AWS Finch: Why the cloud giant created a new open source macOS client for container development

At the recent AWS re:Invent in Las Vegas, Principal Engineer Phil Estes and Principal Technologist Jesse Butler gave a revealing presentation on Finch, a new command-line tool for building and running containers aimed at developers.

Finch: a new open source macOS client for building and running container images

“We introduced Finch as a new open source client for container development,” said Estes at the session. “One of the main things we wanted to do was provide a macOS native client that integrates directly with other components. ” The other components include nerdctl, which is a Docker-compatible CLI (command line interface) for containerd; BuildKit, a tool for packaging software into container images; and Lima, a QEMU-based VM manager for macOS, with a focus on enabling containerd.

Estes noted at re:Invent that there are a several existing developer solutions for building and running containers, including Docker Desktop, Red Hat’s Podman, now including Podman Desktop, and Rancher Desktop.

Why then do Finch? “Customers asked us for a simple open source solution for container tooling,” Estes told re:Invent attendees. It is also intended as a base for further customization. A key feature is that it uses containerd, which is the standard for running containers in production. Este said that AWS actively contributes to the containerd and Lima projects.

This still does not fully explain why AWS felt the need to introduce Finch. This was discussed in the Finch channel on Slack, where Estes said the team wanted to focus on a command-line client, in contrast to the various GUI tools available, because this fits best with what he called the “developer’s inner loop on a Mac: build, run, push/pull of Linux containers.” He said Finch benefits from a signed installer that will work well for enterprises using device management tools. Another benefit is that it bundles all its dependencies, making it easier to get started as well as being reassuring in an enterprise context, versus downloading components from various sources that might not always be signed.

Docker remains the tool that most think of in the context of container development, but a factor here may be that the Docker company is working hard to push users towards Docker Desktop alongside its command line tools.

The Docker download pages, other than for Desktop, contain warnings such as: “We do not recommend installing Docker using binaries in production environments as they will not be updated automatically with security updates … on Windows and Mac, we recommend that you install Docker Desktop instead.”

Docker Desktop is not a free product, but requires a subscription for businesses with more than 250 employees, adding friction and administration for users in enterprise environments.

Why though is Finch Mac-only? “Windows is something that we have on the roadmap,” said Butler. “We realise that Windows is wildly popular as well, for developer environments … most of our teams use macOS.”

Early reception seems positive, though lack of compatibility with the Docker API (as opposed to the command line) is an issue for some, along with its lack of Windows support. The question now is whether AWS can get enough community momentum behind the project to make it a success.