
AWS Fargate – Run Containers Without Managing Infrastructure - moritzplassnig
https://aws.amazon.com/blogs/aws/aws-fargate/
======
eropple
Fargate looks really expensive compared to just running an EC2 instance. A 1
vCPU container with 2GB of RAM will run you $55/month. An m3.medium with 1
vCPU and 3.75GB of RAM is $49. The prices seen to get uncomfortably worse from
there, though I haven't priced them out the whole way, but a 4 vCPU container
with 8GB of RAM is price-competitive ($222 for the container, $227 monthly for
the machine) with a freaking i3.xlarge, with 4 vCPUs and 30.5GB, and the
i3.xlarge also has 10Gbit networking. Topping Fargate out at 4 vCPUs and 30GB
of RAM puts it right between an r4.2xlarge and an i3.2xlarge, both with 8
vCPUs and 61GB of RAM (the i3 is more expensive because it's also got 1.9TB of
local SSD).

Enough people are still trying to make fetch happen, where fetch is container
orchestration, that I expect that fetch will indeed eventually happen, but
this is a large vig for getting around not-a-lot-of-management-work (because
the competition isn't Kubernetes, which is the bin packing problem returned to
eat your wallet, it's EC2 instances, and there is a little management work but
not much and it scales).

If you have decided that you want to undertake the bin packing problem, AWS's
ECS or the new Elastic Kubernetes Service makes some sense; you're paying EC2
prices, plus a small management fee (I think). I don't understand Fargate at
all.

~~~
NathanKP
AWS employee here. Just want to say that we actually had a typo in the per
second pricing on launch. The actual pricing is:

    
    
        $0.0506 per CPU per hour
        $0.0127 per GB of memory per hour
    

Fargate is definitely more expensive than running and operating an EC2
instance yourself, but for many companies the amount that is saved by needing
to spend less engineer time on devops will make it worth it right now, and as
we iterate I expect this balance to continue to tip. AWS has dropped prices
more than 60 times since we started out.

~~~
derefr
I know AWS services put outsized fees on things that don't really have
marginal costs (e.g. S3 read operations), because the fees are used to
disincentivize non-idiomatic use-cases (e.g. treating S3 as a database by
scanning objects-as-keys.)

Under this economic-incentive-system lens, I'm curious whether new AWS
services might also be intentionally started out with high premiums, as a sort
of economically-self-limited soft launch. Only the customers with the biggest
need will be willing to pay to use the service at first, and their need means
they're also willing to put up with you while you work out the initial kinks.
As you gain more confidence in the service's stability at scale and matching
to varied customer demands, you'd then lower the price-point of the service to
match your actual evaluation of a market-viable price, to "open the
floodgates" to the less-in-need clients.

~~~
sync
Tangentially related: you can definitely use S3 as a database now, and they
seem to encourage it: [https://aws.amazon.com/blogs/aws/s3-glacier-
select/](https://aws.amazon.com/blogs/aws/s3-glacier-select/)

~~~
mrep
Without lock support, I wouldn't consider it a database.

~~~
justonepost
Kind of a read mostly database, actually useful for data lake type things.

~~~
IanCal
Yeah I'm really looking forward to this as I often have to get some part of
one of many jsonl files that matches some condition.

S3 select will likely let me delete a lot of custom code.

------
bdburns
(Azure Container Instance engineer here)

This looks very similar to what we launched with Azure Container Instances
last summer.

The Azure Container Instances kubernetes connector is open source and
available here:

[https://github.com/Azure/aci-connector-k8s](https://github.com/Azure/aci-
connector-k8s)

~~~
johnnycarcin
Came here to post this. To me it shows the gap between Azure and the non-
enterprise world. Azure did this awhile back, as well as the managed k8s
thing, neither of which got much run on HN.

Perhaps Azure needs to work on marketing? Is there a legitimate reason Azure
isn't getting more traction in the non-enterprise world? I mean that as a
totally serious question, not in a dickish way. Is it because it has the
Microsoft name attached to it or just because AWS has so much traction?

As always, full disclosure that I work at MSFT as well.

