Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/sysdiglabs/falco-aws-firelens-integration


https://github.com/sysdiglabs/falco-aws-firelens-integration

Last synced: 2 months ago
JSON representation

Awesome Lists containing this project

README 

        
# Multi-cluster security with Falco and FluentBit on Amazon EKS & ECS



This repository hold all source code needed for the blogpost about `Multi-cluster

security with Falco and FluentBit on Amazon EKS & ECS`



There are one directory per step or piece of infrastructure to automate:



* `ecs`: Deploy Falco and FluentBit on ECS

* `eks`: Deploy Falco and FluentBit on EKS



## Getting started



You will need the following requisites:



* `Helm` with Tiller deployed on the EKS cluster

* `aws cli` tools to handle all AWS configuration settings. Ensure you are using

  an aws cli tools which uses boto greater or equal to 1.12.224

* `jq` to help with the scripts



### Deploying EKS integration



Ensure your worker nodes can send logs to CloudWatch. We automated this step with

the Makefile but you will need to edit and set the `NODE_ROLE_NAME` value to your

own settings. Then:



```

$ cd eks

$ make

```



This will create and attach the EKS-CloudWatchLogs policy to your node IAM role

to make sure you can send logs to CloudWatch and will deploy FluentBit daemonset

with the CloudWatch output plugin.



Finally it will also deploy Falco using the Helm Chart.



### Deploying ECS integration



Like EKS, we automated this step with a Makefile. You will need to edit and set

the `CLUSTER_ARN` and `NODE_ROLE_NAME` as well. Then:



```

$ cd ecs

$ make

```



And this will create and attach the ECS-CloudWatchLogs policy to your node IAM

role to ensure you can send logs to CloudWatch and will create a task which

deploys Falco on ECS with an attached sidecar container for FluentBit which

sends the logs to CloudWatch.