Deploy the Alert Logic Agent Container for Amazon ECS on AWS Fargate

You can deploy the Alert Logic Agent Container in Amazon Elastic Container Service (ECS) environments that run Amazon Web Services (AWS) Fargate.

Minimum requirements

• 0.25 CPU (up to 3 CPUs)
• 100 MB memory (initial allocation), up to 500 MB cap

You must route container logs to Alert Logic's Agent Container's syslog port (TCP or UDP 1514 by default) using third-party software (for example, AWS FireLens and Fluent Bit in a format expected by Alert Logic). See Deploy the Alert Logic Agent Container for AWS Fargate for more information.

AWS Fargate support

To protect environments that use Fargate with Amazon ECS, the required method is to deploy the Alert Logic Agent Container as a sidecar in each Fargate ECS task. With this method, the Alert Logic agent can still access the network interfaces of that task. Alert Logic collects network traffic and log messages from a specific task without violating the integrity of other customer environments in the AWS Fargate cluster.

For Alert Logic to fully integrate with a container environment, the Docker socket must be mounted through the volume mounting capability in Docker, which the Fargate environment does not allow. For this reason, Alert Logic can protect containers on Fargate workloads but does not discover other containers running on the host or capture traffic from their virtual network interfaces.

EventBridge setup

You must have EventBridge configured for AWS Fargate to be fully functional and supported. Enabling EventBridge ensures any deleted Fargate instances are removed from the Alert Logic console. For more information on how to configure EventBridge, see Configure EventBridge Integration.

Deployment instructions

Alert Logic hosts the readme file and the agent for each supported container platform on the public Alert Logic GitHub page.