Running Containers Without Servers: Introduction to AWS Fargate - SRV214 - Atlanta AWS Summit

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Tiffany Jernigan @tiffanyfayj
Developer Advocate, Containers, Amazon Web Services
John Ritsema @jritsema
Principal Architect, Cloud, Turner
SRV214
Running Containers without Servers:
Introduction to AWS Fargate

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.@ T I F F A N Y F A Y J
Our journey

Amazon EC2

Docker
EC2 instance
Containers
Customers started containerizing applications

Containers made it easy to build and scale
cloud-native applications

Customers needed an easier way to manage large clusters of
instances and containers

Amazon Elastic Container Service
Cluster management as a hosted service
Scheduling and Orchestration
Cluster Manager Placement Engine

But cluster management is only half of the
equation…
ECS
Agent
Docker
Engine
OS
EC2 instance

Scheduling and Orchestration
Cluster Manager Placement Engine
ECS
AMI
Docker
Engine
ECS
Agent
EC2 instance
ECS
AMI
Docker
Engine
ECS
Agent
EC2 instance
ECS
AMI
Docker
Engine
ECS
Agent
EC2 instance

Introducing AWS Fargate
Managed by AWS
No EC2 instances to provision, scale, or manage
Elastic
Scale up & down seamlessly
Pay only for what you use
Integrated
with the AWS ecosystem: VPC networking,
Elastic Load Balancing, IAM permissions, Amazon
CloudWatch, Service Discovery, and more

AWS container services landscape
Management
Deployment, scheduling, scaling, &
management of containerized
applications
Hosting
Where the containers run
Amazon Elastic
Container Service
Amazon Elastic
Container Service for
Kubernetes
Amazon EC2 AWS Fargate
Image registry
Container image repository
Amazon Elastic
Container Registry

Focus for this talk
Management
Deployment, Scheduling, Scaling &
Management of containerized
applications
Hosting
Where the containers run
Amazon Elastic
Container Service
AWS Fargate

How do I run containers on Fargate?
• Primitives
• Compute
• Networking
• IAM
• Container registries
• AWS CloudFormation
• Visibility & monitoring
• Storage

Define application containers:
Image URL, CPU, & memory
requirements, etc.
register
Task definition
create
Cluster
• Infrastructure Isolation
boundary
• IAM permissions boundary
run
Task
• A running instantiation of a
task definition
• Use Fargate launch type
create
Service
Elastic Load
Balancing
• Maintain n running copies
• Integrated with ELB
• Unhealthy tasks automatically
replaced
Primitives

Running Fargate containers with Amazon ECS
Use ECS APIs to launch Fargate containers
Easy migration – Run Fargate and EC2 launch type
tasks in the same cluster
Same task definition schema

{
"family": “nginx-demo",
"containerDefinitions": [
{
"name":“nginx",
"image":”nginx"
}
]
}
JSON document
Contains a list of up to 10 container definitions
All containers are colocated on the same host
Each container definition has:
• A name
• Image URL (Amazon ECR or public images)
• And more … stay tuned!
Task definition snippet
Task definition

Compute

CPU & memory
{
”cpu": “1 vCPU”,
”memory": “2 gb”,
"networkMode": “awsvpc",
"compatibilities": [”FARGATE",
”EC2"],
"placementConstraints": [],
{
...
Task level resources
• Configurable independently (within a range)
Dimensions: Task level CPU and memory
Per-second billing
Task level
resources

Task CPU & memory configurations
Flexible configuration options –
50 CPU/memory configurations
CPU Memory
256 (.25 vCPU) 512 MB*, 1 GB, 2 GB
512 (.5 vCPU) 1–4 GB (1-GB increments)
1024 (1 vCPU) 2–8 GB (1-GB increments)

Networking

VPC integration
Subnet
Internet
Other entities in VPC
LB DB etc.
• Amazon VPC networking mode – each task
gets its own interface
• All Fargate tasks run in customer VPC and
subnets
• Configure security groups to control inbound
& outbound traffic
• Public IP support
ENI Fargate
task

VPC configuration
{
"family": ”nginx-demo",
"cpu": "1 vCpu",
"memory": "2 gb",
"networkMode": "awsvpc",
{
…
$ aws ecs run-task ...
-- task-definition nginx-demo:1
-- network-configuration
“awsvpcConfiguration = {
subnets=[subnet1-id, subnet2-id],
securityGroups=[sg-id]
}”
Enables ENI
creation &
attachment to
task
Run taskTask definition snippet

Load balancing
Application Load Balancer
Network Load Balancer

ECS-managed service discovery
• Service registry:
• Predictable names for services
• Auto updated with latest, healthy IP, port
• Managed: No overhead of installation or monitoring
• High availability, high scale
• Extensible: Flexible boundaries for auto-discovery
NEW!

