Adding Runtime Monitoring an Amazon ECS cluster
Configure Runtime Monitoring for the cluster, and then install the GuardDuty security agent on your EC2 container instances.
Prerequisites
Turn on Runtime Monitoring. For more information, see Turning on Runtime Monitoring for Amazon ECS.
-
You control Runtime Monitoring for a cluster with a pre-defined tag. If your access policies restrict access based on tags, you must grant explicit permissions to your IAM users to tag clusters. For more information, see IAM tutorial: Define permissions to access Amazon resources based on tags in the IAM User Guide.
Procedure
Perform the following operations to add Runtime Monitoring to a cluster.
-
Create a VPC endpoint for GuardDuty for each cluster VPC. For more information, see Creating Amazon VPC endpoint manually in the GuardDuty User Guide.
-
Configure the EC2 container instances.
Update the Amazon ECS agent to version
1.77
or later on the EC2 container instances in the cluster. For more information see Updating the Amazon ECS container agent.-
Install the GuardDuty security agent on the EC2 container instances in the cluster. For more information, see Managing the security agent on an Amazon EC2 instance manually in the GuardDuty User Guide.
All new and existing tasks, and deployments are immediately protected because the GuardDuty security agent runs as a process on the EC2 container instance.
-
Use the Amazon ECS console or Amazon CLI to set the
GuardDutyManaged
tag key on the cluster totrue
. For more information, see Updating a cluster or Working with tags using the CLI or API. Use the following values for the tag.Note
The Key and Value are case sensitive and must exactly match the strings.
Key =
GuardDutyManaged
, Value =true