Configuration
Customize the Install
Both the Single Account and Organizational Account code examples are configured with sensible defaults for the underlying inputs. But if desired, you can edit the region, module enablement, and other Inputs. See details for:
Tune Threat Detection
Note: the default ECS setup is meant to manage a low-to-medium load of AWS CloudTrail events. For use cases where the event load is high, consider scaling up the footprint according to the usage metrics.
To scale the Sysdig cloud component properly, look at the usage metrics such as CPU and RAM memory in the SQS service:
This example shows that the CPU does not have too much work to do, while memory is mostly under 25%, so no need to scale it, but if needed, you would update the Task Definition in ECS:
This is the current task under execution. Check the current task size:
This case is using half a GB of RAM and a quarter of CPU, but you can configure it and create a new revision that will be deployed by the service if we want to scale it vertically.
For horizontal scaling, update the number of replicas of the ECS Service:
Or update the service to increase the Number of Tasks:
All this scaling can be checked with both cloud connector component metrics and the SQS ingestion metrics. Those values (CPU, RAM and Replicas) can be tweaked until the CPU and RAM usage and the Message Age and Messages Delay are at acceptable levels.
Troubleshooting
Find more troubleshooting options on the Terraform - AWS module source repository
1. Resolve 409 Conflict Error
This error may occur if the specified cloud account has already been onboarded to Sysdig.
Solution:
The cloud account can be imported into Terraform by running:
terraform import module.cloud_bench.sysdig_secure_cloud_account.cloud_account CLOUD_ACCOUNT_ID
2. Resolve Permissions Error/Access Denied
This error may occur if your current AWS authentication session does not have the required permissions to create certain resources.
Solution:
Ensure you are authenticated to AWS using a user or role with the required permissions.
3. Tune Threat Detection
Note: the default ECS setup is meant to manage a low-to-medium load of AWS CloudTrail events. For use cases where the event load is high, consider scaling up the footprint according to the usage metrics.
To scale the Sysdig cloud component properly, look at the usage metrics such as CPU and RAM memory in the SQS service:
This example shows that the CPU does not have too much work to do, while memory is mostly under 25%, so no need to scale it, but if needed, you would update the Task Definition in ECS:
This is the current task under execution. Check the current task size:
This case is using half a GB of RAM and a quarter of CPU, but you can configure it and create a new revision that will be deployed by the service if we want to scale it vertically.
For horizontal scaling, update the number of replicas of the ECS Service:
Or update the service to increase the Number of Tasks:
All this scaling can be checked with both cloud connector component metrics and the SQS ingestion metrics. Those values (CPU, RAM and Replicas) can be tweaked until the CPU and RAM usage and the Message Age and Messages Delay are at acceptable levels.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.