Cloud experts weigh in on AWS container capabilities
Learn where AWS container services stand today: what limitations AWS needs to improve upon and where Amazon's container capabilities are headed in the future.
Containerization is an essential part of modern software development. AWS and other cloud providers have adopted containers in step with their users and offer services to host them on the cloud.
AWS was the major cloud provider to sell a managed service for Docker containers when it launched Amazon EC2 Container Service in 2015 -- since renamed Amazon Elastic Container Service (ECS). AWS has continued to expand those offerings and currently has the broadest range of cloud-based managed container services, but they're not without their limitations.
Let's break down where AWS container capabilities stand today and see what industry experts have to say about users' remaining challenges and Amazon's potential areas for improvement.
AWS container capabilities
AWS has four main managed container offerings: ECS, Amazon Elastic Kubernetes Service (EKS), Amazon Elastic Container Registry (ECR) and AWS Fargate. Users can also deploy containers manually on EC2 instances.
ECS is a native container orchestration service that's built to work with the entire AWS platform. Many Amazon cloud services, such as Amazon SageMaker and AWS Batch, can run on ECS. It supports containers that are compliant with the Open Container Initiative (OCI), including Docker, and deeply integrates with Amazon cloud services such as EC2, Elastic Load Balancing, Amazon Virtual Private Cloud, and AWS Identity and Access Management (IAM).
EKS is the Kubernetes variant of AWS' managed container services. AWS developed its own orchestrator with ECS and still promotes it as the best way to work with its other native cloud services. But AWS added EKS after Kubernetes became a de facto industry standard, said Roy Illsley, a distinguished analyst at Ovum.
Roughly half of all Kubernetes deployments run on AWS, according to a recent Cloud Native Computing Foundation report.
ECR is a managed cloud-based container image registry where customers can store and manage all their container images. Like ECS, it is OCI-compliant. Users can copy their images from Docker Hub or the public Docker registry, or import images from a development environment. The images stored in Amazon ECR are encrypted at rest and access is integrated with IAM services. The current ECR offering does not perform automatic image scanning and threat identification, but AWS said this is on the roadmap.
Fargate is a serverless compute engine built for containers that currently supports ECS. AWS plans to expand this to other orchestrators, Illsley said. Fargate enables users to run containers without worrying about infrastructure. In Fargate, the user describes the initial and CPU settings in the task definition, and AWS automatically launches and scales the required compute resources. Fargate is a fit for organizations looking for a simpler container management approach.
AWS container limitations
Some experts still see plenty of room for growth with AWS' container capabilities. They cite concerns with limited integrations, security and scalability.
For example, AWS may have been an early container adopter, but for each of its managed offerings, customers still need to determine how to integrate the container service with security, logging, storage, networking, databases and other services, said Dave Bartoletti, vice president and principal analyst at Forrester Research.
AWS needs to do more to simplify the use of containers and Kubernetes and better integrate other components and services to create a more cohesive container platform, said Gary Chen, IDC research director of software-defined compute. This applies to both native and third-party integrations. AWS should improve integrations with tools for monitoring and visibility, application performance management, service mesh, serverless, CI/CD build systems and PaaS platforms, he said.
Operations teams are also concerned about container security. Cloud container services can shift some of the burden to the provider, but users are ultimately responsible for many of the configuration and security tasks, Chen said.
Furthermore, AWS does not always exhibit the same flexibility as alternatives such as Google Kubernetes Engine, which was built from the start around Kubernetes and scalability, said Torsten Volk, managing research director at Enterprise Management Associates. Customers want seamless scalability to avoid overprovisioning, and it's a legitimate of improvement for AWS container services, he said.
Finally, companies that prioritize cross-cloud portability over speed should avoid deep integration with proprietary services of any specific cloud, including AWS, Bartoletti said.
Outpost could open the hybrid cloud for AWS managed container services
Experts are unsure if or when AWS Outposts will support Fargate, but they see the on-premises cloud service as an opportunity to establish hybrid cloud container capabilities through AWS' managed services.
Outpost should support ECS and EKS, though not at launch, Chen said. Fargate support would, in theory, follow. Fargate would likely be a better fit over ECS and EKS, because Fargate already handles the back-end load of container orchestration.
Outposts could become a path for migrating containers readily between on-premises and cloud because it takes infrastructure management out of the equation, Volk said. And more Kubernetes management options will help differentiate AWS container capabilities from competitors, he said.
With this capability, users could potentially write their Kubernetes applications to work on Outpost or Fargate, Volk said.
"It shouldn't matter to you, and then you have a hybrid environment, because Kubernetes is about making an application consistently run everywhere and providing one API to write code for," he said.