Deploying Fargate Scanning in your AWS account

This guide explains how to deploy Fargate Scanning features for Sysdig Secure in your AWS account.

This have been packaged using a CloudFormation template, so that deploying this functionality will take only four clicks.

Getting the CloudFormation template

You can deploy it using the following link

Please, make sure you deploy it in the same availability zone where your ECS container are spawned. You cannot receive events from ECS clusters who lives in other availability zones.

CloudFormation template to deploy Fargate Scanning

Configuring the scanning type

Configuring the scanning

There are three parameters to configure:

ScanningType: Inline scanning will scan the image in the AWS infrastructure. Backend will do on Sysdig’s infrastructure.
SysdigSecureAPIToken: You need introduce your Secure API Token.

Getting Secure API Token

SysdigSecureEndpoint: If you are using an on-prem deployment, adjust this url to point the address where Secure is deployed.

Adding additional tags and permissions

In this step, you may add some extra tags or permissions if you need to.

Review

Review and check the IAM disclamer

In last step you can review all parameters you introduced previously and as long as we create dedicated IAM roles to perform the scanning while honoring the least privilege principle you will need to acknowledge the checkbox.

Then click on next and check the stack is successfully deployed.