FAQ: How do I secure my AWS ECS workload with Threat Stack?


Deploy the Threat Stack host-based Agent – not the containerized Agent – to secure an AWS Elastic Container Service (ECS) environment.

The AWS ECS has an orchestration layer that sits between the host and containers. The orchestration layer allows AWS to manage container instances. However, the orchestration layer does not allow access to the host kernel audit information, which prevents the Threat Stack containerized Agent from deploying correctly. As a result, the Threat Stack host-based Agent must be used to monitor activity in AWS ECS.

To ensure you receive container events,

  • Agent 1.x series: go to /opt/threatstack/bin/cloudsight config and set enable_containers=1
  • Agent 2.x series: run the sudo ts agent config -set enable_containers 1 command.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Article is closed for comments.