AWS Fargate: The Beginning of the End for Infrastructure Management

We’ve heard the promises for years — reduce your costs, improve your scalability, and remove the burden of managing infrastructure by moving to the cloud. But over the past decade or so, we primarily adopted cloud as Infrastructure as a Service (Iaas), meaning we only reduced our costs minimally and still have the headaches of managing and scaling this infrastructure. Even the promise of containers in the cloud over the past few years didn’t really have an impact. Until now.

Amazon Web Services’ new service, called AWS Fargate, could be the beginning of the end to infrastructure as we’ve known it. Not only does AWS Fargate reduce container management burdens, it also reduces infrastructure management burdens with potentially large cost savings in return.

Sound appealing? Let’s investigate each of these areas a little deeper.

Reducing Complexity

Matt Alderman, Layered Insight

An information security, compliance, and risk veteran with 20+ years of experience designing and implementing solutions, Matt is the Chief Strategy and Marketing Officer at Layered Insight. Prior to joining Layered Insight, Matt advises various security start-ups and is the former VP of Strategy at Tenable, where he developed long-term strategies for both application and container security, including the acquisition of FlawCheck. Matt is also a co-host on Security Weekly, a weekly video podcast, and has published various blogs and articles on security. Matt holds a MS in Computer Engineering from Case Western Reserve University and is a CISSP.

We all know Kubernetes has won the container orchestration market, but what about production deployment challenges? Even though Kubernetes is the known, there’ still a big question on which platform to deploy Kubernetes. On-premises and/or cloud deployments with Docker Enterprise Edition, RedHat Open Shift, or Mesosphere? Cloud only deployments with Amazon Web Services (AWS) Elastic Container Service (ECS) or Elastic Container Service for Kubernetes (EKS), Google Kubernetes Engine (GKE), or Azure Kubernetes Service (AKS)? The choices are overwhelming and are actually slowing down production deployments of containers. In addition, enterprises are realizing it’s hard to scale and manage Kubernetes effectively.

Realizing these challenges, AWS leap-frogged the competition by releasing AWS Fargate, the first true Container as a Service (CaaS) offering. In this new offering, customers only need to worry about containers.  Simply define the parameters for your containers (compute, networking, storage, access permissions, logging and debugging configuration) and AWS takes care of the rest. AWS supports deployments on both ECS and EKS, but more importantly, they manage the ECS or EKS clusters, including the EC2 instances. No more infrastructure to manage.

Lowering Costs

Not only does AWS Fargate reduce complexity, it also lowers yours costs. Let’s be honest, most enterprise container deployments are on dedicated virtual machines. Why? Because enterprises know how to secure the virtual machine. We’ll address security in the next section, but this deployment model is adding costs to the deployment. Dedicated virtual machines with the overhead of the hypervisor are only adding costs to your deployments.

AWS Fargate reduces these costs by

1. Charging only for the time your application container workloads are running, not for the time the underlying virtual machine instances are running, and
2. Addressing the Bin Packing problem (determining the proper number of containers that can run on any given host)

Based on our estimates, AWS Fargate deployments should save you 5 percent to 10 percent in your compute bill as compared to highly optimized AWS ECS or EKS deployments. Also, you should be saving an additional 10 percent to 15 percent, which is typically the cost attributed to the overprovisioning of the compute resources, as compared to dedicated AWS EC2 instances. That’s a 15 percent to 25 percent total savings over the typical container deployment. And, no more infrastructure to manage, which means further savings on operational costs and other potential costs of building or subscribing to services for such management

Addressing Security

Since AWS Fargate completely abstracts the underlying infrastructure from your control, the offering doesn’t allow host-based agents or privileged container-based solutions for monitoring and securing these container deployments. This is one of the reasons organizations still deploy containers in dedicated virtual machines. But there is a solution to this problem, which allows you to reap the benefits of AWS Fargate.

By adopting a container native approach to security, you can embed security within the container, completely eliminating the dependency on the underlying infrastructure. This approach provides deep visibility and complete control from within the application, as it runs completely in the user space of the container. This approach seamlessly integrates within your existing DevOps process and doesn’t require any changes to your application deployment scripts. It’s the only approach that natively supports AWS Fargate for monitoring and securing your applications.

Are you tired of managing your own infrastructure? Do you want to reap the benefits of cloud, DevOps, and containers? Then migrate to AWS Fargate and adopt a container native approach to security.