logo
Leveraging AWS Fargate for Containerized Workloads

Leveraging AWS Fargate for Containerized Workloads

Discover What's AWS Fargate: serverless, secure and on-demand

Published Jan 1, 2024

To answer to that question we need to understand the different layers on a infrastructure and the level of abstraction of each solution.
A picture is worth a thousand words
VM vs Docker
VM-Container-Architecture
(source : cloudacademy.com)
There's a lot to say between a VM & Container but to be simple, less layer.
We can see that a container is like a lightweight, portable box for software. It wraps up everything an app needs to run. Containers make it easy to build, ship, and run apps, ensuring they run smoothly across different environments.
On AWS there's differents services that can run a container but we will see the more advanced "serverless" feature to deploy containers on your workload : Fargate.

AWS Fargate is a serverless, secure and on-demand pricing for containers.
What does that mean ?
Serverless : Managed by AWS. No AMI's to maintain, no EC2 Instances to provision, scale, or managed.
Secure : Isolated, patched, and compliant for running the most sensitive workloads
On-demand pricing : Pay for what you need
If we go into details we can see that a large part is managed by AWS (like ECS Agent & Worker Node Configuration)
AWS Shared Responsibility Model – Amazon ECS on Fargate
AWS Shared Responsibility Model – Amazon ECS on Fargate
To have that level of segmentation & security possible, Fargate is based on an AWS open source project of MicroVM's : FireCracker
When we launch a container with Fargate we have a task (created via json or console), each task on Fargate has his own Linux Kernel and a strong task isolation boundary.
On the task we can define how many vCPU and RAM we want to allocate to the container, it can start to 0.25 vCPU (!) to 16 vCPU and 512MiB to 120GB (details here)
We can use Linux or Windows operating systems on Fargate
You can also use Fargate on Kubernetes pods via EKS
For optimal use when the workload varies over time you can use Fargate with an auto scaling and define the minimum number of tasks with the maximum and a desired number to consume and pay only what you need at that time (details).
If you have the possibility don't hesitate to build your container on an ARM64 platform you can delivers up to 40% improved price/performance at 20% lower cost over comparable Intel x86-based. (CodeCatalyst & CodeBuild has ARM64 builder by default)
You can also use Fargate with spot capacity (up to 70% of discount) or for more stable use subscribe to compute savings plan (details)
When you build the container and send to an registry (like ECR) you can optimize the startup time with lazy loading (or asynchronous loading) via Seekable OCI, an open source technology by AWS (details)
On the security part you can use Amazon Inspector on ECR to scan on each push the image.
It came out at this Re:Invent 2023, GuardDuty can also detect threat on the task directly (details)
You can also look on ECS Best practices page for best use of a container
In summary : AWS Fargate will help you to go faster on your containerized workloads: serverless, secure and on-demand, what else ? :)