IAM

Permission tiers
Cluster
permissions
Task role
Task execution
role
Cluster
Fargate task
Cluster
Control who can launch/describe tasks in your cluster
Application: Task role
Allows your application containers to access AWS resources securely
Housekeeping: Task execution role
Allows us to perform housekeeping activities around your task:
• Private Registry Image Pull
• CloudWatch Logs pushing
• Elastic network interface creation
• Register/Deregister targets into Elastic Load Balancing

Container registries

Registry support
Third-party private repositories
Public repositories
Amazon Elastic Container Registry
(Amazon ECR)

Private registry authentication
• Used for third-party private registries
• Takes a secret in Secrets Manager with registry user name and password
• Task needs a task execution IAM role with permissions to get the secret
value
bit.ly/fargateprivateregistry
NEW!

AWS CloudFormation support

Visibility and monitoring

Visibility and monitoring
Service-level metrics available
CloudWatch Logs
CloudWatch Events supported

Amazon ECS task metadata endpoint
• Query environmental data and statistics for running tasks
• Enables third-party monitoring tools like Datadog, etc.
NEW!

Container health checks
Define custom health check commands in the Amazon ECS task definition
NEW!

Storage

Storage
Writable layer storage – 10 GB
Amazon EBS-backed non-persistent storage
provided in the form of:
Volume storage – 4 GB

Harbor
Custom platform on top of Kubernetes
8 Kubernetes clusters, 250 nodes
2,300 application environments
5,000 containers

Why Fargate?
Reduce our operational costs
Operate more efficiently
Decentralize services across many accounts
Allow for control over networking
Adopt new features quickly

Migration enablers
Containers
Stateless
Infrastructure as code
Fargate networking

Feature migration
Feature Harbor Fargate
Auth Custom LDAP/AD AWS IAM SAML/AD
Docker Registry Custom, Quay.io ECR
Logging Logz.io CloudWatch Logs, Logz.io
Monitoring Datadog CloudWatch Metrics/Dashboards
Ingress CLB, ALB ALB, NLB, DNS Service Discovery, or None
CI/CD Custom Circle CI, Codeship, AWS CodePipeline
Auto-scaling N/A Performance-based and time-based
Jobs N/A Scheduled tasks

Infrastructure vs. application
Application Infrastructure
Function Dev Ops
Rate of change Daily, weekly, monthly Quarterly, yearly
Components Container images, environment
variables, deployments, CI/CD
ECR, ECS, ALB, VPC, subnets, security
groups, CloudWatch, IAM, auto-scaling,
logging
Tools Docker, Fargate CLI Terraform

Infrastructure
Docker images
Environment Variables
Application
Dockerfile
docker-compose.yml
harbor-compose migrate
fargate-create
Terraform
Template
Infrastructure as code
fargate service deploy
terraform apply
Harbor
fargate.yml
ECR
ECS
ALB
VPC
Subnets
Security groups
CloudWatch
IAM
Auto-scaling
configures
Tooling

Progress
Goal: Migrate 1,000 application environments
Fargate has been very stable for us
0
50
100
150
200
250
1-May 1-Jun 1-Jul 1-Aug 1-Sep
Migrations

Fargate footprint ( mig ration s + n ew p rojec ts)
We’re running a total of 450 Fargate services across 100 accounts
About 550 containers so far
Auto-scaling to zero on weekends is saving us money

Open source tooling
https://github.com/turnerlabs/fargate-create
https://github.com/turnerlabs/terraform-ecs-fargate
https://github.com/turnerlabs/fargate
https://github.com/turnerlabs/samlkeygen

Demo

Takeaways
• Fargate is a launch type within Amazon ECS to run containers without having to manage EC2
instances.
• If you’re debating between EC2 and Fargate mode, start architecting with Fargate.
It forces good design practice by keeping your application containers truly independent
of the underlying host.
• If you think you must have access to the underlying host, think again.
• There are some good reasons: special instance type needs, EC2 Dedicated Instances, utilizing EC2
Reserved Instances.
• And tell us about your use case; we want to support it on Fargate!
• Start using Fargate today!
• Fargate works with most Docker container images.
• You can run existing task definitions on Fargate with only minor modifications.

Want to learn more?
https://aws.amazon.com/fargate/
https://aws.amazon.com/blogs/compute/category/compute/aws-fargate/
https://youtu.be/wrZvlJlcZio
https://github.com/aws-samples/eb-java-scorekeep/tree/fargate

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Submit session feedback
1. Tap the Schedule icon.
2. Select the session you attended.
3. Tap Session Evaluation to submit your
feedback.

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
tiffanyfayj
jritsema
Special thanks to: Deepak Dayama, Anthony Suarez, Archana Srikanta,
Dan Gerdesmeier, and many more
Thank you

Running Containers Without Servers: Introduction to AWS Fargate - SRV214 - Atlanta AWS Summit

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Running Containers Without Servers: Introduction to AWS Fargate - SRV214 - Atlanta AWS Summit

Similar to Running Containers Without Servers: Introduction to AWS Fargate - SRV214 - Atlanta AWS Summit (20)

More from Amazon Web Services

More from Amazon Web Services (20)

Running Containers Without Servers: Introduction to AWS Fargate - SRV214 - Atlanta AWS Summit