ECS on EC2

This section helps you install Sysdig agent as a container on each host within your Amazon Elastic Container Service (ECS) cluster. After the installation, the agent will automatically monitor all the hosts, services, and tasks on the ECS cluster.

Prerequisites

Review the Installation Requirements.

Installation

To install the Sysdig agent on ECS:

  1. Create an ECS task definition for the Sysdig agent.

  2. Use the values listed in Prerequisites to customize the example task definition given below. Save the file with the name sysdig-agent-ecs.json.

  3. Register the task definition in your AWS account:

    aws ecs register-task-definition \
        --cli-input-json file://sysdig-agent-ecs.json
    
  4. Using the ECS task definition you have created, create a service in the cluster that you want to monitor with Sysdig.

    You can use the example task definition given below.

    Run the agent as an ECS Service.

    aws ecs create-service \
        --cluster $CLUSTER_NAME \
        --service-name sysdig-agent-svc \
        --launch-type EC2 \
        --task-definition sysdig-agent-ecs \
        --scheduling-strategy DAEMON
    

    Use this service to run the Sysdig agent on each nodes of your ECS cluster.

    If you are using ECS Anywhere, change the launch type to EXTERNAL when the service is created.

    With the successful agent installation, Sysdig will begin auto-discovering your containers and other resources of your ECS environment.

Example Task Definition

Save this JSON snippet as sysdig-agent-ecs.json. You can customize and use it as the task definition for installing the agent.

Note that both memory and CPU have been set to 1024, but depending on the size of your cluster, you might want to tune the values.

{
  "family": "sysdig-agent-ecs",
  "containerDefinitions": [
    {
      "name": "sysdig-agent",
      "image": "quay.io/sysdig/agent-slim",
      "cpu": 1024,
      "memory": 1024,
      "privileged": true,
      "environment": [
        {
          "name": "ACCESS_KEY",
          "value": "$ACCESS_KEY"
        },
        {
          "name": "COLLECTOR",
          "value": "$COLLECTOR"
        },
        {
          "name": "TAGS",
          "value": "$TAG1,TAG2"
        }
      ],
      "mountPoints": [
        {
          "readOnly": true,
          "containerPath": "/host/boot",
          "sourceVolume": "boot"
        },
        {
          "containerPath": "/host/dev",
          "sourceVolume": "dev"
        },
        {
          "readOnly": true,
          "containerPath": "/host/lib/modules",
          "sourceVolume": "modules"
        },
        {
          "readOnly": true,
          "containerPath": "/host/proc",
          "sourceVolume": "proc"
        },
        {
          "containerPath": "/host/var/run/docker.sock",
          "sourceVolume": "sock"
        },
        {
          "readOnly": true,
          "containerPath": "/host/usr",
          "sourceVolume": "usr"
        }
      ],
      "dependsOn": [
        {
          "containerName": "sysdig-agent-kmodule",
          "condition": "SUCCESS"
        }
      ]
    },
    {
      "name": "sysdig-agent-kmodule",
      "image": "quay.io/sysdig/agent-kmodule",
      "memory": 512,
      "privileged": true,
      "essential": false,
      "mountPoints": [
        {
          "readOnly": true,
          "containerPath": "/host/boot",
          "sourceVolume": "boot"
        },
        {
          "containerPath": "/host/dev",
          "sourceVolume": "dev"
        },
        {
          "readOnly": true,
          "containerPath": "/host/lib/modules",
          "sourceVolume": "modules"
        },
        {
          "readOnly": true,
          "containerPath": "/host/proc",
          "sourceVolume": "proc"
        },
        {
          "containerPath": "/host/var/run/docker.sock",
          "sourceVolume": "sock"
        },
        {
          "readOnly": true,
          "containerPath": "/host/usr",
          "sourceVolume": "usr"
        }
      ]
    }
  ],
  "pidMode": "host",
  "networkMode": "host",
  "volumes": [
    {
      "name": "sock",
      "host": {
        "sourcePath": "/var/run/docker.sock"
      }
    },
    {
      "name": "dev",
      "host": {
        "sourcePath": "/dev/"
      }
    },
    {
      "name": "proc",
      "host": {
        "sourcePath": "/proc/"
      }
    },
    {
      "name": "boot",
      "host": {
        "sourcePath": "/boot/"
      }
    },
    {
      "name": "modules",
      "host": {
        "sourcePath": "/lib/modules/"
      }
    },
    {
      "name": "usr",
      "host": {
        "sourcePath": "/usr/"
      }
    }
  ],
  "requiresCompatibilities": [
    "EC2"
  ]
}