Skip to content

Latest commit

 

History

History
 
 

aqua-ecs-ec2

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.adoc
README.adoc
 
 
aquaScanner.yaml
aquaScanner.yaml
 
 

README.adoc

Deploy Aqua Scanner on AWS ECS Cluster

Launch Stack

Overview

The Aqua Server and Gateway are deployed on a ECS EC2 cluster. In multi-cluster environments, you can deploy Aqua Scanners on different clusters.

This page contains instructions for deploying Aqua Scanner on any Amazon ECS EC2 cluster.

For high availability, you must deploy Aqua on 2 availability Zones (AZs).

Your deployment creates the Aqua Scanner service, on the specific ECS instance. A CloudFormation template is used to deploy Aqua Scanner. This can be done either with the AWS CloudFormation Management Console or the AWS Command Line interface (CLI), as explained below.

Prerequisites

  • One or more ECS clusters

  • Aqua Server DNS/IP

  • From Aqua Security: your Aqua credentials (username and password) and CSP License Token

  • Aqua Scanner Username and Password

Pre-deployment

Step 1. Login to the Aqua Registry with your credentials.

 docker login registry.aquasec.com -u  -p

Step 2. Pull the Aqua Scanner image.

 docker pull registry.aquasec.com/scanner:2022.4

Step 3. Push the scanner image to ECR.

Deployment method 1: CloudFormation Management Console

Step 1. Click the Launch Stack icon at the top of this page. This will take you to the Create stack function of the AWS CloudFormation Management Console.

Step 2. Ensure that your AWS region is set to where you want to deploy Aqua Scanner.

Step 3. Click Next.

Step 4. Set or modify any of the parameters as explained below.

Step 5. Click Next to create the stack.

Deployment method 2: CLI

Step 1. Copy the following command.

aws –region us-east-1 cloudformation create-stack –capabilities CAPABILITY_NAMED_IAM –stack-name aqua-scanner –template-body file://aquaScanner.yaml \
–parameters ParameterKey=AquaServerAddress,ParameterValue=xxxxx \
ParameterKey=AquaScannerUserName,ParameterValue=xxxxx \
ParameterKey=AquaScannerPassword,ParameterValue=xxxxx \
ParameterKey=AquaScannerImage,ParameterValue=xxxx.dkr.ecr.us-east-1.amazonaws.com/aqua:scanner-x.x\
ParameterKey=ECSClusterName,ParameterValue=xxxxx

Step 2. Set the parameters as explained below.

AquaServerAddress = The Server DNS name or IP address (IP address with port number)
AquaScannerUserName = The Scanner user name from Aqua server
AquaScannerPassword = The Scanner user Password
AquaScannerImage = The ECR path for the Aqua Scanner product image
ECSClusterName = The existing ECS cluster name

Step 3. Run the AWS create-stack CLI command.

This procedure will deploy Aqua Scanner in your desired cluster and the newly deployed scanner will get added to the existing Aqua server.