So for the penultimate session at AWS Builders Day, Abby Fuller returned to present a deep dive on AWS Fargate.
Why Fargate? Running a container locally is easy, running a few containers is ok, running lots is difficult and becomes lots of work.
ECS made some of this easier, it went part of the way but it’s not totally hands off. There are still a lot of responsibility on the customer to look after the infrastructure.
Fargate – “you just want the f*&%$£* sandwich”
Fargate launches via ECS, instead of selecting EC2 for your launch type you select Fargate. It uses the same ECS API and task definition schema. You can run a hybrid ECS cluster between EC2 and Fargate, and change the launch type if needed between the two. You might do this for instance if some of the containers in your cluster need custom configuration on the host, in which case you would use EC2 as the launch type. Or if you wanted to troubleshoot an issue for containers using Fargate, you might debug them by launching them on EC2.
Task definitions – this is pretty much everything in Fargate.
- Defines a task version
- Contains Container definitions (name, image)
Fargate workflow, the Orchestrator is ECS or in the future EKS.
When to use Fargate vs EC2;
- If you need a different networking mode or need to customise the EC2 host, use EC2 mode
- If you don’t need advanced access and can support awsvpc networking mode, go with Fargate.
Continuing on with task definitions. In definitions you can define cpu and memory units, at task level and per container within a task. The per container option can be used to ensure individual containers do not use up all resource. By default, all containers get an equal share. There are 50 different types of CPU/memory configurations that can be defined in task definition.
Task definitions can define pinning to a runtime version (i.e. Fargate version – currently only one version available v1.0)
Networking and Security
Abby had lots of networking questions so added a 101 section on networking to cover this off. This was a pretty rapid section which is covered elsewhere on the internet so didn’t catch everything at this point.
The new awsvpc networking type is the only one available for Fargate. Each task is allocated its own ENI and its own private IP address in your VPC.
Outbound internet access is required for image pull and log pushing, even if you app doesn’t need outbound internet.
There are three types of permission;
- Housekeeping (infrastructure services)
IAM role arn can be definined in task definition
Isolation is also cluster level. Have a separate cluster for production, Dev, staging etc
Fargate supports ALB and NLB, not classic ELB.
Fargate uses the same cli as ECS; aws-cli and ecs-cli. There is also an unofficial Fargate cli for working just with Fargate, this is meant to be good. Abby also recommended the Awesome ECS GitHub repository, as it also has a lot of Fargate content;