~~~
7ewis
We run AWS, GCP and Azure.

Devs in my team can pretty much chose their favourite cloud to deploy things
to. Everyone always picks AWS, it's just the easiest to navigate and feels
like everything links together well.

I think the only things we use Azure for is the Directory, and Functions to
run some PowerShell.

As AWS is the industry standard, I feel that a lot of people like to stick
with what they know too.

~~~
jcims
I'm in the unfortunate position of being curious about the one thing that
folks are best advised not to share, your security/compliance stack. Based on
what I've seen to date, nothing handles all three equally well, but I'm
curious if you've found anything that gets close.

~~~
7ewis
We use quite a lot of custom built tools and Splunk to funnel the logs from
everywhere, so we can use their AI/ML to detect anomalies etc.

------
dewyatt
I think I have AWS fatigue. I have a few certifications and a few years of
experience working with AWS, but it's getting difficult to even keep track of
all the services.

~~~
remus
Maybe it's just been the last few days, but it feels like every time I look at
hn there's 2 new posts announcing new Aws services!

~~~
romanhn
It's just the last few days. The big AWS re:Invent conference is happening
this week, with all of the new service announcements.

------
boyd
Notably, this appears to confirm a Kubernetes offering (EKS)!

    
    
      I will tell you that we plan to support launching containers on Fargate using Amazon EKS in 2018
    

[Edit] Looks like that just got announced too:
[https://aws.amazon.com/eks/](https://aws.amazon.com/eks/).

~~~
NathanKP
AWS employee here. You are correct. Fargate is an underlying technology for
running containers without needing to manage instances, and it will integrate
with both the ECS and EKS container orchestration and scheduling offerings.

~~~
azinman2
Do all the containers I launch run in an EC2 VM that’s isolated for my
account? Or does Fargate somehow provide the security isolation without being
a VM?

~~~
NathanKP
Fargate isolation is at the cluster level. Apps running in the same cluster
may share the underlying infrastructure, apps running in different clusters
won't.

~~~
rahulkrishnanra
Are they creating separate cluster for each aws account, how the isolation is
happening

~~~
NathanKP
A customer creates a cluster on their account. You as a customer can create
one or more Fargate clusters on your account to launch your containers in.

------
gldalmaso
I love AWS and their pace of innovation, but some areas are really lagging
behind.

Two new container services announced but São Paulo still doesn't even have ECS
which was announced in 2014.

~~~
gtaylor
This is one of a few signals that may suggest ECS may not figure prominently
in AWS future strategy.

~~~
politician
That's an understatement! We've been watching ecs-agent development stagnate
for the past 6 months until just a couple of weeks ago.

ECS has been on death's doorstep while AWS has been pushing the Lambda
strategy. My guess is that their numbers show a slowdown in Lambda uptake due
to the problems with Lambda, so they're now moving over to this Fargate
platform and ECS is getting a few dribbles of dev time as a consequence.

I think they need to get over this NIH/Rebrand&Relabel syndrome and implement
Istio ([https://istio.io/](https://istio.io/)).

~~~
NathanKP
AWS employee on the ECS team here.

First of all you are using the wrong measurement of growth vs stagnation.
We've continually been releasing features (not all of which are part of ecs-
agent), while also working on many interesting backend projects such as
Fargate. Much of what we develop is closed source or open sourced later, so
the ecs-agent repo is not a good measurement of progress or attention.

