AWS Fargate: AI-Optimized Technical Reference

Executive Summary

AWS Fargate is a serverless container platform that costs 2-3x more than EC2 but eliminates infrastructure management. Critical breaking points include subnet IP exhaustion, 2+ minute cold starts for large images, and platform version migrations that break deployments without warning.

Configuration

Production-Ready Settings

Task Definition (Minimum Viable):

{
  "family": "production-app",
  "platformVersion": "1.4.0",  // Pin to prevent breaking migrations
  "requiresCompatibilities": ["FARGATE"],
  "cpu": "512",               // 0.25 vCPU barely usable for real apps
  "memory": "1024",           // Memory allocations round up (2.1GB costs 4GB)
  "networkMode": "awsvpc"
}

Autoscaling That Survives Traffic Spikes:

{
  "targetValue": 70.0,
  "metricType": "CPUUtilization",
  "scaleOutCooldown": 60,     // Default 300s too slow for production
  "scaleInCooldown": 300,
  "minCapacity": 5,           // Minimum to handle sudden load
  "maxCapacity": 100
}

Security Groups (Essential Egress):

{
  "egress": [
    {"protocol": "tcp", "port": 443, "destination": "0.0.0.0/0"}, // HTTPS
    {"protocol": "tcp", "port": 80, "destination": "0.0.0.0/0"}   // HTTP
  ]
}

Critical Platform Specifications

Component	Specification	Production Reality	Failure Consequences
CPU Range	0.25-16 vCPU	0.25 vCPU unusable for real apps	App timeouts, poor performance
Memory Range	512MB-120GB	Allocations round up (2.1GB = 4GB cost)	2x higher bills than expected
Cold Start	"30-60 seconds"	2+ minutes for images >1GB	API timeouts, user frustration
Ephemeral Storage	Up to 200GB	Deleted when task dies	Data loss, failed deployments
Subnet IPs	1 IP per task	Causes scaling failures	Cannot scale beyond subnet capacity

Common Failure Modes and Solutions

Subnet IP Exhaustion (Most Common Production Issue):

• Symptom: "ENI allocation failed" errors during scaling
• Cause: Each task consumes one subnet IP address
• Solution: Use /20 subnets (4,091 IPs) minimum for production
• Prevention: Monitor available IPs: aws ec2 describe-subnets --query 'Subnets[0].AvailableIpAddressCount'

Container Pull Failures:

• Root Cause 90% of cases: Security group blocks outbound HTTPS/HTTP
• Quick Fix: Verify egress rules allow ports 443 and 80
• IAM Permissions Required: ecr:GetDownloadUrlForLayer, ecr:BatchGetImage

Platform Version Breaks:

• Trigger: AWS migrates platform versions without warning
• Impact: Deployment scripts fail, health checks break
• Prevention: Pin platform version in production task definitions

Resource Requirements

Real Cost Analysis

Baseline Comparison (t3.medium equivalent):

• EC2: $24/month
• Fargate: $58/month (2.4x premium)
• Hidden costs add 40% (data transfer, CloudWatch, load balancer)

Cost Optimization Strategies:

• Fargate Spot: 70% savings but interrupts every 4-6 hours
• Image optimization: 2.1GB → 280MB = 5x faster cold starts
• Regional ECR: 2-3x faster pulls than cross-region

Resource Investment Timeline:

• Learning curve: 2 weeks (ECS) vs 2-3 months (EKS)
• Image optimization: 1-2 days engineering time
• Production troubleshooting: Budget 20% more ops time initially

Performance Thresholds

Breaking Points:

• Subnet capacity: 251 IPs per /24 subnet = max concurrent tasks
• Cold start performance: >1GB images = 2+ minute starts
• Memory efficiency: 2.1GB allocation pays for 4GB
• Network performance: Throttled compared to dedicated EC2 instances

Scaling Limitations:

• Target tracking autoscaling: 2-3 minute lag for CPU-based scaling
• Manual intervention required for sudden traffic spikes
• Minimum task count essential: 3-5 tasks for production APIs

Critical Warnings

What Official Documentation Doesn't Tell You

Networking Gotchas:

• Every task eats a subnet IP (not mentioned in pricing docs)
• Security groups apply to tasks, not instances (different mental model)
• Private subnets require NAT Gateway or VPC endpoints ($32.40/month minimum)
• Cross-AZ data transfer charges apply between tasks

Hidden Cost Traps:

• CloudWatch Container Insights: $150/month for medium app
• Log ingestion: $200/month for chatty applications
• Data transfer: $0.01/GB adds up with microservices
• Load balancer minimum: $16.43/month per ALB

Platform Reliability Issues:

• Platform version migrations break deployments without warning
• ARM64 images: Half of Docker ecosystem won't work
• Fargate Spot: Interrupts more frequently than advertised (every 4-6 hours peak)

Breaking Points and Failure Modes

Immediate Deployment Blockers:

1. Subnet IP exhaustion during traffic spikes
2. IAM permission errors for ECR access
3. Security group misconfiguration blocking container pulls
4. Image size >1GB causing timeout failures

Financial Breaking Points:

• Steady 24/7 workloads: EC2 is 2-3x cheaper
• GPU workloads: Not supported on Fargate
• High-performance computing: Network throttling makes it unusable
• Windows containers: Slow, expensive, limited ecosystem

Operational Complexity:

• EKS control plane: Additional $74/month per cluster
• Custom kernels/system access: Not possible
• Database workloads: Terrible I/O performance
• Long-running batch jobs (>4 hours): EC2 Spot 70% cheaper

Decision Criteria

When Fargate Makes Sense

• Microservices APIs: Independent scaling per service
• Batch jobs: Sporadic workloads with unpredictable timing
• Development environments: Spin up/tear down testing
• Background processing: Using Fargate Spot for 70% savings

When Fargate Will Fail You

• GPU workloads: Not supported
• High-performance computing: Network limitations
• Steady 24/7 workloads: 3x cost premium unjustifiable
• Database hosting: Use RDS/DynamoDB instead
• Windows containers: Slow and expensive

Implementation Readiness Checklist

Before Production Deployment:

• Subnet capacity planning (use /20 minimum)
• Image optimization (<500MB target)
• Platform version pinning
• Cost monitoring and alerts configured
• Security group egress rules verified
• IAM roles for ECR access configured

Production Monitoring Requirements:

• Billing alerts at 50% and 80% of budget
• Container Insights or third-party monitoring
• VPC Flow Logs for network troubleshooting
• ECS Exec enabled for runtime debugging

Troubleshooting Quick Reference

Common Error Messages and Solutions

"CannotPullContainerError":

1. Check security group egress (ports 443, 80)
2. Verify subnet routing (NAT Gateway for private subnets)
3. Confirm ECR IAM permissions

"Task placement failed":

1. Check subnet available IP count
2. Create larger subnets or spread across multiple subnets
3. Monitor for subnet exhaustion patterns

"Service scaling failed":

1. Verify autoscaling policy settings
2. Check for platform capacity limits
3. Consider using Fargate Spot for burst capacity

Performance Optimization Actions

Image Optimization (Critical for Cold Starts):

FROM node:16-alpine AS builder
COPY package*.json ./
RUN npm ci --only=production

FROM node:16-alpine
COPY --from=builder /node_modules /node_modules
COPY . .
CMD ["node", "server.js"]  // Faster than npm start

Network Performance:

• Use ECR in same region (2-3x faster pulls)
• Enable zstd compression for images
• Configure VPC endpoints for ECR access in private subnets

This reference contains the operational intelligence needed for automated decision-making about AWS Fargate implementation, including specific breaking points, real costs, and production-ready configurations.