AWS Fargate Cheat Sheet - Complete Serverless Container Guide 2025

AWS Fargate is a serverless, pay-as-you-go compute engine for containers. It lets you run containers without provisioning or managing servers. With AWS handling server management, resource allocation, and auto scaling, you can:

• Focus entirely on building and deploying your applications
• Accelerate your time-to-market from idea to production
• Reduce operational overhead and lower total cost of ownership (TCO)

How It Works

Key Concepts

Clusters

• Logical grouping of tasks or services
• In Fargate, you don't manage servers, but still organize apps into clusters

Tasks

• The basic unit of deployment (like a running container or group of containers)
• You define its image, CPU, memory, networking, etc.
• On EKS (Kubernetes), Fargate runs pods instead of tasks

Task Definitions

• The blueprint or recipe for running tasks
• Specifies container image, resources, environment variables, etc.

Services

• Ensure a specified number of task instances are always running
• If a task fails, the service automatically replaces it
• Great for high availability & auto-healing workloads

Lifecycle of a Fargate Task / Pod

1. You or another AWS service launches a task or pod using Fargate as the launch type
2. Fargate provisions compute, schedules the task or pod, and runs your application
3. After execution completes, Fargate automatically stops the task and cleans up resources

Task & Pod Execution Roles

• Each task or pod can be assigned an IAM execution role
• These roles grant access to other AWS services (e.g., S3, CloudWatch, Secrets Manager)
• Follows the principle of least privilege - only grant necessary permissions

Integration with Other AWS Services

• Amazon ECS / EKS - Use Fargate as the compute engine
• Elastic Load Balancing (ELB) - Route traffic to running Fargate tasks
• Amazon CloudWatch - Monitor logs and metrics
• Amazon RDS / DynamoDB / S3 - Backend data storage
• AWS IAM, Secrets Manager, EFS - Secure and extend functionality

Use Cases

Web Applications, APIs & Microservices

• Quickly build and deploy containerized web apps, APIs, and microservices
• Eliminate the need to manage underlying infrastructure and focus entirely on your code
• Benefit from the immutability and speed of containers, without server overhead

Application Modernization

• Use Fargate with Amazon ECS or EKS to modernize existing applications
• Easily migrate legacy workloads, including Windows containers, without refactoring
• Automatically handle scaling, patching, and resource provisioning

AI & Machine Learning (ML) Workloads

• Create flexible, portable ML environments for training, testing, and deployment
• Run containerized ML workflows without worrying about infrastructure sizing
• Avoid overprovisioning by letting Fargate handle resource allocation dynamically

Data Processing & Batch Workloads

• Run scalable data processing pipelines without managing compute clusters
• Fargate supports up to 16 vCPU and 120 GB RAM per task
• Seamlessly integrate with AWS Batch for serverless parallel processing at scale

Event-Driven Architectures

• Trigger containers using S3, SQS, SNS, Kinesis, etc.
• Great for short-lived, on-demand tasks

AWS Fargate Network

ENI (Elastic Network Interface)

Each ECS task on Fargate is assigned one ENI with a:

• Primary private IPv4 address
• Optional public IPv4 address (if launched in a public subnet)
• Optional IPv6 address (if using dual-stack mode with an IPv6-enabled subnet)

Key ENI Characteristics:

• All containers in a task share the same ENI and can communicate over localhost
• Fully managed by AWS
• Immutable during task runtime (you can't detach/modify them)
• Released when the task is stopped

Internet Access Options

Public Subnet:

• Assign a public IP to the task ENI
• Internet access through Internet Gateway

Private Subnet:

• No public IP assigned
• Use a NAT Gateway for internet access

VPC Interface Endpoints (AWS PrivateLink):

• Pull images from Amazon ECR without public internet
• Communicate privately with AWS services

IAM & Permissions

ECS Execution Role is required to:

• Pull images from ECR
• Fetch secrets (AWS Secrets Manager or Systems Manager)
• Push logs to CloudWatch or external systems

Monitoring & Observability

• Each ENI can be monitored with VPC Flow Logs
• Enables traffic auditing and diagnostics at the task level

DNS & Hostnames

Tasks get Amazon-provided DNS hostnames if:

• enableDnsSupport and enableDnsHostnames are enabled in the VPC
• Otherwise, hostname defaults to a random name

Network Constraints

• Up to 16 subnets and 5 security groups per awsVpcConfiguration
• Tasks support Jumbo Frames (higher MTU) with platform version 1.4.0+ (Linux) or 1.0.0 (Windows)

Load Balancer Compatibility

Supports:

• Application Load Balancer (ALB)
• Network Load Balancer (NLB)

Not Supported:

• Classic Load Balancer

Configuration:

• For target groups: use IP as the target type (not instance)

IPv6 & Dual-Stack Mode

Tasks in dual-stack subnets can receive both IPv4 and IPv6.

Requirements for IPv6:

• VPC and subnet must be IPv6-enabled
• Subnet must auto-assign IPv6 addresses
• Account must have dualStackIPv6 ECS setting enabled
• Platform version 1.4.0+ (Linux) is required

With an internet gateway or egress-only internet gateway, tasks with IPv6 can access the internet without NAT.

AWS Fargate Compliance

AWS Fargate Pricing

Fargate charges based on:

Sample Pricing (US East - N. Virginia)

Example: A task with 1 vCPU & 2 GB RAM running for 1 hour costs: = (1 × $0.04048) + (2 ×$0.004445) = ~$0.04937

Additional Costs

References

• How It Works
• Use Cases
• Amazon ECS task networking
• AWS Services in Scope by Compliance Program
• AWS Fargate Pricing