Second the idea that ECS is on death's doorstep is just false. In the
container state of the union at re:Invent Anthony Suarez, head of engineering
on ECS, shared that ECS has experienced 450% growth, with millions of
container instances under management, and hundreds of millions launched per
week:
[https://pbs.twimg.com/media/DP1sWVZUMAAflSW.jpg](https://pbs.twimg.com/media/DP1sWVZUMAAflSW.jpg)

This matches up with my personal experience as a developer advocate for ECS
talking to customers pretty much every day who are considering ECS or moving
to ECS because it makes it easier to connect your containers to other AWS
services.

~~~
politician
These anecdotes are great, but, and I'm being honest here, I don't care about
450% growth or how many millions of container instances that are reportedly
running. I care about long-standing bugs being fixed in a timely manner.

Take a look at any random Github project that's unmaintained. That's the image
Amazon has been showing the development community when they look at ECS. They
don't see the closed source work. They don't see the hundreds of millions of
internal KPIs ticked per week.

Now, I haven't spoken with a developer advocate, but I'm happy to share some
of my frustration with you: I've had a dedicated resource working around bugs
and limitations in ECS for months. We built a service mesh because ECS lacks
service discovery, and then we built wonky patches to work around weird bugs
in ecs-agent regarding how containers identify themselves. We've spent
serious, deep time tracking down intermittent failures in the scheduler. We've
worked in and around the strange task abstraction. This hasn't been a lovely
experience. It's been hard and painful, but we press onward only due to the
lack of time to convert to Kubernetes/Istio.

Are you in Seattle? Shoot me an email; I'd be happy to grab a coffee and share
our experience.

~~~
NathanKP
I don't see any contact info on your profile. I'm not in Seattle but I am
available at peckn@amazon.com and I can connect you to someone in Seattle you
can talk to, or we can chat remotely.

~~~
politician
Sounds great, I'll reach out; thanks.

------
chrismartin
Is "Fargate" an Aqua Teen Hunger Force reference?
[https://youtu.be/uOd7HQoKxcU?t=38](https://youtu.be/uOd7HQoKxcU?t=38)

~~~
swivelmaster
Yeah, as soon as I saw "Fargate" I thought, "Is Amazon really naming a product
after a silly reference from an episode of ATHF?"

I'm not sure if I should be surprised or not.

~~~
zippergz
I think they ran out of sensible names a long time ago.

------
beck5
I am getting lost with all the ways to run containers on AWS. Is this the
equivalent of google compute engines beta option to boot from a docker
container?

~~~
NathanKP
AWS employee here on the ECS team. ECS on Fargate would be the closest thing
to what you are asking for. Upload a container image, create a Fargate
cluster, and launch a service on that cluster that runs your container.

~~~
soccerdave
Is this available today? I thought that's what I heard, but I'm not seeing
anything in the AWS console.

~~~
NathanKP
It's currently available in the us-east-1 region, under the ECS service in the
console. Create a new cluster and Fargate will be an option for launching and
operating the cluster.

~~~
soccerdave
Thanks! I must have missed that bit about us-east-1 only

~~~
brazzledazzle
It's frustrating how hit or miss their service availability is in each region.
I can understand other countries with different laws and regulations but they
can't even get some services multi-region in the US.

------
allengeorge
I'm not 100% sure about the relationship between EKS, ECS and Fargate.

Why would I deploy to Fargate over EKS? I assume it's because with Fargate I
don't have to write a k8s deployment spec?

Why would I deploy to Fargate over ECS?

Legitimately curious, and looking for clarification/correction.

~~~
NathanKP
AWS employee here. You would deploy to Fargate because you don't want to have
to manage the underlying EC2 instances. You can use Fargate with both ECS and
EKS (in 2018).

ECS and EKS are just two different schedulers for orchestrating the
containerized services that you want to run. Fargate is the engine behind them
that executes the containers for you without you needing to worry about
servers.

ECS as a scheduler will always integrate much better with other AWS services.
EKS will give you the advantage of being able to run the same scheduler on an
on premise or on another cloud.

~~~
mgalgs
I thought EKS was managed? Do you still have to manage the underlying
instances in EKS?

~~~
kainosnoema
Yes, EKS is just managed K8s, which is the orchestration layer. You still need
to have EC2 instances for the EKS tasks to be scheduled on. Unless you run
your EKS tasks on Fargate, which is coming in 2018.

~~~
avgkol
So if I do "kubectl get nodes" while using Fargate, what do I see in response?

