It seems strange to use a highly managed deployment environment like Fargate, but then build another deployment tool on top of it to do things in a simpler way.
It feels like EC2 is being reconstructed on a platform meant to hide it.
Or (dare I say) look into EKS. Kubernetes can spin up containers faster than ECS in my experience (as of ~1 year ago). Seems like the ECS control plane just has more latency (even with EC2 instead of Fargate)
Is EKS safe for multi-tenant use? When we looked it appeared unsafe if we want to run our users code next to each other because of possible isolation issues.
I guess that depends on your use case and risk profile. Linux containers are a pretty well established isolation mechanism and you can potentially add some additional safety with per-tenant dedicated nodepools.
If pods have added privileges or there is a really low risk tolerance, maybe that's not enough isolation.
Sounds like you can change the container runtime with EKS (not sure if that impacts AWS support) so you could use gVisor or runvm
It feels like EC2 is being reconstructed on a platform meant to hide it.