CloudFormation

Deploy the orchestrator agent and workload agent components on ECS Fargate using a CloudFormation template stack in the AWS console. You can run the template instrumentation service either in the cloud or locally and integrate it into your CI/CD pipeline.

Prerequisites

Review the Installation Requirements before getting started.

Deployment Steps

Sysdig provides two YAML templates for the Serverless Agent 4.0+:

The instrumentation service leverages serverless-patcher, a Sysdig containerized tool that automates the instrumentation CloudFormation templates.

Run the template instrumentation service either in the cloud or locally and integrate it into your CI/CD pipeline.

Deploy the Orchestrator Agent

  1. Log in to the AWS Console, select CloudFormation, and create a stack with new resources.

  2. Specify the orchestrator-agent.yaml as the Template source.

  3. Provide the parameters highlighted in the figure, such as the VPC where your service is running.

  4. Complete the stack creation and wait for the deployment to complete.

  5. When complete, note the orchestrator host and port as output.

Deploy the Instrumentation Stack

  1. Push the latest image of serverless-patcher to a private ECR repo within the same region where the deployment will take place.

  2. Log in to the AWS Console, select CloudFormation, and create a stack with new resources.

  3. Specify the instrumentation.yaml as the Template source.

    • The name of the Macro must be unique in your account.
    • The serverless-patcher image must be hosted in an ECR private repo within the same region in which the deployment takes place.

  4. Provide the stack details to deploy the Instrumentation Service.

  5. Complete the stack creation and wait for the deployment to complete.

  6. When complete, note the Transformation Macro string as an output. The Outputs tab provides the transformation instruction as shown in the figure below.

Instrument the Workload Stack

  1. Copy and paste the Transformation Macro string from the Sysdig Instrumentation stack output to the root level of your workload stack template.
  2. Deploy your instrumented workload template. The Sysdig instrumentation service will go over the workload template to instrument it.

Note that the instrumentation process includes inspecting the images of the containers in the TaskDefinition to patch the entrypoint and command of them. If your workload containers are using images from private registries, you must explicitly provide the original entrypoint and command for each container.

It is possible to deploy the Workload Agent (only) as an embedded container image instead of using CloudFormation.

Next Steps

After the deployment completes, security-related events will be visible in the Sysdig Secure Events feed.

Optionally, you can perform advanced Configuration steps.