AWS recently announced support for Seekable Open Container Initiative (SOCI) with AWS Fargate. SOCI enables lazy-loading of images which reduces container start-up times on Amazon Elastic Container Service (ECS). In addition, AWS released two tools, SOCI Index Builder and SOCI Snapshotter, to help its customers take advantage of this new functionality.
SOCI is an open-source technology released by AWS in 2022. It was developed to enable the lazy-loading of Open Container Initiative (OCI) image layers but without modifying the final image artifact. SOCI works by outputting a separate index artifact, the SOCI Index, alongside the built OCI image to an OCI-compatible registry. The SOCI Index contains a table of contents for the compressed layers that allow their contents to be independently retrieved through a ranged request to a registry, enabling container runtimes to access specific files without downloading the entire layer. To facilitate the creation of SOCI Indexes, AWS also released the SOCI Snapshotter.
Relationship between the Container Image Manifest and the SOCI Index Manifest (Source: AWS News blog post)
The SOCI Snapshotter is a containerd snapshotter plugin. Containerd is a runtime that manages the lifecycle of a container, and it utilizes snapshotters to manage container file systems. In contrast to the default snapshotter, OverlayFS, the SOCI snapshotter downloads a SOCI Index and uses it to download specific sections, called spans, from the compressed image layer. To take advantage of this functionality, customers must be using Amazon ECS and AWS Fargate.
How the SOCI snapshotter interacts with containerd (Source: AWS News blog post)
As of the release, Amazon ECS tasks on AWS Fargate using Linux platform version 1.4.0 and on X86_64 architectures will automatically default to using the SOCI Snapshotter if all images within a task have SOCI indexes. In addition, the images must be stored in a registry where SOCI Indexes are supported, which is currently restricted to Amazon ECR private registries. With Amazon ECR, SOCI Indexes can be added simultaneously with the original OCI image artifact, via a CLI, or created asynchronously after the original artifact has been uploaded via the AWS SOCI Index Builder tool.
The AWS SOCI Index Builder is a pre-configured AWS Cloudformation Stack that listens for Amazon ECR push events via EventBridge and asynchronously generates a SOCI Index for the original uploaded image.
Architecture of the AWS SOCI Index Builder (Source: CFN AWS SOCI Index Builder Deployment Guide)
Given that SOCI Indexes are currently only supported by private ECR registries, the benefits of the capability are limited to the AWS ecosystem and only for images greater than 250MB. Alternatives to the SOCI Snapshotter for lazy-loadable OCI images outside AWS are Nydus, OverlayBD and Stargz. The aforementioned plugins are established containerd non-core projects, with Stargz laying the foundations for the SOCI Snapshotter project.
The improvements enabled by SOCI Indexes have been welcomed by the community, with a comment in the r/aws community saying:
For us, it reduced the startup time from 50s to 14s.
However, another comment in the same thread suggested an increased startup time:
... if it tries to use blocks that weren’t there when it starts up, you end up having to wait for those to be downloaded. The app I tried it with started slower. .
Finally, further information on SOCI indexes and their utilization within AWS ECS can be found in the AWS Fargate User Guide.