
AWS has made Finch on Linux – a project to simplify container development on multiple platforms – generally available, though we found the installation process more arduous than expected.
Finch was first created for macOS, and introduced at the re:Invent conference in late 2022. There are plenty of existing solutions for building and managing containers, but Finch was designed, according to Principal Engineer Phil Estes, as a “simple open source solution for container tooling.” It uses containerd as the daemon as used in most production environments, and is driven using a command-line client, which is ideal for scripting. Another factor is that enterprises may be reassured by getting binaries from AWS as a trusted source – bearing in mind the risks of the open source software supply chain.
Since 2022 Finch has been released for Windows, based on WSL (Windows Subsystem for Linux) 2, and now also for Linux. The Linux release is important as this is a popular operating system for development as well as the likely target for deployment. It is also arguably the best implementation of Finch since, as the introductory post explains, “on Linux, Finch can directly utilize fundamental Kernel capabilities such as namespaces and cgroups to interact with low level components such as nerdctl and containerd without having to use an intermediary virtualization layer.”

Finch uses the open source nerdctl for the command-line interface to containerd, and on platforms other than Linux, a component called Lima to launch containers.
We have always found Finch easy to install on macOS, but this first effort for Linux seems to lack polish. One glaring issue is that installation is only easy on Amazon Linux – the docs have some somewhat intricate steps for other versions of Linux.
Fortunately we have an Amazon Linux 2023 instance to hand so went ahead with the easy option:
sudo dnf install runfinch-finch
which is meant to be “as easy as installing any other Amazon Linux package.”

We then headed over to verify our Finch install as suggested.
Unfortunately, nothing worked. We got an error message stating that containerd-rootless was not running, as well as permission issues unless running with sudo. Despite being on the latest version of Amazon Linux 2023, this set us off on a trail including manual installation of rootlesskit and slirp4netns. We also had to enable and start the Finch services – which we notice is mentioned in the AWS news post but not in the Finch docs themselves. In due course we succeeded in getting the Hello from Finch example container up and running.

Finch looks promising, though it seems that AWS cares mainly about its own versions of Linux. That makes sense on one level, but will not help wider adoption and community input.