I would like to run the Lacework agent as a sidecar in my ECS Fargate cluster. I followed the documentation here to add the datacollector sidecar container into my task definition. When the task starts, I can see both my application and the datacollector containers. The datacollector container starts and stops, then my application container starts and runs. Is this expected?
Agent
Linux 6.6X
Platform
Deploy Lacework/Installation
Cloud
AWS
Best answer by sporcello
View original
Yes, this is expected. The Lacework datacollector sidecar container should stop under normal operation in an ECS Fargate sidecar deployment.
When the datacollector sidecar container was added to the task definition, a few settings were configured to allow this behavior. First, the datacollector sidecar is not an “essential” container, meaning it should terminate after it has completed it’s purpose. Secondly, the bootstrap script (/var/lib/lacework-backup/lacework-sidecar.sh) was added either to the ENTRYPOINT or CMD for your application container. This script will pull the Lacework agent binary from the sidecar container to run inside your application container. Once the agent is running inside your container, then sidecar will stop and your application will execute. You can confirm the Lacework agent is running and collecting telemetry by checking on your Lacework Console under the Resources > Agents page.
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.