Deploying Fargate Scanning in your AWS account
This guide explains how to deploy Fargate Scanning features for Sysdig Secure in your AWS account.
This have been packaged using a CloudFormation template, so that deploying this functionality will take only four clicks.
Getting the CloudFormation template
You can deploy it using the following link
Please, make sure you deploy it in the same availability zone where your ECS container are spawned. You cannot receive events from ECS clusters who lives in other availability zones.
Configuring the scanning type
There are three parameters to configure:
- ScanningType: Inline scanning will scan the image in the AWS infrastructure. Backend will do on Sysdig’s infrastructure.
- SysdigSecureAPIToken: You need introduce your Secure API Token.
- SysdigSecureEndpoint: If you are using an on-prem deployment, adjust this url to point the address where Secure is deployed.
Adding additional tags and permissions
In this step, you may add some extra tags or permissions if you need to.
In last step you can review all parameters you introduced previously and as long as we create dedicated IAM roles to perform the scanning while honoring the least privilege principle you will need to acknowledge the checkbox.
Then click on next and check the stack is successfully deployed.