AWS Fargate is a service that provisions serverless compute resources to run AWS ECS and EKS containers. AWS states that Fargate allows you to focus on building your applications when you let Fargate provision and manage the infrastructure required. Think of it as containers on-demand with no underlying manually created infrastructure that are quick to launch and scale, where you manage everything at the container level.
You specify the resources your application needs to run and Fargate handles the provisioning of compute resources in an isolated and secure instance.
Fargate determines the correct amount of compute resources required, which means you don’t need to worry about selecting instance types or having to scale the cluster capacity.
With Fargate you only pay for the resources required to run your containers as they are consumed which means you eliminate over provisioning and paying for servers you don’t need.
Fargate tasks (pods) run in their own kernels providing a secure and isolated compute environment, which provides an isolated workload and improved security as a consequence.
Some major AWS clients like Vanguard, Accenture, Foursquare and Ancestry have selected Fargate to run their mission critical applications.
NAB a major Australian bank anticipate the removal of infrastructure management by using Fargate for EKS will reduce development costs on new projects by up to 75%. This ties in with the AWS premise that Fargate allows teams to build and operate applications using ECS or EKS containers without having the labour intensive infrastructure management tasks like scaling and securing servers and patching operating systems.
AWS Fargate provides a good level of observability with built in integrations with other AWS services like Amazon CloudWatch Container Insights. You can gather logs and metrics using any number of third party tools.
Fargate will always launch and scale compute resources to match the requirements you specify for the container, so over-provisioning is prevented meaning you aren’t paying for resources you aren’t using. You can also get spot and compute savings plan. The Fargate Spot option provides up to 70% savings over standard pricing, but is best used with interruptible applications.
AWS Fargate Platform Versions
Fargate platform version refers to the runtime environments available for the task infrastructure, which is a combination of the container runtime version and the kernel version.
When specifying a platform version, you can select a specific version ie 1.4.0 or specify LATEST. Once deployed and you have tasks running, should your services need to scale, additional tasks are instantiated using the same version as the parent deployment.
When a new platform version is released, you can update your service, change the platform version and force a new deployment. This redeploys your tasks with the latest version.
How does Fargate work?
To utilise Fargate to manage the deployment of your application container, you will need to have a container stored in a container registry like ECR or DockerHub and set up a task and cluster via ECS or EKS.
The steps in the deployment cycle are:
1) Build a container image
2) Host in a registry ie Amazon ECR or DockerHub
3) Choose an orchestration service - either Amazon ECS or EKS
4) Create a Cluster taking the AWS Fargate option
Your container Image is a read-only template that can be built from a docker file which contains your code, system libraries, tools, runtime and other dependencies required by your application to deploy. The docker file is a plain text file that details all of the required components that generates the container Image for storage in a container registry like DockerHub or Amazon Elastic Container Registry.
Once in the registry, your container can be pulled into a cluster instance to be run whenever required.
To set up the container to run using ECS you will then need to set up a task definition. Typically a task definition is a JSON file containing a blueprint of the requirements and settings needed to run the container. Container definitions like the image type, memory, cpu & network mode.
If you were using EC2 to run your application in a cluster your would need to define:
- Task Name
- Task Role (Optional IAM role to make API calls)
- Network Mode (Bridge on Linux, NAT on Windows)
- Task Memory
- Task CPU
- Add the container name
- Add the container image location
- Specify memory limits
- Create a Cluster
- Select from EC2 Linux + Networking or EC2 Windows + Networking
- Name the Cluster
- Select a provisioning model (On-demand or Spot Instances)
- Select the required EC2 Instance type - ie M5.large
- Select the number of Instances to provision
- Select the EBS storage size in GB
- Add an SSH keypair if RDP access is required
- Select whether to create a new VPC or utilise an existing one
- Select or create a new security group
- Set up Subnet1 and Subnet2
- Create or select an IAM role for use by the ECS Container Agent
As you can see, setting up your cluster, tasks and containers using EC2 can be a lengthy and quite complex process.
Using Fargate on the other hand removes the majority of these set up requirements.
The starting point is the Amazon ECS service dashboard. If visiting for the first time, it will look something like this:
Once you click the get started you’ll get an overview of how the ECS objects relate to each other
and you then get to select from some standard container images like a sample app, nginx or tomcat webservers.
This is where you find the custom container definition, which is where you enter the location of the container you wish to run.
At this point there is also a default task definition which sets an ECS task execution role and allows you to set the task name, task memory and task CPU:
Next you can define elements of the Service settings like the service name and the number of tasks you would like to provision for the service. Having multiple tasks can mitigate against service failure should a singular task fail for some reason.
You can also set a port range here to enable access to your application and define load balancing settings if required.
The service will create a single security group unless load balancing is configured, then two new security groups are instantiated.
The next step is to name your cluster:
Once you continue you will get the option to review all the settings for the Task, Service and Cluster before creating the Fargate instance.
When you are happy with the settings, click create. Note we have not had to select any EC2 instance types or configure any underlying infrastructure. Fargate will provision all of this automatically.
After a few minutes the service creation should complete.
And you can view the service.
To access the application, access the Tasks tab of the service
Then select the running task id
The public IP address is displayed in the network settings of the task.
Enter that into a browser to view the running web application.
In this example we deployed the AWS sample-app container using Fargate. Using Hava cloud visualization, we can visualize the container deployment. Connecting Hava to the AWS account used in this example, we can see a diagram has been created for the cluster.
Selecting the bounding box (the cluster) - details are displayed in the attribute pane on the right hand side of the diagram showing details of the ECS cluster which shows the status of the cluster, active services and tasks.
You can then select the services contained within the cluster. In this instance there is just the one service:
And finally we can select the individual task visualized within the service to see all the details related to the task, including the running status, container id and the service and cluster running it.
This container view can also be switched to the hava.io list view to get details of all the ECS deployment info, containers, clusters, services and tasks.
When we set up the cluster using Fargate, we were told security groups would be created. Hava also visualizes the security groups. In this example, we can see two security groups were created and one port has been opened, which is the one we specified during the cluster set up.
Selecting one of the security groups on the diagram will reveal the metadata related to that group in the attribute pane to the right of the diagram. In this example the ECS MyCluster SG is selected revealing the ingress/egress ports configured and the connected resources.
If you are building and deploying applications on AWS infrastructure, whether using Fargate, traditional ECS or non containerised EC2 infrastructure, you can visualize your infrastructure using Hava.
You can try Hava for yourself here: