Lower My AWS Bill
A pile of different Tupperware containers.
06.07.2023

17 Final Ways to Run Containers

By Corey Quinn
I originally had a throwaway joke on Twitter that became an article: 17 Ways to Run Containers on AWS. That was all well and good, and because I don't know when to…
LinkedInReddit
Home Blog 17 Final Ways to Run Containers

I originally had a throwaway joke on Twitter that became an article: 17 Ways to Run Containers on AWS. That was all well and good, and because I don’t know when to leave well enough alone, a few months later I wrote 17 More Ways to Run Containers on AWS. And now, since I don’t know when to leave well enough alone and stop beating the greasy smear on the sidewalk where the horse used to be, I want to introduce the third article in this series.

Because the line “17 ways to run containers on AWS” has had some staying power, I want to first give a bit of context here behind what the point of me writing these roundups is. It started off as a customer frustration on my part; I wanted a container to run and instead found myself facing the paradox of choice. I figured I’d start listing off all of the different options and was kinda surprised just how many ways there are to run a container using an AWS service. It makes sense on some level; containers have become many things, but to my worldview they’re first and foremost a packaging format. This list could almost be reskinned as “ways to execute a binary on AWS,” but that’s less fun and nowhere near as engaging.

You could also deal with the very real fact that a lot of security issues distill down to “running a cryptocurrency miner in someone else’s account;” on some way a lot of these container approaches do provide an abuse vector for bad actors to profit at the customer’s expense, so I suppose I could take the high road and say it’s here as a warning to maintain vigilance about security.

But honestly? I just think it’s funny. Let’s dive in. The headlines are all clickable links if you want to explore further.

1. ECR Public by way of App Runner

In 2021 ECR Public got a “launch with App Runner” button, and the world has… basically not changed all that much as a direct result of that feature, if I’m being honest.

2. RDS Custom

Once upon a time it was easy to figure out the difference between RDS and EC2; then RDS Custom came along and blurred the line. You can now use explicit AMIs for your RDS Custom instances, and yes Virginia: they can run containers.

3. Amazon Genomics CLI

I do not know why genomics requires its own specific CLI, but it spins up a few specific things to support that niche style of workload in a variety of different locations, including of course on Fargate-managed containers. Please don’t create a monster with it.

4. Terrifyingly via CloudFormation

Yes, I already listed CloudFormation in a previous roundup. However, this talks about the BreakingFormation zero day vulnerability that Orca Security reported to AWS that they fixed; before that you could apparently make requests on behalf of a CloudFormation infrastructure server. I suppose as a result you could safely say that this particular way to run containers has been deprecated.

5. AWS Panorama

AWS Panorama is a device that brings image recognition to your existing cameras; you can of course provision it via containers.

6. AWS Systems Manager

There are a few ways to do this via Systems Manager, and I’ve hit them before. This new way is to use Systems Manager’s on-premises instance management capability, thus solving the long-standing problem I’ve had of not paying AWS to run containers on my own laptop.

7. On EC2 Spot Instances

You may well posit that it’s ridiculous for me to call this option out as distinct from EC2, which I’ve covered previously. I agree with you–and yet, the AWS Containers marketing website does too! Who am I to argue with AWS Marketing? After all, they never responded to my [CMO Application](https://www.youtube.com/watch?v=2ve_Xmtx7_o).

8. Google Cloud’s Anthos

Look, I have absolutely zero idea why you would use one cloud’s tooling to run workloads on another cloud, but apparently this is either something customers do, or something cloud marketers fervently wish that customers would do. So they made this technically possible, and it’s extremely cursed.

9. IAM

Yes, that’s right, I said IAM. All you have to do to prove this is to commit root credentials to GitHub and wait. You will very shortly find containers coming out of your ears, which is why free tier surprises have grown geometrically in recent years. Cryptominers are spectacular at wringing out every last cycle from an AWS account, and quickly. But hope is not lost! If you want to configure a service that confuses you, scope IAM credentials to that service and publish the creds in public. Wait a few minutes, and you’ll discover that whatever that service is has been transformed into a cryptocurrency miner. Close the access off, replace the containers with your workloads, and knock off early for lunch. Weaponizing bad actors to do your job is fast becoming mainstream thanks to ChatGPT…

10. DeepRacer

Yes, someone has done this and it’s amazing. Allison Thackston installed Docker on a DeepRacer car to solve a problem, and I’m absolutely here for this.

