AWS Fargate: Serverless Containers That Remove EC2 from the Equation
When you run containers on EC2, you manage two things: the containers and the EC2 fleet they run on. You size the instances, patch the OS, handle the cluster autoscaler, and make sure no instance is overprovisioned. Fargate eliminates the second half of that equation.
With Fargate, you define how much CPU and memory a task needs, specify the container image, configure networking, and run it. AWS handles the underlying compute. You pay per vCPU and GB-second of runtime — nothing for idle capacity.
How Fargate Works
Fargate sits between two orchestrators: ECS and EKS. It provides the compute layer for both, but you interact through the orchestrator’s API rather than Fargate directly.
┌─────────────────────────────────────────────────────────────────┐│ Fargate Compute Layer ││ ││ ECS Task (Fargate) EKS Pod (Fargate) ││ ┌────────────────────┐ ┌──────────────────────┐ ││ │ Your container(s) │ │ Your container(s) │ ││ │ .5 vCPU, 1 GB RAM │ │ .25 vCPU, .5 GB RAM │ ││ └────────────────────┘ └──────────────────────┘ ││ │ │ ││ ┌──────────▼──────────────────────────────▼─────────────────┐ ││ │ AWS Fargate MicroVM (Firecracker) │ ││ │ Task/Pod gets dedicated kernel — no shared OS with │ ││ │ other customers or other tasks │ ││ └───────────────────────────────────────────────────────────┘ │└─────────────────────────────────────────────────────────────────┘Each Fargate task or pod runs in its own isolated Firecracker microVM — a lightweight virtual machine with a separate kernel. This gives stronger isolation than containers on shared EC2 instances, where containers share a kernel.
Fargate CPU and Memory Combinations
Fargate requires you to select from pre-defined CPU and memory combinations:
| CPU (vCPU) | Valid Memory Range |
|---|---|
| 0.25 | 0.5 GB – 2 GB |
| 0.5 | 1 GB – 4 GB |
| 1 | 2 GB – 8 GB |
| 2 | 4 GB – 16 GB |
| 4 | 8 GB – 30 GB |
| 8 | 16 GB – 60 GB |
| 16 | 32 GB – 120 GB |
This is different from EC2 where you choose a fixed instance size. Fargate lets you fine-tune CPU and memory independently within each tier.
For a typical Node.js API that serves 200 requests/second and uses 300 MB RAM: .5 vCPU, 1 GB is the right task size. You are not forced to take 2 vCPUs and 8 GB like you would with a t3.large.
ECS with Fargate
# Register a task definition for Fargateaws ecs register-task-definition \ --family payment-api \ --network-mode awsvpc \ --requires-compatibilities FARGATE \ --cpu "512" \ --memory "1024" \ --execution-role-arn arn:aws:iam::123456789012:role/ecsTaskExecutionRole \ --task-role-arn arn:aws:iam::123456789012:role/payment-api-role \ --container-definitions '[ { "name": "api", "image": "123456789012.dkr.ecr.us-east-1.amazonaws.com/payment-api:v3", "portMappings": [{"containerPort": 8080}], "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-group": "/ecs/payment-api", "awslogs-region": "us-east-1", "awslogs-stream-prefix": "api" } } } ]'
# Run a standalone taskaws ecs run-task \ --cluster production \ --task-definition payment-api:5 \ --launch-type FARGATE \ --count 1 \ --network-configuration "awsvpcConfiguration={ subnets=[subnet-0a1b2c,subnet-0d4e5f], securityGroups=[sg-payment-tasks], assignPublicIp=DISABLED }"Fargate Spot
Fargate Spot is the Fargate equivalent of EC2 Spot Instances. AWS provides spare Fargate capacity at up to 70% discount. Your task can be interrupted with a 2-minute warning.
aws ecs create-service \ --cluster production \ --service-name batch-processor \ --task-definition batch-job:1 \ --desired-count 5 \ --capacity-provider-strategy '[ {"capacityProvider": "FARGATE_SPOT", "weight": 3}, {"capacityProvider": "FARGATE", "weight": 1} ]' \ --network-configuration "awsvpcConfiguration={ subnets=[subnet-0a1b2c], securityGroups=[sg-batch] }"This puts 75% of tasks on Fargate Spot and 25% on regular Fargate. If Fargate Spot capacity is reclaimed, the regular Fargate tasks keep running.
EKS with Fargate
EKS Fargate profiles define which pods run on Fargate rather than EC2 nodes. Pods that match the profile’s namespace and label selectors are automatically placed on Fargate.
