| Date | Author | Comment |
|---|---|---|
| January 2022 | Allie Fick |
|
| September 2021 | Diana Esteves |
|
| August 2021 | Diana Esteves | Initial public release for this guide. Thank you to all the amazing Lacers who provided valuable feedback! |
Two options are available to install the Lacework agent in AWS Fargate. We highly recommend the baking solution because it pre-installs and configures the agent directly in the Docker image.
- The base image in your Dockerfile must be based on one of the Linux distros found here.
- As the Lacework agent user gathers network packet data, it needs to be run with
sudoprivileges. The Lacework agent must be run asroot. - The user must have valid access token(s) for the Lacework agent. These can be obtained via the Lacework CLI (see Installing the CLI & Creating a Token bash script for a simple example) or, alternatively, navigate to
https://YOUR-ORG.lacework.net/ui/investigation/settings. - The AWS Identity and Access Management (IAM) user used needs permissions listed in AmazonECSTaskExecutionRolePolicy.
- The Lacework agent needs to reach Lacework’s API endpoint. The default endpoint is https://api.lacework.net. See other endpoints here.
- If leveraging the sidecar alternative, review additional requirements.
- Install the agent directly into your existing application Dockerfile(s):
- Use multistage builds.
- When building the Docker image, place the Lacework agent token in the container definition as an environment variable to securely pass it in.
- Allocate 512 MB vCPU and 1 GB RAM for the Lacework agent.
- Use one Lacework agent token per container (
TaskDefinitionService).
Two primary options to install the Lacework Agent in AWS Fargate are available. The recommended method is to bake the Lacework agent directly in the Docker image. We encourage using multistage builds; however, a version without multistage builds is also documented below:
Navigate to the corresponding configuration below to view the installation steps.
- Recommended: Bake the Lacework Agent in the Docker Image Using Multistage Builds
- Bake the Lacework Agent into Existing Dockerfile Sans Multistage Build
- Use a Sidecar
To provide feedback on this guide, submit a pull request or email diana@lacework.com.