AWS Fargate
Deployed as a sidecar container using a task definition
In AWS Fargate, the ThreatMapper agents are deployed as a sidecar container using a task definition.
The ThreatMapper management console is installed separately outside the fargate and the installation procedure is the same as before.
Currently supported base operating systems of containers are Amazon Linux, Ubuntu, Debian, CentOS and RHEL
Please note the agent image "quay.io/deepfenceio/deepfence_agent_ce:2.3.1-fargate" is different from other deployment methods.
Installing on AWS Fargate
-
Set up AWS ECS by following the steps outlined here: Set up to use AWS ECS
-
Refer Prerequisites for the actions performed in this step.
You'll need to perform the following steps:
- Create an AWS ECS task execution IAM role.
- Create a secret to store Deepfence Key.
- Create policies (either managed or inlined policy) allowing access to your stored secrets and attach the created policies to the task IAM role. You also need to attach the AmazonECSTaskExecutionRolePolicy to the IAM role to run AWS ECS tasks.
-
Click on the task definition on the side panel to create a new task definition. Select "AWS Fargate" as launch type
Use the following steps outlined below in "Fargate Task definition And Deployment" instructions to deploy the fargate agent.
You can configure the task definition either through JSON or using the AWS UI.
-
Deploy your application on your cluster.
Create New Task Definition in Fargate
Create Task Definition
Click Create new Task Definition and select "AWS Fargate" as launch type.
New Fargate Task |
Set Task Parameters
Edit the Task Definition Name, Task Role and Task Execution Role etc. as required. For the Task Role and Task Execution Role, you have to use the role created in IAM role creation step earlier. Specify Task memory and Task CPU according to your Requirements.
Update task definition and create agent container |
Add the Deepfence Agent Sidecar Container
Click on the Add Container button to create a standard container for the ThreatMapper agent. Set image as quay.io/deepfenceio/deepfence_agent_ce:2.3.1-fargate
In the environment section, DO NOT mark it as essential.
You need to note down the name of the agent container (deepfence-agent in our example), which you will have to specify in Volumes From section in application container task definition section later.
Finally, click the Add button to create the deepfence agent container:
Create the Sidecar Agent Container inside the Task Definition |