The recommended approach is to use AWS Secrets Manager to inject an environment variable through Task Detection. This includes building the container with the access token within the image or injecting the access token, either statically or as a secret, as an environment variable in the Task Definition setup. There are multiple methods to work with access tokens for Fargate containers. This can make deployments easier to manage. In an environment with mixed Fargate and non-Fargate Lacework deployments, Lacework recommends using separate access tokens for each of these deployments. As of 2021, the root certificate used by Lacework is Go Daddy Root Certificate Authority - G2. Your application container must have the ca-certificates package (or equivalent global root certificate store) in order to reach Lacework APIs.The ability to run the Lacework agent as root.A supported OS distribution, see public documentation for supported distributions.AWS Fargate platform versions 1.3 or 1.4.By mounting the volume, the agent can run in the application container namespace. In both deployment methods, the Lacework agent runs inside the application container.įor embedded-agent deployments, we recommend a multi-stage image build, which starts the Lacework agent in the context of the container as a daemon.įor sidecar-based deployments, the Lacework agent sidecar container exports a storage volume that is mapped by the application container. The first method is a container image embedded-agent approach, and the second is a sidecar-based approach that utilizes a volume map. Lacework offers two methods for deployment into AWS ECS Fargate.
Anomaly detection uses machine learning to determine, for example, if a machine sends data to an unknown IP, or if a user logs in from an IP that has not been seen before. From this, Lacework can provide detailed in-context alerts for anomalous behavior by comparing each hour to the previous one.
AWS FARGATE STARTUP TIME INSTALL
Lacework’s workload security provides visibility into all processes and applications within an organization’s cloud environments such as workload/runtime analysis and automated anomaly and threat detection.Īfter you install the Lacework agent, Lacework scans hosts and streams select metadata to the Lacework data warehouse to build a baseline of normal behavior, which is updated hourly.