11. CodeCatalyst

AWS released CodeCatalyst and it is a freaking wonder of a service. It does so much right (A customer identity beyond that tied to a specific AWS account! A free tier that will never charge you because your card isn’t ever charged until you affirmatively upgrade! A unified view of AWS products in service of getting your application up!), and I’m excited to see where it goes. That said, it lets you spin up applications in a few different key ways and of *course* containers are prolific within it, so here it is on the list.

12. EventBridge Pipes

This connects sources to targets–but it can also enrich the data along the way via Lambda functions or Step Functions. Both of those in turn can do their work via containers, so yup–there you go.

13. AWS Application Composer

Another attempt at the “spin an application up” space, Application Composer lets you drag and drop components (such as containers) into place before converting the result into that most sinful of languages, YAML.

14.Tricking an AWS Employee into Running it for Me

This one is very far below the belt, but I couldn’t help myself. I posted a gist explaining how some service (I believe it was App Runner?) wasn’t doing what it was supposed to be doing. Some helpful AWS employee ran through the gist, saw that the container spun up with a web server listening, hit it… and was rewarded with the linked image. I assure you, it’s worth the click. I would also like to point out that this person did absolutely nothing wrong, and was attempting to help a customer who in this instance was being a complete jackhole. Please don’t do this; it’s honestly the one thing on this list that I regret doing.

15. Finch

I’ve been using Finch for a bit now as a drop-in replacement for Docker Desktop for Mac. As a result of this, if Finch *doesn’t* run containers I’m going to be filing a GitHub issue or two about it.

16. AWS Modular Data Center

If you are the US Government and wish to use the Joint Warfighting Cloud Capability contract to just absolutely destroy some faraway place, their new offering is available exclusively to you. Details are obviously sparse, but I have to assume that you can drop this thing, laden with containers all the while, and have it parachute down to the battlefield. I suppose we’ll continue to lie to ourselves as a society and say we’re exporting democracy when we’re really exporting Docker containers.

17. Workshop Studio

Usually you need a facilitator at an event to get access to this, but as of this writing they claim that a browsable catalog of workshops is coming soon. That lets you spin up infrastructure in a sandboxed environment for which you are not responsible to pay, and achieve a goal. So very often, that goal includes containers along the way.

And there you have it, 17 ways to run containers. Please, please, please tell me that I won’t have to write a fourth installment? That said, if I’ve missed any please take a second to let me know what they are.

Corey Quinn Headshot
by Corey Quinn

Corey is the Chief Cloud Economist at The Duckbill Group, where he specializes in helping companies improve their AWS bills by making them smaller and less horrifying. He also hosts the "Screaming in the Cloud" and "AWS Morning Brief" podcasts; and curates "Last Week in AWS," a weekly newsletter summarizing the latest in AWS news, blogs, and tools, sprinkled with snark and thoughtful analysis in roughly equal measure.

More Posts from Corey

Back to the Blog

AWS’s (de)Generative AI Blunder

By Corey Quinn

AWS has been very publicly insecure about the perception that it’s lagging behind in the Generative AI space for the past year. Unfortunately, rather than setting those perceptions to rest, AWS’s GenAI extravaganza at re:Invent 2023 seemed to prove them true.  Of the 22 GenAI-related announcements, half of them are still in preview. Many were […]

Read More about AWS’s (de)Generative AI Blunder

Generative AI Builds a re:Invent Scavenger Hunt

By Corey Quinn

Let’s begin with the tl;dr: At this year’s re:Invent, I’m hosting a photo scavenger hunt with significant prizes for “most items found” and “most creative entry.” Sign up through my webapp at findme.lastweekinaws.com. The rest of this post details how I built this app.

Read More about Generative AI Builds a re:Invent Scavenger Hunt

How to Stop Feeding AWS’s AI With Your Data

By Corey Quinn

AWS may be using your data to train its AI models, and you may have unwittingly consented to it. Prepare to jump through a series of complex hoops to stop it.

Read More about How to Stop Feeding AWS’s AI With Your Data
footprint-orange
© 2024 The Duckbill Group. All Rights Reserved.
Privacy Policy Cookie Policy