Why do cloud compute instances spin up VMs and not containers?

amazon-web-services containers cloud virtual-machines

Your question is, to some extent, looking at things backwards: EC2 isn't a general-purpose hosting solution that happens to use VMs; it is a service for hosting VMs. As such, there's a few ways to interpret your question.

Why wasn't EC2 designed to use containers?

The answer to this can be deduced from the timeline: EC2 was launched in beta in 2006, and full production in 2008; Docker wasn't publicly released until 2013, and Kubernetes was 2015.

Container technology was being developed at the time EC2 launched - BSD already had "jails", and Linux had some forms of namespace isolation - but it wasn't the mature ecosystem we're familiar with today. Virtual Private Servers, on the other hand, were a well-established concept - VMWare explicitly marketed ESX for hosting services in 2002, the Xen hypervisor followed in 2003, and Linode was launched that same year. EC2's innovation was a system for launching virtual servers on demand using this established technology.

Why hasn't EC2 moved from VMs to containers?

Although containers can be thought of in some ways as "a light-weight VM", this is not a full description, and the two are not inter-changeable. A VM is designed to give the user the illusion that they are accessing a physical server, with full control of the entire system; resources such as networking are presented as virtual hardware with which the user can directly interact if they wish. Containers present a more limited abstraction, and the application is generally much more closely bound to the configuration of the container itself, such as only forwarding specific network ports.

Amazon has added many services over the years, but are very conservative about retiring old ones which customers rely on. So, they do offer many services based around containers rather than VMs, such as ECS (Elastic Container Service, launched 2014), Fargate (launched 2017), and EKS (Elastic Kubernetes Service, launched 2018); but they are unlikely to retire EC2 if users are still using it.

Why haven't users moved to container services?

Given that container-based cloud hosting is available, why do people still opt to use VM-based services like EC2?

I think there are several reasons; a few that come to mind:

  • Familiarity: People understand how to configure a VM, and can learn the differences between a local VM and an EC2 instance relatively quickly. Understanding container technology requires more re-training.
  • Migration cost: Existing systems can often be run un-modified on an EC2 instance, including entire operating systems and graphical interfaces. Containerising an application is generally more complex.
  • Security: The less of the system is shared, the lower the risk of data leaking to other customers. Container hosting services will often try to mitigate this by orchestrating separate VMs for each customer, but this has an obvious cost for some of the metrics you mention like startup speed.

So, although containers continue to grow in popularity, they have not yet completely replaced virtual servers, and probably never will. As such, EC2, and similar VM-based cloud hosting services, are here to stay.


Containers typically run only a single application and are immutable, i.e. and changes are not preserved across restarts. Containers also don't have their own kernel.

VMs on the other hand run the whole Operating System, including the kernel, init scripts, system daemons, etc. And the storage is typically preserved across restarts.

VMs and Containers serve different purpose - google something like "VMs vs Containers", there's plenty on the internet.

If you want to run Container as a service in AWS without having to worry about the underlaying VMs look at AWS Fargate - that does exactly what you want.

Hope that helps :)


Security is definitely a reason. Containers share the same kernel between them and the host. So they are not considered 100% isolated.

Yet cloud providers do provide containers also. AWS does it too. I suppose containers are cheaper than VMs, but I haven't checked.

In essence what you ask is a more general topic, VMs vs. containers; regardless of platform, the same pros and cons apply.

Related

Ordinary users are able to read /etc/passwd, is this a security hole?
Accidentally deleted entire Active Directory [closed]
How to automatically restart Nginx when it goes down
Linux SSD as HDD cache
php mail() function painfully slow on local development machine
Change TeamCity IP address and port number on multi-homed Windows Server 2008 running IIS 7
What are the pros and cons of AWS Elastic Beanstalk compared with other deployment strategies?
Server vendor that allows 3rd party disks
How to track superuser activities
Verify TRIM support with BtrFS on SSD
Sanity check on 40TB server configuration
Internal DNS inside Amazon AWS VPC