This the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Agent Install: Amazon ECS

    Amazon Elastic Container Service (ECS) is a fully managed container orchestration service that helps to easily deploy, manage, and scale containerized applications.

    This section describes how to install the Sysdig agent container on each underlying host in your ECS cluster. Once installed, the agent will automatically begin monitoring all of your hosts, service and tasks.

    These instructions are valid only for ECS clusters using EC2 instances. For information on ECS Fargate clusters, see AWS Fargate Serverless Agents.

    Installation

    To install Sysdig agent on ECS, do the following:

    • Create an ECS task definition for the Sysdig agent.

    • Register the task definition in your AWS account.

    • Create a service with the previous task definition to run the Sysdig agent in each of the nodes of your ECS cluster.

    Create an ECS Task Definition

    1. Collect the following configuration parameters:
    • ACCESS_KEY: The agent access key. You can retrieve this from Settings > Agent Installation in either Sysdig Monitor or Sysdig Secure.
    • COLLECTOR: Use the collector address for your region. For more information, see SaaS Regions and IP Ranges.
    • TAGS: The list of tags for the host where the agent is installed. For example: role:webserver, location:europe, role:webserver
    1. Use the above values to customize the JSON snippet below and save it as a file named sysdig-agent-ecs.json.

    Note that memory and cpu have both been set to 1024, depending on the size of your cluster you might want to tune those values.

    {
      "family": "sysdig-agent-ecs",
      "containerDefinitions": [
        {
          "name": "sysdig-agent",
          "image": "quay.io/sysdig/agent-slim",
          "cpu": 1024,
          "memory": 1024,
          "privileged": true,
          "environment": [
            {
              "name": "ACCESS_KEY",
              "value": "$ACCESS_KEY"
            },
            {
              "name": "COLLECTOR",
              "value": "$COLLECTOR"
            },
            {
              "name": "TAGS",
              "value": "$TAG1,TAG2"
            }
          ],
          "mountPoints": [
            {
              "readOnly": true,
              "containerPath": "/host/boot",
              "sourceVolume": "boot"
            },
            {
              "containerPath": "/host/dev",
              "sourceVolume": "dev"
            },
            {
              "readOnly": true,
              "containerPath": "/host/lib/modules",
              "sourceVolume": "modules"
            },
            {
              "readOnly": true,
              "containerPath": "/host/proc",
              "sourceVolume": "proc"
            },
            {
              "containerPath": "/host/var/run/docker.sock",
              "sourceVolume": "sock"
            },
            {
              "readOnly": true,
              "containerPath": "/host/usr",
              "sourceVolume": "usr"
            }
          ],
          "dependsOn": [
            {
              "containerName": "sysdig-agent-kmodule",
              "condition": "SUCCESS"
            }
          ]
        },
        {
          "name": "sysdig-agent-kmodule",
          "image": "quay.io/sysdig/agent-kmodule",
          "memory": 512,
          "privileged": true,
          "essential": false,
          "mountPoints": [
            {
              "readOnly": true,
              "containerPath": "/host/boot",
              "sourceVolume": "boot"
            },
            {
              "containerPath": "/host/dev",
              "sourceVolume": "dev"
            },
            {
              "readOnly": true,
              "containerPath": "/host/lib/modules",
              "sourceVolume": "modules"
            },
            {
              "readOnly": true,
              "containerPath": "/host/proc",
              "sourceVolume": "proc"
            },
            {
              "containerPath": "/host/var/run/docker.sock",
              "sourceVolume": "sock"
            },
            {
              "readOnly": true,
              "containerPath": "/host/usr",
              "sourceVolume": "usr"
            }
          ]
        }
      ],
      "pidMode": "host",
      "networkMode": "host",
      "volumes": [
        {
          "name": "sock",
          "host": {
            "sourcePath": "/var/run/docker.sock"
          }
        },
        {
          "name": "dev",
          "host": {
            "sourcePath": "/dev/"
          }
        },
        {
          "name": "proc",
          "host": {
            "sourcePath": "/proc/"
          }
        },
        {
          "name": "boot",
          "host": {
            "sourcePath": "/boot/"
          }
        },
        {
          "name": "modules",
          "host": {
            "sourcePath": "/lib/modules/"
          }
        },
        {
          "name": "usr",
          "host": {
            "sourcePath": "/usr/"
          }
        }
      ],
      "requiresCompatibilities": [
        "EC2"
      ]
    }
    

    Register a Task Definition

    Once your task definition is ready, ensure that you register it in your AWS account:

    aws ecs register-task-definition \
        --cli-input-json file://sysdig-agent-ecs.json
    

    Run the Agent as an ECS Service

    Using the ECS task definition you have created, create a service in the cluster that you want to monitor with Sysdig.

    aws ecs create-service \
        --cluster $CLUSTER_NAME \
        --service-name sysdig-agent-svc \
        --launch-type EC2 \
        --task-definition sysdig-agent-ecs \
        --scheduling-strategy DAEMON
    

    With the agent installed, Sysdig will begin auto-discovering your containers and other resources of your ECS environment.

    Using ECS Anywhere

    If you’re using ECS Anywhere, change the launch type to EXTERNAL when the service is created.

    aws ecs create-service \
        --cluster $CLUSTER_NAME \
        --service-name sysdig-agent-svc \
        --launch-type EXTERNAL \
        --task-definition sysdig-agent-ecs \
        --scheduling-strategy DAEMON
    

    Enable Log Driver

    You can send the logs from the containers running the ECS tasks to the log groups in CloudWatch Logs. You can send agent container log files to AWS by enabling the log driver, awslogs. To do so:

    1. Add the following section to each of the container definitions you’ve created above:

                  "logConfiguration": {
                      "logDriver": "awslogs",
                      "options": {
                          "awslogs-group": "$YOUR_LOG_GROUP",
                          "awslogs-region": "$AWS_REGION",
                          "awslogs-stream-prefix": "sysdig"
                      }
      
    2. Update your task definition and the service to enable the logs.