Skip to main content

Security containers deployment on AWS ECS

To deploy a Security Container instances on AWS ECS follow the steps in this article:

Note

Before starting, you need to have an ECS cluster configured with EC2 Linux.

  1. Log in to Amazon ECS and go to the Task Definitions page.

  2. Select Create New Task Definition.

    gz_cl_op_pt_installation_bscawsecs_task_def.png
  3. In the Select launch type compatibility step, select EC2 and click Next Step.

    gz_cl_op_pt_installation_launch_type_compatibility.png
  4. In Configure tasks and container definitions step, take the following actions:

    1. Add a descriptive name under Task definition name (for example, bitdefender-security-tools/bitdefender-security-container).

    2. Under Task role, select ecsTaskExecutionRole.

    3. Under Network mode, select Host.

      gz_cl_op_pt_installation_conf_tasks_and_def.png

      Scroll down to continue.

    4. Configure the Task Execution IAM Role section:

      • Under Task execution role, select ecsTaskExecutionRole.

      Scroll down to continue.

    5. Configure the Task size section:

      1. Under Task memory (MIB), select 2048 (if lower, the antimalware module might crash).

      2. Under Task CPU, select 1024.

        gz_cl_op_pt_installation_task_execution_and_size.png

      Scroll down to continue.

  5. Under container definitions, select Add container.

    container_definitions_252685_en.png
  6. Add a BSC container:

    1. Under Container name, add a descriptive name for the container.

    2. Under image, add the latest version from https://hub.docker.com/r/bdfbusiness/bitdefender-security-container/tags.

    3. Under Memory Limits, select Hard Limit and 2048.

      gz_cl_op_pt_installation_bscawsecs_add_container.png
    4. Add the BSC environment variables needed to start BSC.

      gz_cl_op_pt_installation_bscawsecs_env_var.png

      Note

      The value given to BSC_GID needs to different than the IDs given to any other already existing groups.

    5. Select Add.

      The container has now been added and configured:

      container_definitions_added_container_252685_en.png

    Scroll down to continue.

  7. Under the Volumes Section, click Add volume.

    container_deployment_AWS_ECS_add_volume_252685_en.png

    The following screen will be displayed:

    container_deployment_AWS_ECS_add_volume_window_252685_en.png

    Fill in the required information and select Add. You need to repeat the step for each of the following volumes:

    • data, with Source path /mnt/data.

    • sys, with Source path = /sys

    • proc, with Source path = /proc

    • os-release, with Source path = /etc/os-release

    • root, with Source path = /

    gz_cl_op_pt_installation_bscawsecs_volumes.png
  8. Scroll back up to the Container definition section and double click the previously selected container.

    Scroll down to continue.

  9. Under the Storage and Logging section click Add mount point.

    container_deployment_AWS_ECS_add_mont_point_252685_en.png
  10. Add these Mount points:

    • data - data

    • sys - /mnt/host-sys

    • proc - /mnt/host-proc

    • os-release - /mnt/host-os-release

    • root - /mnt/host

    edit_container_252685_en.png

    Scroll down to continue.

  11. Under the Security section, select the Privileged checkbox, in order to give the container elevated privileges.

    container_deployment_AWS_ECS_checkbox_priviledged_252685_en.png

    Scroll down to continue.

  12. Click Update

    Scroll down to continue.

  13. Click Configure via json.

    container_deployment_AWS_ECS_configure_json__252685_en.png

    A new window will open containin the configuration json code.

  14. Set pidMode value to host and save the modification.

    container_deployment_AWS_ECS_configure_json_code_252685_en.png

    Scroll down to the bottom of the page.

  15. Select Create.

    create_button_edit_container_252685_en.png
  16. Run the previously created task on the ECS cluster:

    1. Go to the Clusters page.

    2. Select the cluster and click Run new Task.

      gz_cl_op_pt_installation_bscawsecs_run_task.png
    3. Select EC2 launch type and select the task definition that you want to use and start the task.

      gz_cl_op_pt_installation_bscawsecs_run_task2.png

The BSC container will be deployed on the cluster.