Serverless Containers With AWS Fargate and Docker

Michael Whittle
Oct 30 · 8 min read
Image for post
Image for post

In AWS there are a few services which seem similar or related when it comes to containerisation. They do have their nuances so let’s begin with an introduction of what these are and their similarities and differences (according to the AWS documentation)

  • Fully managed container orchestration service
  • Manages the lifecycle and placement of tasks comprised of one or more containers that work together
  • Does not run or execute your container(s)
  • Containers run using ECS Container Instances (normal EC2 instances with ) or Fargate
  • regularly polls the ECS API to manage state
  • Cluster of container instances run in an auto-scaling group
  • You manage your own EC2 instance, patching and scaling
  • ECS is free but pricing is per running EC2 instance
  • Offers integration with Elastic Load Balancing (ELB)
  • Supports Application Load Balancer (ALB), the Network Load Balancer (NLB) and Classic Load Balancer (CLB)
  • Load balancing is efficient
  • Each task has its own Elastic Network Interface (ENI)
  • Supports IAM roles for tasks
  • AWS proprietary

  • Fully managed service
  • A worker node is comparable with an ECS instance
  • Offers integration with Elastic Load Balancing (ELB)
  • Does not allow to to create an ELB on creation
  • Only supports Classic Load Balancer (CLB)
  • Inefficient load balancing due to the node proxies which consumes network capacity and adds latency
  • Multiple tasks share the same Elastic Network Interface (ENI)
  • Does not support IAM roles for tasks
  • Unlike ECS which is free, EKS has a usage based cost
  • Will work with other Kubernetes cloud providers

(part of ECS)

  • Serverless compute for containers
  • Does not require an EC2 instance (hence “serverless”)
  • Similar to Lambda you only pay for running tasks
  • Each task / container has it’s own Elastic Network Interface (ENI) with a public or private IP address within a VPC
  • Containers of the same task can communicate locally on localhost
  • Available for both ECS and EKS
  • Fargate for ECS and EKS is free but pricing is per running task
  • Allows you to deploy an ELB on creation
  • Only supports Application Load Balancer (ALB)

  • Fully-managed container registry
  • Store, manages, and deploys container images

Let’s give it a go…

Step 1: Install the AWS CLI (skip if you have this already)

You will need to install the and in order to do that the first step is to sort out a few steps in which will require a root or administrator account.

In , click on “Groups”, then “Create New Group”. Add a new group (if it doesn’t already exist) called “Administrators” and attach a policy called “AdministratorAccess”. Add your user to the “Administrators” group by opening the group and clicking on “Add Users to Group” under the “Users” tab.

In , click on “Users”, open your user account (which should now be part of the “Administrators” group, and click on the “Security credentials” tab. If you have an access key setup and remember the details then great. If you don’t have an access key or have misplaced the details, just create a new one. Make sure you make note of the “Access key ID” and “Secret access key”. In my case I deleted the existing key where I misplaced the details.

The next step is to install the on your system. I have a Mac so . Alternatively if you are using Docker, Linux or Windows please .

If you are using a Mac the steps are as follows (you will require sudo access):

% curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
% sudo installer -pkg AWSCLIV2.pkg -target /

To confirm the installation completed you can confirm you have the latest AWS CLI installed, which in my case is 2.0.52.

% aws --version
aws-cli/2.0.52 Python/3.7.4 Darwin/19.6.0 exe/x86_64

You will then want to configure your AWS CLI.

% aws configure
AWS Access Key ID [None]: YOUR_IAM_ACCESS_KEY
AWS Secret Access Key [None]: YOUR_IAM_SECRET_KEY
Default region name [None]: eu-west-1
Default output format [None]: json

On my Mac this created a hidden directory in my home directory called .aws which two files in it, config and credentials.

Step 2: Install Docker (skip if you have this already)

I’m going to assume you have Docker installed on your system. If you don’t please follow the guide on “” to sort that out before continuing.

A good indication that Docker is installed properly is if you can run the “hello-world” container.

% docker run hello-world 
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
0e03bdcc26d7: Pull complete
Digest: sha256:8c5aeeb6a5f3ba4883347d3747a7249f491766ca1caa47e5da5dfcf6b9b717c0
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.

...

Step 3: Create a simple Docker image serving on TCP 80 (HTTP)

  • Create a directory called, “medium-tutorial
% mkdir medium-tutorial
% cd medium-tutorial
  • Create a file called, “Dockerfile
medium-tutorial% vi Dockerfile     (use your favourite text editor)
  • Add the following contents to the file.
FROM prakhar1989/static-siteEXPOSE 80

I found the “prakhar1989/static-site” image on the Docker Hub. It creates a very basic Nginx site served using on TCP 80 which is exactly what we want. We are instructing it to expose TCP 80 from the image to the host on TCP 80. I’m assuming you are not using TCP 80 on your host machine now.

