Configure Fargate Task Definition with JSON Templates

On this page are example JSON task definition templates for configuring the Fargate Agent using the Configure Via JSON text box.

Note

When creating new tasks and services, the default option on the dropdown menu is LATEST. If you are using Fargate 1.3.0 or earlier, ensure that you select the correct version from the dropdown menu.

Templates

See the Use Templates in Your Containers section below for instructions on how to modify these templates for your container.

Fargate 1.4.0 or later
{
"requiresCompatibilities": ["FARGATE"],
"containerDefinitions": [{
"name": "sidecar-agent",
"image": "threatstack/ts-hostless:latest",
"memoryReservation": 1024,
"cpu": 256,
"essential": true,
"entryPoint": [
"/bin/agent"
],
"command": [
"--hostname=example-task-name",
"--ruleset_names=\"Fargate Rule Set\""
],

"secrets": [{
"valueFrom": "arn:aws:ssm:us-east-1:xxxxxxxx:parameter/xxxxxxxx",
"name": "TS_HOSTLESS_DEPLOYMENT"
}],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/hostless-example",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "ecs"
}
}
},
{
"name": "nginx",
"image": "nginx",
"memoryReservation": 128,
"cpu": 128,
"essential": false,
"entryPoint": [
"sh",
"-c"
],
"command": [
"/bin/mountedSensor/sensor & nginx -g 'daemon off;'"
],
"volumesFrom": [{
"sourceContainer": "sidecar-agent",
"readOnly": false

}],
"linuxParameters": {
"capabilities": {
"add": [
"SYS_PTRACE"
],
"drop": null
}
},
"workingDirectory": "/",
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/hostless-example",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "ecs"
}
}
}
],
"networkMode": "awsvpc",
"cpu": "512",
"memory": "2048",
"executionRoleArn": "arn:aws:iam::xxxxxxxx:role/ecsTaskExecutionRole",
"family": "hostless-example",
"taskRoleArn": "arn:aws:iam::xxxxxxxx:role/ecsTaskExecutionRole"
}
Fargate 1.3.0 or earlier

Important

This does not support the SYS_PTRACE capability, which we recommend for additional Agent visibility.

{
"requiresCompatibilities": ["FARGATE"],
"containerDefinitions": [{
"name": "sidecar-agent",
"image": "threatstack/ts-hostless:latest",
"memoryReservation": 1024,
"cpu": 256,
"essential": true,
"entryPoint": [
"/bin/agent"
],
"command": [
"--hostname=example-task-name",
"--ruleset_names=\"Fargate Rule Set\""
],

"secrets": [{
"valueFrom": "arn:aws:ssm:us-east-1:xxxxxxxx:parameter/xxxxxxxx",
"name": "TS_HOSTLESS_DEPLOYMENT"
}],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/hostless-example",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "ecs"
}
}
},
{
"name": "nginx",
"image": "nginx",
"memoryReservation": 128,
"cpu": 128,
"essential": false,
"entryPoint": [
"sh",
"-c"
],
"command": [
"/bin/mountedSensor/sensor & nginx -g 'daemon off;'"
],
"volumesFrom": [{
"sourceContainer": "sidecar-agent",
"readOnly": false

}],
"workingDirectory": "/",
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/hostless-example",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "ecs"
}
}
}
],
"networkMode": "awsvpc",
"cpu": "512",
"memory": "2048",
"executionRoleArn": "arn:aws:iam::xxxxxxxx:role/ecsTaskExecutionRole",
"family": "hostless-example",
"taskRoleArn": "arn:aws:iam::xxxxxxxx:role/ecsTaskExecutionRole"
}
Use Templates in Your Containers
  1. Copy and paste the template code from one of the above sections into a text or code editor.
  2. Replace the example nginx container name, image, and command with proper values for your application container.
  3. Make sure your application container's command starts with /bin/mountedSensor/sensor & so the Agent has process visibility into your container.
  4. Enter your ARNs for the SSM secret and IAM roles.
  5. Modify the --hostname flag's value. This names your task and Agent in F5 Distributed Cloud App Infrastructure Protection (AIP).
  6. On the Fargate task definition page, click the Configure via JSON button. A text box displays.
    configureviajson.png
  7. Copy and paste the modified template code into the popup text box.
  8. Save the JSON file.
  9. On the Task definition creation page, select the appropriate IAM role ARNs from the dropdown menu.
Was this article helpful?
0 out of 0 found this helpful