Sysdig on AWS Outpost

This repository contains instructions and tests for compatibility of Sysdig Monitor and Sysdig Secure on AWS Outpost infraestructure.

About Sysdig

The Sysdig Secure DevOps Platform converges security and compliance with performance and capacity monitoring to create a secure DevOps workflow.

Find more information at Sysdig official website.

About AWS Outpost

AWS Outposts is a fully managed service that extends AWS infrastructure, AWS services, APIs, and tools to virtually any datacenter, co-location space, or on-premises facility for a truly consistent hybrid experience. AWS Outposts offers you the same AWS hardware infrastructure, services, APIs, and tools to build and run your applications on premises and in the cloud for a truly consistent hybrid experience. AWS compute, storage, database, and other services run locally on Outposts, and you can access the full range of AWS services available in the Region to build, manage, and scale your on-premises applications using familiar AWS services and tools.

Find more information at AWS Outpost official website.

Use cases

Essential use cases

• Image scanning
• Runtime security
• Compliance
• Kubernetes and container monitoring
• Application and cloud service monitoring

Advanced use cases

• Advanced troubleshooting
• Machine learning-based anomaly detection
• Threat prevention
• Incident response and forensics
• Extended compliance controls

Compatibility summary

In summary, AWS Outpost performs exactly as AWS Cloud when you deploy Sysdig.

Prerequisites

• Elastic Kubernetes Service (EKS.5 / Kubernetes 1.14)
• Elastic Cloud Compute (EC2)
• Elastic Container Service (ECS)

See more details about prerequisites at the official documentation.

Installation

Follow these steps for installing the Sysdig Agent using the “Vanilla Kubernetes” variant, and setting up Kubernetes audit log with CloudWatch:

• Sysdig installation on vanilla Kubernetes.
• Kubernetes audit log on EKS with CloudWatch.

Support

Visit Technical Support section on Sysdig website for assistance using Sysdig on AWS Outpost.

Architecture

Diagram for an EKS installation of Sysdig using SaaS platform:

Key features:

• A daemonset installs Sysdig Agent on each node of the cluster
• Kubernetes audit log events are ingested from CloudWatch
• One of the Sysdig Agents relies information to the Sysdig platform (showed as SaaS in this diagram)

High Availability

For Agent: By installing as a daemonset, Kubernetes ensures that all nodes run a copy of the Sysdig agent. If a node fails, workloads will be started by Kubernetes on alternate node(s), along w/ the Sysdig agent. Similarly, as nodes are added to the cluster, the Sysdig agent will be automatically added to them. In this way, Kubernetes manages the availability and resiliency of the Sysdig agent along w/ the container workloads.

• Daemonset installation link

For SaaS backend: The Sysdig SaaS platform provides built-in high-availability, leveraging a distributed systems approach for redundancy of the backend components and taking advantage of cloud availability zones to ensure reliable platform access without requiring users to build or manage their own HA solution.

Note: The Sysdig + Outposts validation does not include installation of a customer self-hosted backend. It is agent only (see diagram above).

Additional resources:

• https://sysdig.com/trust-center/
• https://dig.sysdig.com/c/pf-saas-guide-pdf?x=u_WFRi

Documentation

Read the official Sysdig documentation for general information about Sysdig installation and usage. You can also visit this Sysdig blog post about Amazon EKS monitoring and security with Sysdig.

---