Step 4: Build our Docker image

% docker build -t medium/tutorial .
Sending build context to Docker daemon 2.048kB
Step 1/2 : FROM prakhar1989/static-site
---> f01030e1dcf3
Step 2/2 : EXPOSE 80
---> Using cache
---> e2f4f6b8fa23
Successfully built e2f4f6b8fa23
Successfully tagged medium/tutorial:latest

And we can confirm it created like this…

% docker images
REPOSITORY TAG IMAGE ID CREATED
medium/tutorial latest e2f4f6b8fa23 25 minutes ago
prakhar1989/static-site latest f01030e1dcf3 4 years ago

Let’s try and run it…

% docker run --rm medium/tutorial
Nginx is running...

The “ — rm” instructs the container should be removed when the image stops running. If you don’t add this then every time you run this command it will create a new container.

If you are new to Docker and not using it for anything else then this command should return nothing.

% docker ps -a

If you do make a mistake and want to remove all the stopped containers there is a very handy command to do this.

% docker container prune
WARNING! This will remove all stopped containers.
Are you sure you want to continue? [y/N] y
Total reclaimed space: 0B

Step 5: Prepare Amazon ECR to upload the Docker image

Log into into the, “” and “Get Started”, then “Create repository”.

Image for post
Image for post

Give your repository a name and click, “Create repository”.

Image for post
Image for post

Once the repository has been created click “View push commands”. You can also select the repository at any time and click “View push commands”.

Image for post
Image for post

You will want to select either “macOS / Linux” or “Windows” and make a note of those commands below.

Image for post
Image for post

And now we upload the Docker image to AWS ECR.

% aws ecr get-login-password --region eu-west-1 | docker login --username AWS --password-stdin <REMOVED>.dkr.ecr.eu-west-1.amazonaws.com
Login Succeeded
% docker build -t medium-tutorial .
Sending build context to Docker daemon 2.048kB
Step 1/2 : FROM prakhar1989/static-site
---> f01030e1dcf3
Step 2/2 : EXPOSE 80
---> Using cache
---> e2f4f6b8fa23
Successfully built e2f4f6b8fa23
Successfully tagged medium-tutorial:latest
% docker tag medium-tutorial:latest <REMOVED>.dkr.ecr.eu-west-1.amazonaws.com/medium-tutorial:latest% docker push <REMOVED>.dkr.ecr.eu-west-1.amazonaws.com/medium-tutorial:latest
The push refers to repository [<REMOVED>.dkr.ecr.eu-west-1.amazonaws.com/medium-tutorial]
5f70bf18a086: Pushed
1b02d6d2172f: Pushed
2e374fd8130c: Pushed
6292e9fb3e48: Pushed
b74bb18be134: Pushed
d558cbaf81a4: Pushed
ebfc3a74f160: Pushed
031458dc7254: Pushed
12e469267d21: Pushed
latest: digest: sha256:393142f11e9912fe426c19a34b082097ebc87bf3974299baf75eb0b35a39092e size: 3426

If we go back to Amazon ECR now and click on our “medium-tutorial” repository we should see our uploaded image now, which we do.

Image for post
Image for post

Step 6: We now want to use this image with Amazon ECS Fargate

Go to the, “” and click on, “Get Started” or “Create cluster”.

Below we want to click on custom “Configure” to use our own image.

Image for post
Image for post

There is a load of configuration in this section. As a minimum we want to supply our “Container name”, the “Image” location which you can find in ECR, and the “Port mappings” which is TCP 80. For this tutorial the rest of it you can leave default and click “Update”.

Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post

You can leave the rest default and click “Next”.

Image for post
Image for post

Select “Application Load Balancer”, and click “Next”.

Image for post
Image for post

Provide a “Cluster name” and click “Next”.

Image for post
Image for post

Review everything and click “Create”.

Image for post
Image for post
Image for post
Image for post

And it will begin creating your cluster.

Image for post
Image for post

When this has completed you want to go to the , and click on “Load Balancers” in the menu. You should see your newly created Application Load Balancer (ALG) there. Select it and discover the DNS name is for your load balancer and open it in your browser.

Image for post
Image for post

Pretty impressive hey!

This is just a very basic example to demonstrate how it works but this is how you could “serverlessly” scale containers. It is also amazing how easy it is to do this. The most complex part is creating your Docker image which presumably you work with already so the AWS part is really quick and easy.

If you enjoyed reading this article and would like me to write on any other topics please let me know in the comments or email me directly.

I’m the Head of the Networks Practice at . My team specialises in networks, security, and process automation including self-service dashboards. If you would like more information on this please contact me on Alternatively, you can learn more about us on and .

The Startup

Medium's largest active publication, followed by +730K people. Follow to join our community.

Michael Whittle

Written by

CCIE R&S #24223 | Network Architect | Security Specialist | Software Developer | Blockchain Developer | Studying Machine Learning & AI

The Startup

Medium's largest active publication, followed by +730K people. Follow to join our community.

Michael Whittle

Written by

CCIE R&S #24223 | Network Architect | Security Specialist | Software Developer | Blockchain Developer | Studying Machine Learning & AI

The Startup

Medium's largest active publication, followed by +730K people. Follow to join our community.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface.

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox.

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store