# Create Fargate profile for the "serverless" namespaceaws eks create-fargate-profile \ --cluster-name production \ --fargate-profile-name serverless-workloads \ --pod-execution-role-arn arn:aws:iam::123456789012:role/EKSFargatePodRole \ --subnets subnet-private-0a1b2c subnet-private-0d4e5f \ --selectors '[ {"namespace": "serverless"}, {"namespace": "kube-system"} ]'All pods in the serverless namespace land on Fargate. Pods in other namespaces use EC2 node groups.
EKS Fargate Limitations
Fargate pods have restrictions that EC2 pods do not:
- No DaemonSets (Fargate does not support host-level daemons)
- No EBS PersistentVolumes (use EFS instead — it supports multi-AZ and multi-pod mounts)
- No privileged containers or
hostNetwork - Each pod is limited to 20 GB of ephemeral storage
- Pod startup is slower than pods on warm EC2 nodes
These limitations make Fargate unsuitable for some workloads (like Prometheus node exporters or log collectors that need host access), but it is excellent for stateless API workloads.
Fargate Networking
Fargate tasks use awsvpc networking — each task gets its own ENI with a private IP from your VPC subnet. This means:
- Tasks are directly addressable in your VPC
- Security groups apply at the task level, not at a node level
- Tasks in private subnets need a NAT Gateway or VPC endpoints for outbound internet or AWS API access
Private subnet (10.0.2.0/24): Fargate Task 1: 10.0.2.45 Fargate Task 2: 10.0.2.67 Fargate Task 3: 10.0.2.89
RDS security group: allow TCP 5432 from sg-fargate-tasksFargate task security group: sg-fargate-tasks (outbound 5432 to sg-rds)Fargate Pricing
Fargate bills for vCPU and memory per second, from when the task starts until it stops:
- vCPU: $0.04048 per vCPU-hour
- Memory: $0.004445 per GB-hour
A task with 0.5 vCPU and 1 GB running for 24 hours:
vCPU: 0.5 × 24h × $0.04048 = $0.4858Memory: 1 GB × 24h × $0.004445 = $0.1067Total: ~$0.59/dayAn equivalent t3.small On-Demand runs 0.499/day. Fargate is slightly more expensive than the equivalent On-Demand instance, but you are not paying for capacity you are not using, and you have no infrastructure management overhead.
Fargate Spot reduces costs by up to 70%, making it cheaper than On-Demand EC2 for interruptible workloads.
When Fargate Makes Sense
Good fit:
- Microservices with variable or unpredictable traffic
- Batch processing jobs that run periodically
- Development and staging environments
- Teams without dedicated operations staff
- Security-sensitive workloads that benefit from task-level isolation
Better on EC2:
- GPU workloads (no GPU support on Fargate)
- Consistent high-throughput workloads where EC2 Reserved Instances are cheaper
- Applications that need host-level access or DaemonSets
- Workloads that need local NVMe SSD (storage-optimised instances)
Real-World Scenario: SaaS Platform Migration
A SaaS company migrates from self-managed EC2 instances to ECS Fargate:
Before: 12 EC2 t3.medium instances in an ASG, always running, patched manually, 40% average CPU utilisation.
After: ECS service with desired count 4, target tracking on CPU at 60%, Fargate tasks spin up in under 60 seconds during spikes. No OS patching. No right-sizing decisions. The team stopped maintaining a patching schedule.
Cost impact: The EC2 fleet ran ~180/month (4 tasks × 0.5 vCPU/1 GB RAM). Spikes to 12 concurrent tasks still cost less than the old fleet because the extra tasks only run for hours, not weeks.
Common Interview Questions
Q: What is the difference between Fargate and Lambda? Both are serverless compute that remove infrastructure management. Lambda runs code for up to 15 minutes in response to events; it is function-level. Fargate runs Docker containers with no time limit (tasks can run for days); it is container-level. Fargate supports more memory (up to 120 GB vs Lambda’s 10 GB) and allows any containerised workload.
Q: Can Fargate tasks use EBS volumes? No. Fargate tasks only support ephemeral storage (up to 200 GB configurable) and EFS for persistent shared storage. For workloads that need EBS, use EC2 launch type.
Q: How does Fargate Spot differ from EC2 Spot? Both offer significant discounts for interruptible capacity. The key difference: EC2 Spot gives you a 2-minute termination warning and requires you to handle the interruption in your application or ASG. Fargate Spot sends an ECS task stop signal with a 2-minute window, which ECS handles. The task simply stops; the ECS service scheduler starts a replacement on regular Fargate if configured to do so.
Q: Does Fargate support Windows containers?
Yes. ECS Fargate supports Windows containers with WINDOWS_SERVER_2019_CORE and WINDOWS_SERVER_2022_CORE platform versions. Pricing for Windows Fargate is higher than Linux due to Windows Server licensing costs.