AWS Fargate

  • Topics

AWS Fargate: Managing Container Infrastructure

AWS Fargate is a serverless compute engine for containers that works with both Amazon ECS and EKS.

As container technology has grown in popularity, especially Docker, cloud providers started to build services supporting it. AWS launched the Elastic Container Service (ECS). While Docker was gaining traction in containers, Kubernetes was rising as a container orchestration solution, and AWS also launched Elastic Kubernetes Service (EKS). The combination of Docker and Kubernetes is now the cornerstone of container-based applications.

But managing a container hosting platform is not easy and requires dedicated DevOps engineers to monitor and upgrade with patches, version upgrades, and so on. Considering this overhead, AWS launched a new service called AWS Fargate. It is actually not a service but a feature tagged with AWS containerized solution services like ECS and EKS.

Fargate enables you to focus on building your applications, not infrastructure. With a serverless approach, Fargate removes the need to provision and manage servers, patching, and cluster capacity management. It provides features to specify and pay for resources per application. Security is enabled by isolating the application hosting by design. AWS Fargate also makes it easy to scale your applications. With a little configuration, you can enable AWS Fargate to manage all the scaling and infrastructure needed to run your containers in a highly-available manner.

How It Works

Image Source

To understand how Fargate works, first let’s understand some terminology:

  • Docker Container –  A Docker container is a unit of software application that contains all the components required for the application to run, including dependencies, configuration, start scripts, system tools, volumes, and so on. 
  • Container Image – A Docker container is created from an image that is built using the Docker file. It is a blueprint of a container that defines all the required resources. These images are stored in a container repository also known as a container registry.
  • Task Definition – Both ECS and EKS provide options to create Task definition. It is a simple JSON file that defines how many containers to be run, CPU and memory, scaling, and other application configurations. You also define here what type of launch you need for EC2 or Fargate.
  • Task – Task is the instantiation of the task definition for a cluster. You can define how many tasks should run in a cluster using a service.
  • Cluster – Cluster is the logical group of resources the application needs to run.

An AWS ECS cluster is a logical grouping of tasks or services. If you are using the EC2 launch type, a cluster is also a grouping of container instances. If you are using Fargate, clusters of container instances are managed by AWS.

Now, let’s understand the steps required to get AWS Fargate running. We will use ECS to create a cluster using the Fargate launch type:

Step 1 –  Launch the ECS service: Open the AWS Console, search for ECS, and click on the Get Started button on the screen.

Step 2 – Create a Container Definition – Now, you have to select an image that should be used to create the container for running the application.

Configure the image details, such as image repository URL, memory limits, and other container configurations. Usually, you would be keeping your images in ECR or a private repository.

Step 3 – Task Definition: The Next step is to create a task definition. You can define the Network mode, IAM role, memory, and CPU configuration.

Step 4 – Define the Service: Now, configure a service that launches and maintains a specified number of copies of the task definition in your cluster. You can use preloaded service definitions, or optionally, choose to edit a number of tasks, the load balancer, or rename the service.

Step 5 – Configure the Cluster: As the last step, let’s configure the cluster by filling out the name for your cluster. AWS ECS takes care of the networking and IAM configuration.

The last screen is for review. Click on Create to finish.

For a simple application, this is enough to get started. For production-ready applications, you still need to automate this whole process using CloudFormation or a Terraform script.

AWS Fargate Pricing

Like any other AWS serverless service, there is no upfront cost for using Fargate. You only need to pay for the resources you use. For Fargate, these resources would be the vCPU and memory used by the container applications.

Pricing will be different based on the region where resources are utilized. For example:

For us-east (North Virginia)

per vCPU per hour  $0.04048

per GB per hour      $0.004445

Duration

Pricing is per second with a 1-minute minimum. The duration is calculated from the time you start to download your container image until the Task terminates. It rounds up to the nearest second.

Observability with AWS Fargate

Observability for any service includes monitoring, logging, and tracing. For Fargate, AWS App Mesh and Amazon CloudWatch Container Insights are used, or you can use a much more powerful platform such as Lumigo. These products take care of logging and monitoring for convenience and transparency.

App Mesh externalizes the monitoring and routing configuration. It removes the need to update the application code. App Mesh configuration enables each service to export monitoring data and implements logic to have consistent communications across the application.

CloudWatch Container Insights can be used to collect, aggregate, and summarize metrics and logs from your applications in AWS ECS and AWS EKS.

Application Security with AWS Fargate

AWS Fargate can be integrated with AWS Secret Manager or the AWS Systems Manager Parameter Store to pull the credentials. These secrets can be exposed as environment variables in the container.

Below is a snippet of a task definition referencing a Secrets Manager secret:

Below is a snippet of a task definition referencing a Systems Manager Parameter Store parameter:

To expose applications running on Fargate in a private subnet in a VPC, you can use API Gateway and AWS Private. This way you can create private and secure APIs.

CI/CD with AWS Fargate

In AWS, there are specific services for implementing continuous integration and delivery. The CI/CD stack for Fargate consists of AWS CodeCommit, AWS CodeBuild, and AWS CodePipeline. These services are used to check out the code, build, and then push the code to containers through AWS Fargate.

Image Source

Summary

In this article, we have discussed the AWS Fargate in detail and how it complements the ECS and EKS services to enable serverless compute. If you explore ECS/EKS with the EC2 launch type, you will find that there are many configurations needed to create the Linux cluster. Without Fargate, you would need to familiarize yourself with several infrastructure components to get it done right. With the introduction of AWS Fargate, creating container-based applications becomes much easier.