Cloud Financial Management (FinOps)
Autoscaling applications
Amazon Web Services
Big data
Container infrastructure
Microsoft Azure
Reserved commitment management
Cloud services for MSPs
Google Cloud
Spot Overview
About NetApp
Elastigroup
Ocean
Ocean CD
Spot Connect
Eco
Cost Intelligence
Billing Engine
CloudCheckr
Ocean for Apache Spark
Spot Security
Case Studies
Resource Center
Documentation
News
Service Status
What Is CloudOps?
How to Operationalize FinOps
About Us
Contact Us
CareersWhat Is AWS Fargate?
AWS Fargate is a serverless computing engine that allows you to run containers in the cloud without having to manage the underlying infrastructure. It is a compute engine for Amazon Elastic Container Service (ECS) that enables you to deploy and manage Docker containers without having to provision and manage the underlying servers or clusters.
With Fargate, you only need to define the container requirements such as CPU, memory, and networking resources, and AWS will take care of the rest. This includes launching the required infrastructure resources, scaling resources as needed, and maintaining the underlying infrastructure.
Fargate allows you to focus on your application instead of managing the infrastructure, making it easier to deploy and manage containerized applications in the cloud. It supports both Linux and Windows containers, and integrates with other AWS services such as Amazon Elastic Kubernetes Service (EKS), Amazon Simple Storage Service (S3), Amazon CloudWatch, and AWS Identity and Access Management (IAM).
This is part of an extensive series of guides about cloud security.
In this article:
- AWS Fargate Benefits and Limitations
- AWS Fargate Components
- How Does Fargate Work?
- AWS Fargate: Key Features
- Comparing Fargate and Related Technologies
AWS Fargate Benefits and Limitations
AWS Fargate provides several benefits that make it an attractive option for running containerized applications in the cloud, including:
- Simplified infrastructure management: With Fargate, you don’t need to worry about provisioning or scaling compute resources, or managing the operating system, networking, and storage configuration. This simplifies infrastructure management, and allows you to focus on building and deploying your applications.
- Security: Fargate provides built-in security features, such as isolation between containers, secure communication between containers, and integration with AWS IAM. This helps improve the security posture of your applications.
- Flexibility: Fargate supports both Linux and Windows containers, and can be used with a wide range of containerization technologies, such as Docker. This makes it easy to deploy and manage containerized applications on AWS, regardless of the underlying technology.
- Integration with other AWS services: Fargate integrates with other AWS services, such as ELB and ECR, to provide a comprehensive solution for container management. This allows you to easily manage and monitor your containers, and integrate them with other AWS services as needed.
Here are some limitations of AWS Fargate:
- Privileged containers: AWS Fargate does not support privileged containers, which are containers that have access to the host system, and can perform operations that would not normally be allowed by a non-privileged container.
- Network configuration: Pods running on Fargate cannot specify HostPort or HostNetwork in the pod manifest. Additionally, pods that run on Fargate are only supported on private subnets (with NAT gateway access to AWS services, but not a direct route to an Internet Gateway).
- Resource limits: Fargate has default resource limits for CPU, memory, and other resources. Additionally, the default nofile and nproc soft limit is 1024 and the hard limit is 65535 for Fargate pods.
- GPU support: GPUs are not currently available on Fargate, so workloads that require GPU acceleration must be run on EC2 instances.
- Region availability: Fargate pods cannot be deployed to AWS Outposts, AWS Wavelength, or AWS Local Zones.
- Instance metadata service: The Amazon EC2 instance metadata service (IMDS) is not available to pods that are deployed to Fargate nodes, which can limit certain IAM capabilities and require hard coding some information in the pod spec.
AWS Fargate Components
Here are the main components of AWS Fargate:
- Tasks: A blueprint that defines the container(s) and resources required to run a task. It includes information such as the container image, CPU and memory requirements, port mappings, and other settings. You can define task definitions using the Amazon ECS console, AWS CLI, or AWS SDK.
- Cluster: A grouping of one or more tasks that represents the resources needed to run those tasks. A cluster can be created and managed through the Amazon ECS console or AWS CLI. You can specify the type of cluster (EC2 or Fargate) when creating it.
- Container image: A container image is a lightweight, standalone, and executable software package that includes everything needed to run an application, including code, libraries, and dependencies. Container images can be stored in container registries, such as Amazon Elastic Container Registry (ECR), or in public repositories, such as Docker Hub.
- Compute resources: Fargate provides the underlying compute resources, such as CPU and memory, needed to run your containers. You can specify the amount of CPU and memory required by each container in your task definition. Fargate manages the provisioning and scaling of compute resources based on the requirements specified in your task definition.
- Networking: Fargate provides networking capabilities, such as VPC support, security groups, and elastic network interfaces (ENIs), to enable communication between containers and other resources within your VPC.
- Amazon ECS: Fargate is part of Amazon ECS, which provides an API to interact with Fargate. It allows you to use other AWS services, such as CloudWatch and CloudFormation, to manage and monitor your containers.
How Does Fargate Work?
AWS Fargate allows you to run containers in the cloud without having to manage the underlying infrastructure. Here’s how it works:
- Container definition: You define the container requirements such as CPU, memory, and networking resources, as well as the container image, command, and other details using the AWS Management Console, AWS CLI, or AWS SDK.
