Reducing AWS Container Startup Time with SOCI Index Layer

In an era where time equates to money, every fraction of a second saved in cloud infrastructure is invaluable. Think about it: swifter container startups don’t just elevate the user experience — they significantly cut down on costs.

For businesses facing slow container launch times on AWS due to prolonged image downloads, the solution might be the Seekable OCI (SOCI). Open-sourced by Amazon in July 2023, SOCI is crafted to accelerate application deployment and scaling. It allows containers on Amazon Elastic Container Service (ECS) and AWS Fargate to start without downloading the entire image, addressing the longstanding issue of time-intensive Docker container scaling in AWS.

To put this into perspective, traditionally, Fargate would retrieve the full image from the Amazon Elastic Container Registry (ECR) prior to starting the container. Research underscores that while image pulling constitutes 76% of the container’s start time, a mere 6.4% of this data is essential for its launch. The SOCI Index Layer enhances container launch speeds by selectively loading crucial image data, with the pace of acceleration being contingent on the Docker image’s dimensions.

Although businesses with already optimized images might not benefit significantly from using SOCI, those unable to minimize their image size will find this feature particularly beneficial.

The SOCI Index Builder Project: Streamlined Index Creation by Amazon

Amazon has started the SOCI Index Builder project, where you get a complete deployment of a Lambda function that creates the SOCI Index for you. The solution makes an EventBridge Rule that triggers a Lambda function that verifies the image tag just pushed and matches it with a configurable filter. If the filter matches, it will trigger another Lambda that creates and pushes your SOCI Index to the ECR registry.

CFN AWS SOCI Index Builder on AWS Partner Solution Deployment Guide

That’s the easiest and most convenient choice. Still, suppose you want to use the feature and build SOCI Indexes for your images. In that case, you should implement the creation into your CI/CD pipeline. The Lambda takes a little while before it has created the SOCI Indexes, and you will have to wait until they’re uploaded to your ECR registry before you can do any deployment. Look at awslabs GitHub repository soci-snapshotter for more information on integrating the tool into your own CI/CD pipeline.

Putting SOCI to the Test

ECR Repository showing SOCI and Image Indexes.

How about trying this new feature out, then? I have a dedicated environment for testing this new feature, built with Terraform. I measured pull and startup times with a simple bash script. It can all be found here if you want to try it out for yourself.

The images I tested came in three sizes: 2.4GB, 550 MB, and 45 MB. If you’d like to use your own Docker images, it’s fairly easy to replace the ones provided in the Github repository.

These are the numbers I came up with after a few tries. The numbers differ between the test runs but should be about the same for you.

Without SOCI Layer
+------------------+--------+-------+------+
|   Image size     | 2.4GB  | 550MB | 45MB |
+------------------+--------+-------+------+
| Container start  | 71s    | 26s   | 18s  |
| Image pull       | 55s    | 9s    | 2s   |
| Total start time | 126s   | 35s   | 20s  |
+------------------+--------+-------+------+

With SOCI Layer
+-----------------------+--------+-------+-------+
|      Image size       | 2.4GB  | 550MB | 45MB  |
+-----------------------+--------+-------+-------+
| Container start       | 17s    | 17s   | 15s   |
| Image pull            | 1.8s   | 1.6s  | 1.6s  |
| Total start time      | 18.8s  | 18.6s | 16.6s |
| SOCI Layer build time | 7m     | 23s   | 4s    |
+-----------------------+--------+-------+-------+

The small Docker image did not benefit anything from the SOCI Index. Instead, it makes it slower since creating the extra index layer takes time. But the middle-sized image at 550MB makes quite a remarkable change in container start time.

The complete pull of the SOCI Index layer took only 1.6 seconds, compared to 9 seconds for the full image. The container startup took only 17 seconds, compared to 26 seconds without the SOCI Index layer.

The greatest difference comes with the largest Docker image, of course! Pulling the entire 2.4GB image took 55 seconds, but with the SOCI Index layer, it’s down to 1.8 seconds. The complete container start without the SOCI Index layer took 71 seconds. With the SOCI Index layer, it was down to only 17 seconds.

The time it takes to build the SOCI Layer should not be considered in the total time since your CI/CD pipelines would handle that process in a real-life scenario.

In Conclusion

In today’s fast-paced tech environment, waiting an extra 10 or even 20 seconds for a container to start can mean the difference between a seamless user experience and lost customers. Optimizing with SOCI can make a noticeable difference.

Even with a Docker image sized around 500MB, you’ll decrease the time for your containers to start with about 10 seconds. Within the saved, approximately 16 seconds, your application could’ve crashed if the scaling wasn’t fast enough.

Have you tried the SOCI Index Layer for your projects? How did it transform your container startup times? Share your experiences in the comments below or message me on LinkedIn.