------
mk89
After reading lots of negative comments about pricing, I think that many
people don't get it - AWS Fargate is not a replacement of EC2 nor ECS. It's a
sort of lambda with containers and lots of features (HA, autoscaling, etc.)
implemented + pay-per second - which is absolutely great! This way you could
run short and long running jobs which are container-based (a django-admin job
that performs migrations? dunno... just saying...), and also your "normal"
services without taking care of scaling up/down, HA, etc.

It's not for everyone, it's not a "one solution fits all", it's very specific
and what it does, it does it great (only tested, of course we have to see
long-term...), because you don't need anymore to manage a cluster, which is
really expensive especially because you don't want to shutdown your machines
when you go home and restart them when you come back to the office (for
example, in case you don't have a smart autoscaling in place).

Thanks AWS for providing this service!

~~~
urza
So what would be some real use cases?

~~~
mk89
I mentioned one use case - which is very similar to a batch, I agree,
therefore there is no real difference there with Fargate/Batch.

However, you don't have to execute only batches with it, you can also run a
temporary service within a specific VPC - with the biggest advantage that you
don't have to resize/manage your cluster.

For example, you could set a Cloudwatch alert that, reached a peak of 80% of
CPU, spins up a bunch of instances for a specific image with Fargate and keeps
it alive until the CPU goes down to 60% (there it can be stopped). This way
you don't have to worry about optimizing your autoscaling in ECS, because
sometimes peaks happen in a matter of few seconds and it could be the case
that you have not enough EC2 instances running, because lots of containers are
running and they are spinning up in parallel. With Fargate it's like having an
unlimited amount of EC2 instances running in your cluster... (which you pay
for but certainly less than if you _really_ had such EC2 instances always
running)

Let's try to think about it from another point of view: you could also try to
use Fargate to execute all your services, but then you would get the following
features already implemented:

\- autoscaling

\- HA

\- maintenance/cluster management

However: \- you don't like how AWS does autoscaling, because you notice that
many times the nodes are under stress, and you would like to use a different
strategy, or maybe you have computed your own autoscaling algorithm which is
great and lets you save a large amount of money with it

\- HA is trivial for you to implement, because you already have a lot of
experience with it, lots of CloudFormation scripts, and well, so far it worked
like a charm, so why would I want to switch now? the platform is really
functioning well, no need to switch to another technology

\- maintenance is not a problem for you, because your ECS cluster is small and
easy to manage

Maybe in such cases, yes, you don't need Fargate after all. Keep your ECS
cluster and don't worry about that.

------
nhumrich
This is a really cool midway point between lambda and ec2. You can have a
large codebase, run continously, but on "serverless"

------
minhajuddin
This is going to be really _great_ for batch jobs which need isolated
environments. I have been waiting for something like this for a long time.
Amazon is really doing work. I'll be definitely be using this.

~~~
rm999
Have you tried AWS Batch? My team moved a couple of our batch machine learning
modeling jobs to it earlier this year and it's worked out great.

[https://aws.amazon.com/batch/](https://aws.amazon.com/batch/)

~~~
bbgm
How would you use Batch + Fargate? Let’s assume Fargate is a supported compute
environment in Batch.

(I run the containers org at AWS. I happen to run Batch as well)

~~~
kirillseva
My org is looking to move machine learning to batch as the underlying infra.

All I want is to be able to do this: 1) specify a DAG of tasks. Each task is a
docker image, CMD string, CPU and memory limits 2) hit an API to run it for
me. Each task runs on a new spot instance 3) be able to query this service
about the state of the DAG and of each individual node

Sounds like if AWS provides an API to create a batch cluster (or whatever you
call it) and lets the tasks be defined in terms of what docker image to run
with what command you'll satisfy this desire

~~~
bbgm
That is in line with our vision for Batch; to be the engine for systems where
you essentially describe a DAG and we run and hyperoptimize the execution for
you. We do some of what you’re asking for but that’s great feedback around
what you’d like to do.

