that offers the easiest way we could use to

  1. create infrastructure to host an application, and
  2. deploy our new container image to the infrastructure.

You simply hand App Runner a container image or source code for a web application, and App Runner prepares the hosting infrastructure automatically. You have control over settings and configuration, like the CPU, memory, and environment variables.

The infrastructure load-balances requests to my application with end-to-end encryption. App Runner monitors the concurrent requests to an instance and can scale the number of application instances between a minimum and a maximum that you control.

Furthermore, if you need finer-grained controls over the infrastructure hosting your containers, you may want to look at other options like:

  1. hosting your containers on an EC2 instance, or
  2. take advantage of an orchestration service, like Amazon Elastic Container Service or Elastic Kubernetes Service.

Elastic Container Service

Elastic Container Service, or ECS, is a fully managed, container-orchestration service. ECS handles the scheduling (or placement) of containers on the cluster of computing resources (e.g. EC2 virtual machine instances or AWS Fargate).

Elastic Kubernetes Service

Elastic Kubernetes Service, or EKS, is also a managed container service to run Kubernetes on AWS. Kubernetes is an open-source project for deploying, scaling, and managing containerized applications. AWS hosts the Kubernetes control plane side of things, and your containers run in a cluster. Like ECS, the cluster can be EC2 instances or AWS managed Fargate resources.

Lambda For Container Workloads

AWS Lambda is a serverless compute service. You hand over your code to Lambda, and your code is run on AWS infrastructure. You don’t worry about the servers or the infrastructure running the code. You can also package up your code into a container image to hand on to Lambda. Your containers are now getting all the serverless benefits of running on Lambda.

AWS Batch

AWS Batch is the service for your batch computing workloads, when you need to do something asynchronously on a large set of data that will take a little bit of time to complete. The unit of work in Batch is called a job. The code you want to run by Batch is packaged up in a container image and delivered to Batch. To run jobs, you need to create:

  1. A computing environment (where you want to run your jobs)
    • Managed: Batch will grow and shrink your cluster, depending on the requirements of your tasks. Cluster will shrink down to zero, if there is no tasks to run. Batch is actually creating an ECS cluster for your computing environment.
    • Unmanaged: when you want to manage the instance provisioning, configuration, and scaling.
  2. A job definition (defines a container image)
  3. A queue (when you want to run one or more jobs)

A compute environment can have many queues defined. Each queue can have a different priority. Batch uses the priority to schedule jobs in your compute environment.

Amazon SageMaker

Amazon SageMaker is a service to build, train, and deploy machine learning models. When you train a machine learning algorithm with SageMaker, both the inference endpoints and the training algorithm are supplied in a container image.

AWS IoT Greengrass

AWS IoT Greengrass is a runtime and a cloud service for you to build, manage, and deploy your IoT applications on your devices. You design the components you want to run on your devices which operate on data locally. The Greengrass cloud service stores the inventory of your devices in the field, and securely works with the runtime to deploy your components, which consumes artifacts including scripts, compiled code, static resources, and Docker containers.

AWS CodeBuild

AWS CodeBuild is a fully managed continuous integration (CI) service. CodeBuild compiles source code, runs tests, and produces software packages for development teams. You start by configuring a build project, which contains all the commands you run to compile and test. CodeBuild uses a container image to run the build commands.

AWS Elastic Beanstalk

AWS Elastic Beanstalk is a service for deploying and scaling web applications. Elastic Beanstalk automates a lot of the deployment of an application on to AWS resources. You just hand the code and configuration to Elastic Beanstalk, which will create the infrastructure, build, and deploy your application.

My Certificate

For more on Container Basics on AWS, please refer to the wonderful course here

Related Quick Recap

I am Kesler Zhu, thank you for visiting my website. Check out more course reviews at

Don't forget to sign up newsletter, don't miss any chance to learn.

Or share what you've learned with friends!

Leave a Reply

Your email address will not be published. Required fields are marked *