Skip to main content
HashnodeDevOps Basic Questions

Command Palette

Search for a command to run...

ECS, RDS, ECR, Cluster

Published
5 min read
L
Lav kushwaha

1️⃣ What is Docker and why did you use it in this project?

Answer:
Docker is a tool to package an application with all its dependencies into a container so it runs the same everywhere (local, CI, cloud).
In this project, Docker is used to containerize the Strapi app so the same image can run locally and on AWS ECS without environment issues.

2️⃣ What is the difference between Docker image and Docker container?

Answer:
A Docker image is a blueprint (like a template).
A Docker container is a running instance of that image.
In this project, CI builds a Docker image and ECS runs it as a container.

3️⃣ What is AWS ECR and why did you use it instead of DockerHub?

Answer:
ECR (Elastic Container Registry) is AWS’s private Docker registry.
We use ECR because:

  • It integrates better with ECS

  • It is more secure (IAM-based access)

  • It’s recommended for production workloads on AWS

4️⃣ What is AWS ECS Fargate?

Answer:
ECS is AWS’s container orchestration service.
Fargate is the “serverless” compute option for ECS.
With Fargate, we don’t manage EC2 servers. AWS automatically runs our containers and manages the infrastructure.

5️⃣ What is the role of Terraform in your project?

Answer:
Terraform is an Infrastructure as Code (IaC) tool.
It is used to create and manage AWS resources like:

  • ECS Cluster

  • ECS Service & Task Definition

  • RDS Database

  • Security Groups
    Using Terraform makes infrastructure reproducible and version-controlled.

6️⃣ What is CI and what is CD in your pipeline?

Answer:
CI (Continuous Integration):
When code is pushed to GitHub, a workflow builds the Docker image and pushes it to ECR.

CD (Continuous Deployment):
A separate workflow runs Terraform to deploy the new image to ECS Fargate.

So CI builds artifacts, and CD deploys them to production.

7️⃣ How does ECS pull the Docker image from ECR?

Answer:
ECS uses an IAM execution role attached to the task definition.
This role has permissions (AmazonECSTaskExecutionRolePolicy) that allow ECS to authenticate to ECR and pull the image securely.

8️⃣ Why do we use RDS instead of running Postgres inside Docker?

Answer:
RDS is a managed database service by AWS.
Using RDS is better because:

  • AWS handles backups, patching, and availability

  • The database is persistent (data won’t be lost if containers restart)

  • It’s more reliable and production-ready than running Postgres in a container

9️⃣ How does your Strapi app connect to the database in production?

Answer:
The Strapi container connects to RDS using environment variables passed in ECS:

  • DATABASE_HOST → RDS endpoint

  • DATABASE_PORT → 5432

  • DATABASE_NAME, DATABASE_USERNAME, DATABASE_PASSWORD

These values are injected into the container via Terraform and GitHub Secrets.

🔟 What is the benefit of using GitHub Actions in this setup?

Answer:
GitHub Actions automates the build and deployment process:

  • Builds Docker image automatically

  • Pushes image to ECR

  • Runs Terraform to deploy on ECS

This removes manual steps, reduces human error, and makes deployments fast and repeatable.

1️⃣ What is an ECS Cluster?

Answer:
An ECS Cluster is a logical group where containers run.
It doesn’t run code by itself, but it acts like a “workspace” that holds services and tasks.
In your project, your Strapi containers run inside an ECS cluster.

2️⃣ What is an ECS Task Definition?

Answer:
A task definition is like a blueprint for running a container.
It defines:

  • Which Docker image to run

  • CPU and memory

  • Environment variables

  • Ports

  • IAM role
    ECS uses this to know how to run your Strapi container.

3️⃣ What is an ECS Service?

Answer:
An ECS Service keeps your application running.
If a container crashes, the service automatically restarts it.
It also ensures the desired number of running containers (like 1 or more) is always maintained.

4️⃣ What is the difference between ECS Task and ECS Service?

Answer:
A Task is a single run of your container (like running docker run).
A Service manages tasks continuously and keeps them running.
In production, we use Services, not one-off tasks.

5️⃣ What is a VPC in AWS?

Answer:
A VPC (Virtual Private Cloud) is a private network inside AWS.
All your ECS tasks and RDS database run inside this network so they can securely communicate with each other.

6️⃣ What are Subnets and why are they used?

Answer:
Subnets are smaller networks inside a VPC.
They decide where your resources run (public or private areas).
In your project:

  • ECS tasks run in subnets with public IPs

  • RDS runs in private subnets

7️⃣ What is a Security Group?

Answer:
A security group is like a firewall for AWS resources.
It controls which ports are open.
Example in your project:

  • ECS security group allows port 1337 from the internet

  • RDS security group allows port 5432 only from ECS

8️⃣ What is an IAM Role and why is it needed for ECS?

Answer:
An IAM role is a set of permissions.
ECS tasks assume a role to:

  • Pull images from ECR

  • Write logs to CloudWatch
    Without this role, ECS cannot access ECR or other AWS services.

9️⃣ What is the difference between EC2-based ECS and Fargate?

Answer:
With EC2-based ECS, you manage servers (instances).
With Fargate, AWS manages the servers for you.
In your project, you used Fargate, so you don’t worry about EC2, scaling, or OS management.

🔟 What is CloudWatch and why is it useful?

Answer:
CloudWatch is AWS’s logging and monitoring service.
It shows:

  • Container logs

  • Errors

  • Health of services
    It helps debug issues when your ECS task crashes in production.

#lav

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

DevOps Basic Questions

2 posts