- Task definition: You then define the task that describes how to run the container, including the container definition, networking, and storage configurations.
- Cluster: You create a cluster to group your tasks and enable communication between them.
- Launch type: When launching a task, you choose Fargate as the launch type. This tells AWS to launch the task on Fargate instead of on EC2 instances.
- Resources provisioning: AWS then provisions the necessary infrastructure resources to run the container, including CPU, memory, and networking resources.
- Container scheduling: Fargate schedules the container on a serverless compute engine that has been specifically optimized for running containers.
- Scaling: Fargate automatically scales the infrastructure resources up or down based on the demand for your application.
- Monitoring: You can use Amazon CloudWatch to monitor your Fargate tasks and configure alarms to notify you of any issues.
AWS Fargate: Key Features
Flexible Configurations Options
Fargate offers flexible configuration options that allow you to specify CPU and memory resources for each container. You can also configure networking and storage settings for your containers. This allows you to fine-tune the performance of your containers and ensure that they have access to the resources they need.
Load Balancing
Fargate integrates with Elastic Load Balancing (ELB), which allows you to distribute traffic evenly across multiple containers. This helps ensure that your application is highly available, and that traffic is directed to healthy containers. You can use ELB to manage traffic to your containers and automatically adjust the number of containers running based on traffic patterns.
Auto Scaling
Fargate supports automatic scaling, which allows you to scale your application up or down based on demand. You can define scaling policies that will automatically add or remove containers based on metrics such as CPU usage or network traffic. This helps ensure that you are only paying for the resources that you need, and that your application can handle spikes in traffic.
Networking
Fargate allows you to securely connect your containers to other resources in your VPC. You can configure subnets, security groups, and network access control lists (ACLs) to control inbound and outbound traffic to your containers. This helps ensure that your containers are isolated from other resources in your VPC, and that traffic is routed securely.
Permission Tiers
Fargate allows you to control access to your containers and resources using IAM roles and policies. You can define granular access controls for your containers, and specify which resources they can access. This helps ensure that your containers are only able to access the resources they need, and that your application is secure.
Logging and Visibility
Fargate integrates with Amazon CloudWatch, which allows you to monitor and troubleshoot your containers in real-time. You can view metrics such as CPU usage, memory usage, and network traffic for your containers, and configure alarms to notify you when certain events occur. This helps ensure that you can quickly identify and resolve issues with your containers, and that your application is running smoothly.
Comparing Fargate and Related Technologies
Kuberetes vs. Fargate
Kubernetes is an open source container orchestration engine that automates the management tasks associated with running containerized applications, while Fargate is a serverless compute engine for Amazon ECS that allows you to run containers without having to manage the underlying infrastructure.
Fargate can be used as an optional management tool that complements EKS, Amazon’s managed Kubernetes platform, and provides an alternative scheduler for pods deployed within an EKS cluster. Fargate can also work with ECS outside of a Kubernetes cluster.
Learn more in our detailed guide to Fargate vs. Kubernetes (coming soon)
Amazon EC2 vs. AWS Fargate
Amazon Elastic Compute Cloud (EC2) provides scalable compute capacity in the cloud. It allows users to launch and manage virtual machines (known as instances) in the cloud, giving them complete control over the operating system, network, and storage configuration of these instances.
EC2 instances can be used for a wide range of computing tasks, from running simple web applications to processing large datasets. Amazon EC2 is a foundational service for building applications in the AWS cloud.
Here are the key differences between Amazon EC2 and AWS Fargate:
- Management: Amazon EC2 requires you to manage the underlying infrastructure, including managing the operating system, security patches, and scaling the compute resources. AWS Fargate abstracts the underlying infrastructure, and manages it for you, allowing you to focus on running your applications.
- Pricing: Amazon EC2 is billed on an hourly basis, and you pay for the compute resources you provision, regardless of whether they are being utilized or not. AWS Fargate storage is billed on a per-second basis, and you only pay for the resources your application uses.
- Configuration: With Amazon EC2, you have full control over the configuration of the compute resources, including the operating system, storage, and network settings. With AWS Fargate, you have less control over the underlying infrastructure, but the configuration is simplified through the use of container images and task definitions.
Learn more in our detailed guide to Fargate vs EC2 (coming soon)
Optimizing AWS Fargate Costs with Spot by NetApp
Automatically give containers the optimal infrastructure and make sure your clusters always have the resources they need.
Ocean by Spot continuously monitors and optimizes container infrastructure to maximize efficiency and availability while minimizing costs, helping CloudOps teams focus on their workloads and applications rather than be burdened by management of their container infrastructure.
Learn more about how Spot by NetApp can help you optimize AWS Fargate costs
See Additional Guides on Key Cloud Security Topics
Together with our content partners, we have authored in-depth guides on several other topics that can also be useful as you explore the world of cloud security.
SSPM
Authored by Cynet
- What Is SSPM? Overview, Features and Best Practices
- SaaS Security: The Challenge and 7 Critical Best Practices
- 7 SaaS Security Best Practices You Must Know
AWS EKS
Authored by Spot
- Complete Guide to AWS EKS: Architecture, Pricing, and Tips for Success
- Amazon ECS Vs EKS: Container Orchestration Simplified
- Understanding EKS Pricing and 5 Ways to Reduce Your Costs
Secret Management
Authored by Configu