Menu
Amazon Elastic Container Service
Developer Guide (API Version 2014-11-13)

AWS Fargate on Amazon ECS

AWS Fargate is a technology that you can use with Amazon ECS to run containers without having to manage servers or clusters of EC2 instances. With AWS Fargate, you no longer have to provision, configure, and scale clusters of virtual machines to run containers. This removes the need to choose server types, decide when to scale your clusters, or optimize cluster packing.

When you run your tasks and services with the Fargate launch type, you package your application in containers, specify the CPU and memory requirements, define networking and IAM policies, and launch the application.

This topic describes the different components of Fargate tasks and services, and calls out special considerations for using Fargate with Amazon ECS.

AWS Fargate with Amazon ECS is currently only available in the following regions:

Region Name Region
US East (N. Virginia) us-east-1
US East (Ohio) us-east-2
US West (Oregon) us-west-2
EU West (Ireland) eu-west-1

The following walkthroughs help you get started using AWS Fargate with Amazon ECS:

Task Definitions

Tasks that use the Fargate launch type do not support all of the task definition parameters that are available. Some parameters are not supported at all, and others behave differently for Fargate tasks.

The following task definition parameters are not valid in Fargate tasks:

  • disableNetworking

  • dnsSearchDomains

  • dnsServers

  • dockerSecurityOptions

  • extraHosts

  • links

  • host and sourcePath

  • linuxParameters

  • placementConstraints

  • privileged

To ensure that your task definition validates for use with the Fargate launch type, you can specify the following when you register the task definition:

  • In the AWS Management Console, for the Requires capabilities field, specify FARGATE.

  • In the AWS CLI, specify the --requires-compatibilities option.

  • In the API, specify the requiresCapabilities flag.

Network Mode

Fargate task definitions require that the network mode is set to awsvpc. The awsvpc network mode provides each task with its own elastic network interface. For more information, see Task Networking with the awsvpc Network Mode.

A network configuration is also required when creating a service or manually running tasks. For more information, see Task Networking.

Task CPU and Memory

Fargate task definitions require that you specify CPU and memory at the task level. Although you can also specify CPU and memory at the container level for Fargate tasks, this is optional. Most use cases are satisfied by only specifying these resources at the task level. The table below shows the valid combinations of task-level CPU and memory.

CPU value Memory value
256 (.25 vCPU) 0.5 GB, 1 GB, 2 GB
512 (.5 vCPU) 1 GB, 2 GB, 3 GB, 4 GB
1024 (1 vCPU) 2 GB, 3 GB, 4 GB, 5 GB, 6 GB, 7 GB, 8 GB
2048 (2 vCPU) Between 4 GB and 16 GB in 1 GB increments
4096 (4 vCPU) Between 8 GB and 30 GB in 1 GB increments

Logging

Fargate task definitions only support the awslogs log driver for the log configuration. This configures your Fargate tasks to send log information to Amazon CloudWatch Logs. The following shows a snippet of a task definition where the awslogs log driver is configured:

"logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-group" : "/ecs/fargate-task-definition", "awslogs-region": "us-east-1", "awslogs-stream-prefix": "ecs" }

For more information about using the awslogs log driver in task definitions to send your container logs to CloudWatch Logs, see Using the awslogs Log Driver.

Amazon ECS Task Execution IAM Role

There is an optional task execution IAM role that you can specify with Fargate to allow your Fargate tasks to make API calls to Amazon ECR. The API calls pull container images as well as call CloudWatch to store container application logs. For more information, see Amazon ECS Task Execution IAM Role.

Example Task Definition

The following is an example task definition using the Fargate launch type that sets up a web server:

{ "containerDefinitions": [ { "command": [ "/bin/sh -c \"echo '<html> <head> <title>Amazon ECS Sample App</title> <style>body {margin-top: 40px; background-color: #333;} </style> </head><body> <div style=color:white;text-align:center> <h1>Amazon ECS Sample App</h1> <h2>Congratulations!</h2> <p>Your application is now running on a container in Amazon ECS.</p> </div></body></html>' > /usr/local/apache2/htdocs/index.html && httpd-foreground\"" ], "entryPoint": [ "sh", "-c" ], "essential": true, "image": "httpd:2.4", "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-group" : "/ecs/fargate-task-definition", "awslogs-region": "us-east-1", "awslogs-stream-prefix": "ecs" } }, "name": "sample-fargate-app", "portMappings": [ { "containerPort": 80, "hostPort": 80, "protocol": "tcp" } ] } ], "cpu": "256", "executionRoleArn": "arn:aws:iam::012345678910:role/ecsTaskExecutionRole", "family": "fargate-task-definition", "memory": "512", "networkMode": "awsvpc", "requiresCompatibilities": [ "FARGATE" ] }

Task Storage

When provisioned, each Fargate task receives the following storage. Task storage is ephemeral. After a Fargate task stops, the storage is deleted.

  • 10 GB of Docker layer storage

  • An additional 4 GB for volume mounts. This can be mounted and shared among containers using the volumes, mountPoints and volumesFrom parameters in the task definition.

    Note

    The host and sourcePath parameters are not supported.

For more information about Amazon ECS default service limits, see Amazon ECS Service Limits.

The following shows a snippet of a task definition where two containers are sharing a single volume:

{ "containerDefinitions": [ { "image": "my-repo/database", "mountPoints": [ { "containerPath": "/var/scratch", "sourceVolume": "database_scratch" } ], "name": "database1", } { "image": "my-repo/database", "mountPoints": [ { "containerPath": "/var/scratch", "sourceVolume": "database_scratch" } ], "name": "database2", } ], "volumes": [ { "name": "database_scratch" } ] }

Tasks and Services

After you have your Fargate task definition prepared, there are some considerations to make when creating your service.

Task Networking

Tasks using the Fargate launch type require the awsvpc network mode, which provides each task with an elastic network interface. When you run a task or create a service with this network mode, you must specify one or more subnets to attach the network interface and one or more security groups to apply to the network interface.

Decide whether to provide a public IP address for the network interface. For a Fargate task to pull container images, a public IP address needs to be assigned to the task's elastic network interface, with a route to the internet or a NAT gateway that can route requests to the internet. For more information, see Task Networking with the awsvpc Network Mode.

The following is an example of the networkConfiguration section for a Fargate service:

"networkConfiguration": { "awsvpcConfiguration": { "assignPublicIp": "ENABLED", "securityGroups": [ "sg-12345678" ], "subnets": [ "subnet-12345678" ] } },

Services with tasks that use the awsvpc network mode (for example, those with the Fargate launch type) only support Application Load Balancers and Network Load Balancers. Classic Load Balancers are not supported. Also, when you create any target groups for these services, you must choose ip as the target type, not instance. This is because tasks that use the awsvpc network mode are associated with an elastic network interface, not an Amazon EC2 instance. For more information, see Service Load Balancing.

Clusters

Clusters can contain tasks using both the Fargate and EC2 launch types. When viewing your clusters in the AWS Management Console, Fargate and EC2 task counts are displayed separately.

For more information about Amazon ECS clusters, including a walkthrough for creating a cluster, see Amazon ECS Clusters.