------
CSDude
Fargate is a very logical step, I agree Kubernetes is really nice but very
complex for simplistic setups, looking forward to use it, too bad it's only in
N. Virginia

~~~
NathanKP
We will be steadily rolling Fargate out across other regions starting in 2018.

------
dpweb
Ive been using hyper.sh i really like it. Especially i dont want a web
interface i can pull a container and start up a container from my command line
in 3 seconds. I can pull from docker repo attach ips and storage all in
terminal. How does this compare i want to stay out of a web mgmt interface.

~~~
NathanKP
AWS has an API, and a command line application for integrating with the API.
You can (and probably should) use AWS without ever touching the web management
interface.

For an easy getting starting command line experience for ECS I highly
recommend this tool: [https://github.com/coldbrewcloud/coldbrew-
cli](https://github.com/coldbrewcloud/coldbrew-cli)

------
nodesocket
If I understand this correctly, Fargate is similar to Elastic Container
Service, without having to worry about EC2's instances? But you also can
manage the EC2 instances with Fargate as well? Seems like AWS has lots of
products that overlap and it is confusing to end users.

I'd say this is exactly why Google Cloud is superior (in my opinion). AWS
lacks user experience and KISS philosophy. Just feels like AWS keeps on
bolting things on.

~~~
kainosnoema
Actually I think their approach is great—it's very modular and there's little
overlap between use-cases. An exception (among a few) may be ECS and EKS,
where ECS was probably the wrong bet for them now that K8s is getting so much
traction. Hence EKS.

But being able to put use either EKS or ECS for orchestration, and then
schedule those tasks on either EC2 or Fargate (depending on compute needs),
opens up a lot of options. You can start simple and grow as requirements
become more complex—without fundamentally changing the deployment artifact.
That was the promise of containers originally, so it's nice to see it play
out.

------
antoncohen
I wonder how they handle isolation. Linux container technologies don't
normally provide sufficient isolation for multi-tenant environments, which is
why most of the cloud container orchestrators require you to pre-provision VMs
(ECS, GKE).

Azure Container Instances uses Windows Hyper-V Isolation that boots a highly
optimized VM per container, so containers have VM isolation.

Has AWS built a highly optimized VM for running container?

~~~
NathanKP
AWS employee here. Isolation is handled at the cluster level. Apps that are
run in the same cluster may be run on the same underlying infrastructure, but
clusters are separated.

------
elricL
It would be interesting to see how fast the startup time of the docker
containers will be. If its for faster than EC2, this could be used for some
super elastic job processing. Somewhere between EC2 and lambda. I doubt the
startup time would be faster, since the docker image download would hit the
startup timing.

If the startup time is fast, and it can run of GPU, a killer Deep learning
platform could run on this.

------
bryanh
Everyone at Zapier was hoping for AWS managed Kubernetes.

Edit: Maybe we'll get it!
[https://twitter.com/AWSreInvent/status/935909627224506368](https://twitter.com/AWSreInvent/status/935909627224506368)

~~~
kasperni
It is there as well [https://aws.amazon.com/eks/](https://aws.amazon.com/eks/)

~~~
tootie
Guess I should learn about Kubernetes now.

~~~
lindydonna
I found the talks by Brendan Burns to be very good for a high-level overview.

------
lclarkmichalek
Well that's one of the more nonsensical names to come out of AWS recently.

~~~
parshimers
I'm pretty sure someone at Amazon is an Aqua Teen Hunger Force fan:
[https://www.youtube.com/watch?v=uOd7HQoKxcU](https://www.youtube.com/watch?v=uOd7HQoKxcU)

Oglethorpe: We have successfully traveled eons through both space and time
through the Fargate. To get free cable.

Emory: I think it's a s-star gate

Oglethorpe: Its the Fargate! F, its different from that movie which I have
never seen, so how would I copy it?

------
bg0
Was hoping this was close to Google's Appengine. Patiently waiting.

