Security containers deployment on AWS ECS
To deploy a Security Container instances on AWS ECS follow the steps in this article:
Note
Before starting, you need to have an ECS cluster configured with EC2 Linux.
Log in to Amazon ECS and go to the Task Definitions page.
Select Create New Task Definition.
In the Select launch type compatibility step, select EC2 and click Next Step.
In Configure tasks and container definitions step, take the following actions:
Add a descriptive name under Task definition name (for example,
bitdefender-security-tools/bitdefender-security-container
).Under Task role, select
ecsTaskExecutionRole
.Under Network mode, select Host.
Scroll down to continue.
Configure the Task Execution IAM Role section:
Under Task execution role, select
ecsTaskExecutionRole
.
Scroll down to continue.
Configure the Task size section:
Under Task memory (MIB), select
2048
(if lower, the antimalware module might crash).Under Task CPU, select
1024
.
Scroll down to continue.
Under container definitions, select Add container.
Add a BSC container:
Under Container name, add a descriptive name for the container.
Under image, add the latest version from
https://hub.docker.com/r/bdfbusiness/bitdefender-security-container/tags
.Under Memory Limits, select Hard Limit and
2048
.Add the BSC environment variables needed to start BSC.
Note
The value given to BSC_GID needs to different than the IDs given to any other already existing groups.
Select Add.
The container has now been added and configured:
Scroll down to continue.
Under the Volumes Section, click Add volume.
The following screen will be displayed:
Fill in the required information and select Add. You need to repeat the step for each of the following volumes:
data, with Source path
/mnt/data
.sys, with Source path =
/sys
proc, with Source path =
/proc
os-release, with Source path =
/etc/os-release
root, with Source path =
/
Scroll back up to the Container definition section and double click the previously selected container.
Scroll down to continue.
Under the Storage and Logging section click Add mount point.
Add these Mount points:
data -
data
sys -
/mnt/host-sys
proc -
/mnt/host-proc
os-release -
/mnt/host-os-release
root -
/mnt/host
Scroll down to continue.
Under the Security section, select the Privileged checkbox, in order to give the container elevated privileges.
Scroll down to continue.
Click Update
Scroll down to continue.
Click Configure via json.
A new window will open containin the configuration
json
code.Set
pidMode
value tohost
and save the modification.Scroll down to the bottom of the page.
Select Create.
Run the previously created task on the ECS cluster:
Go to the Clusters page.
Select the cluster and click Run new Task.
Select EC2 launch type and select the task definition that you want to use and start the task.
The BSC container will be deployed on the cluster.