running containers in the eu without cloud act headaches
i’ve been running a few APIs and an Ory Kratos instance for identity management. Nothing fancy, just some services that handle user data and need to be reasonably close to my users. The problem is that most of the cheap container platforms are US-based, which creates a legal mess i’d rather avoid.
The US CLOUD Act from 2018 allows American authorities to compel US-based companies to hand over data, regardless of where that data is physically stored. Running your containers in Frankfurt doesn’t help if the company behind the platform is American. This directly conflicts with GDPR, specifically Article 48, which states that foreign court orders aren’t sufficient basis for data transfers unless backed by an international agreement.
This puts you in a difficult position. Comply with a US warrant and violate GDPR, or refuse the warrant and face US legal consequences. These warrants often come with gag orders too, so the provider can’t even tell you your data was accessed.
For personal projects this might be acceptable risk. For anything touching real user data, especially in the EU, it’s not.
bunny.net is a Slovenian company, EU-based and EU-owned. They launched Magic Containers as an edge compute platform built on Docker. The relevant features for me:
- all platform data stored in Germany - logs, analytics, billing, everything stays in the EU
- region pinning - you can restrict deployments to EU-only regions with a few clicks
- standard Docker images - no proprietary runtime, no lock-in
- anycast IP for $2/month - routes traffic to the closest region automatically
The region controls are straightforward. You either let their AI provisioner pick optimal regions from your allowed list, or you pin to specific data centers. For my use case i just disabled all non-EU regions and called it a day.
My setup is simple. A few REST APIs in Python/FastAPI, Ory Kratos for authentication connected to a remote Postgres database, and some internal tooling. Kratos works well in this setup since the heavy lifting (database) is external. The container just needs to stay up and handle requests. Magic Containers keeps instances running with no cold starts, which is important for auth services.
Pricing
bunny.net bills based on actual usage, not reserved capacity. You can allocate up to 32GB RAM to a container, but if it only uses 100MB you only pay for that (billed in 64MB increments). Same for CPU - you pay per second of actual CPU time consumed.
| Resource | bunny.net | Cloudflare |
|---|---|---|
| CPU | $0.02 / CPU-hour | $0.072 / vCPU-hour |
| Memory | $0.005 / GB-hour | $0.009 / GiB-hour |
| Egress (EU) | $0.01 / GB | $0.025 / GB |
Cloudflare Containers offers true scale-to-zero - your container sleeps when idle and you pay nothing. bunny.net containers stay running but you still only pay for actual resource consumption. Cloudflare has lower limits (max 12GB RAM, 4 vCPU) compared to bunny.net (32GB RAM, 8 vCPU). For services that need to stay warm anyway, bunny.net ends up cheaper and more flexible.
The more relevant difference for me is that Cloudflare is a US company subject to the CLOUD Act. bunny.net isn’t.
Deployment
Deployment is straightforward. Connect your container registry (Docker Hub or GitHub Container Registry), select your image, configure your container specs, pick your regions, done. They have a web UI and a GitHub Action for CI/CD.
A few things i noticed:
- logs work - real-time stdout/stderr logging through the dashboard
- networking is solid - TCP/UDP support, anycast works well
- no frills - it’s not as feature-rich as some platforms, but it does what it needs to
- the terraform provider exists but has some open issues - worth checking github before relying on it for infrastructure as code
For my Kratos setup, i just pointed the container at my external database and configured the environment variables through their UI. Took maybe 15 minutes to get running.
While the platform is more limited than Fly.io or Railway (no CLI, just web UI and GitHub Actions), the EU jurisdiction and competitive pricing make it a good fit for my use case. They also recently launched Bunny Database for globally distributed databases if you need that. For anything handling EU user data where you want to avoid CLOUD Act ambiguity, it works well.
This post was converted from my notes using an LLM and might contain errors.