What is AWS Fargate?
AWS Fargate is a serverless computing engine for containers that enables customers to deploy and manage applications, not infrastructure. Fargate works with Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS), and enables customers to deploy container based applications without having to provision EC2 instances or Kubernetes pods.
AWS Fargate launches and scales compute resources for containers, ensuring that they have the optimal amount of resource available to run customer’s applications. This ensures that they only pay for the resources required by the containers – no more over provisioning and wasted spend.
AWS Fargate also improves security through application isolation – individual ECS tasks or EKS pods run in their own dedicated kernel run time and do not share any underlying compute resources with other tasks and pods.
So what new features are available in the 1.4.0 release announced on April 8th?
1. Shared Storage with Elastic File System (EFS ) Endpoints
Fargate version 1.4.0 now allows customers to launch tasks with persistent Elastic File System (EFS) storage. Applications requiring persistent storage can now have an EFS share mounted inside a Fargate task. This enables applications sharing a common data set, such as web content management systems, to be migrated to Fargate.
2. 20GB Ephemeral Volume for Fargate Tasks
AWS has replaced the 4GB mount volume and 10GB container image volume with a single 20GB ephemeral volume for Fargate tasks. This is good news for those looking to run workloads processing large files and datasets in Fargate. This increased ephemeral volume size applies to both ECS tasks ansd EKS pods.
3. Network Performance Metrics in Cloudwatch
CloudWatch Container Insights now enables customers to monitor the network performance metrics of their Fargate tasks, in addition to CPU, RAM and disk usage.
4. Network Stats Now Available via ECS Task Metadata Endpoint
Task Metadata Endpoint Version 45 now enables customers to query for network stats. The stats are similar to those provided by Container Insights, but they are available to 3rd party tools such as Datadog (the monitoring platform used by Logicata AWS Managed Cloud Services) for additional analysis.
5. CAP_SYS_PTRACE Linux Capability Now Supported
The CAP_SYS_PTRACE Linux capability can now be enabled in Fargate tasks, affording greater visibility into containers. This allows customers to use a number of third party observability tools to meet security and compliance needs.
Docker Ditched in Favour of Containerd
Interestingly, AWS have dictched Docker as the container run time environment in favour of Containerd to simplify the environment. This is not a feature per se, more a change of underlying tech. Docker built out an entire platform on top of the Containerd runtime, with many bells and whistles that AWS simply don’t require in Fargate. This keeps the whole environment simpler and easier to secure.
For more details, check out this blog post by Massimo Re Ferre at AWS.