------
raphaelj
How does this compare to Heroku?

------
cdnsteve
Would this be a direct competitor to Google Cloud's app engine flexible? Aka i
just upload my docker container?

------
bmurphy1976
I haven't had a chance to dig through the documentation yet. Can we deploy a
POD instead of just a container? One of the things we are struggling with is
all the side services that have to go with a container deployment (i.e. a
secure or oauth proxy).

~~~
noahm
Fargate uses the same task definition abstraction as Amazon ECS. See
[http://docs.aws.amazon.com/AmazonECS/latest/developerguide/l...](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html)
So yes, you can launch multiple containers in a single logical unit.

~~~
politician
A word of caution: ECS multi-container tasks do not have the same semantics as
Kubernetes pods. In particular, there is no support for bidirectional network
discovery.

------
lotyrin
Is there any plan for Fargate + EKS to be able to support attached EBS
volumes? Please say yes.

~~~
bbgm
We are super interested in enabling EBS support for Fargate. We do not have
any timelines, but would love to know what your expectations are and what you
would use EBS for.

(I run the containers org at AWS)

~~~
lotyrin
Goal is to have a developer write up a service definition with e.g. a web
tier, service tier and database tier, wherein some of those pods might need to
have persistent data volumes and expect EKS be able to run that application
for them without my intervention, even if I were to have something shooting
the underlying compute nodes in the head (but ideally, I won't even sweat
those nodes' existence thanks to Fargate).

We'd be using services like RDS for everything we could, of course, but
sometimes someone insists on persisting something to disk, and sometimes that
strategy makes sense.

------
samprotas
For low utilization low cost continuous applications (think a web socket
listener with not much to do) this lowers the entry level cost below a t2.nano
it looks like. That’s a win in my book.

------
shroom
Wow ”hundreds of millions of new containers started each week” these are
pretty insane numbers. Insane in a very cool and mindnumbing way that is!

------
drharby
It has nothing to so with that movie, or the syndicates series based on zeh
movie...

A part of me really hopes the pm named it this as an aquateen reference

------
dumbfounder
Did anyone else notice that 11/15 top stories on HN right now are Amazon
announcements? Crazy.

Sorry for the offtopicish post...

~~~
manigandham
Yes, their big annual conference:
[https://reinvent.awsevents.com/](https://reinvent.awsevents.com/)

~~~
dumbfounder
That would explain it!

------
bebop22
How is it different than ECS? I tried to apply for it and just end up on my
ECS Page.

------
t1o5
Is it the "AWS Day" or something ? I see 5 AWS related news in the top !

~~~
whoisjuan
AWS re:Invent is happening this week. A lot of announcements and product
launches.

------
JohannesH
I wonder when Fargate will be hit GA and be available in the Ireland region.

------
ju-st
michaelbuckbee, please update [https://www.expeditedssl.com/aws-in-plain-
english](https://www.expeditedssl.com/aws-in-plain-english)

------
dzonga
looking at the number of Amazon products on the front-page, it's mind-blowing.
Amazon (will) probably have a monopoly on developer mindshare in the future.

~~~
Voloskaya
It's not like it's a pattern. Today is AWS re:invent. The same is true of
Google and MS during their respective annual dev conferences.

------
kkotak
12 stories on the front page of HN leading to amazon.com and their offerings?
Hm....

~~~
binaryblitz
It's the first day of re:invent and they have a 40%+ market share of IaaS. Not
surprising that it's all over HN.

Note: I do not work for Amazon. :)

------
sigmonsays
sigh, amazon is taking over hacker news. They need to chill on posting. They
posted 15 posts to the front page and thats 50% of the headlines... all
amazon.

Hope everyone loves amazon!

------
mck-
A third of the front page of Amazon; what's going on? Did they release a dozen
products in one go? Interesting release strategy to bulk everything as opposed
to spacing it out..

~~~
manigandham
Yes, their big annual conference:
[https://reinvent.awsevents.com/](https://reinvent.awsevents.com/)

