Connect Akto with AWS ECS

Introduction

Learn about how to send API traffic data from AWS ECS setup to Akto from your environment. Depending on your ECS infrastructure type refer to these respective sections:

1. FARGATE infrastructure

2. EC2 instances infrastructure

Adding Akto traffic collector to ECS FARGATE cluster

When the ECS cluster is running on AWS FARGATE infrastructure, we will add a container to the task definition of the task, from which we want to monitor. Refer the below image to check your cluster type.

1. Setup Akto data processor using the guide here. Keep the values AKTO_MONGO_IP and AKTO_NLB_IP handy, as we will need them later.

2. Add a container with the configuration defined below. Please replace the AKTO_MONGO_IP and AKTO_NLB_IP variables, as obtained from step 1.

   Copy

   {
       "name": "mirror-api-logging",
       "image": "aktosecurity/mirror-api-logging:k8s_agent",
       "cpu": 1024,
       "memory": 1024,
       "portMappings": [],
       "essential": false,
       "environment": [
           {
               "name": "AKTO_TRAFFIC_BATCH_TIME_SECS",
               "value": "10"
           },
           {
               "name": "AKTO_MONGO_CONN",
               "value": "mongodb://<AKTO_MONGO_IP>:27017/admini"
           },
           {
               "name": "AKTO_TRAFFIC_BATCH_SIZE",
               "value": "10"
           },
           {
               "name": "AKTO_INFRA_MIRRORING_MODE",
               "value": "gcp"
           },
           {
               "name": "AKTO_KAFKA_BROKER_MAL",
               "value": "<AKTO_NLB_IP>:9092"
           }
       ],
       "environmentFiles": [],
       "mountPoints": [],
       "volumesFrom": [],
       "systemControls": []
   }
3. After adding this definition to the task, update the task revision in the service.
4. The containers for the task should show both your primary container and mirror-api-logging container.

Adding Akto traffic collector to ECS EC2 instances cluster

When the ECS cluster is a EC2 instances cluster, we will create a task definition for the mirror-api-logging container and run the task as a daemonset.

1. Setup Akto data processor using the guide here. Keep the values AKTO_MONGO_IP and AKTO_NLB_IP handy, as we will need them later.

2. We will create a new task definition with launch type as EC2 instances, network mode host and the container details as follows. You can directly create a new task definition using the JSON given below. You can also refer the screenshots attached. Please replace the AKTO_MONGO_IP and AKTO_NLB_IP variables, as obtained from step 1.

   Copy

   {
       "family": "mirror-api-logging",
       "containerDefinitions": [
           {
               "name": "mirror-api-logging",
               "image": "aktosecurity/mirror-api-logging:k8s_agent",
               "cpu": 1024, 
               "memory": 1024,
               "portMappings": [],
               "essential": true,
               "environment": [
                   {
                       "name": "AKTO_TRAFFIC_BATCH_TIME_SECS",
                       "value": "10"
                   },
                   {
                       "name": "AKTO_MONGO_CONN",
                       "value": "mongodb://<AKTO_MONGO_IP>:27017/admini"
                   },
                   {
                       "name": "AKTO_TRAFFIC_BATCH_SIZE",
                       "value": "10"
                   },
                   {
                       "name": "AKTO_INFRA_MIRRORING_MODE",
                       "value": "gcp"
                   },
                   {
                       "name": "AKTO_KAFKA_BROKER_MAL",
                       "value": "<AKTO_NLB_IP>:9092"
                   }
               ],
               "environmentFiles": [],
               "mountPoints": [],
               "volumesFrom": [],
               "ulimits": [],
               "logConfiguration": {
                   "logDriver": "awslogs",
                   "options": {
                       "awslogs-create-group": "true",
                       "awslogs-group": "/ecs/mirror-api-logging",
                       "awslogs-region": "ap-south-1",
                       "awslogs-stream-prefix": "ecs"
                   },
                   "secretOptions": []
               },
               "systemControls": []
           }
       ],
       "executionRoleArn": "<Use default execution role>",
       "networkMode": "host",
       "requiresCompatibilities": [
           "EC2"
       ],
       "runtimePlatform": {
           "cpuArchitecture": "X86_64",
           "operatingSystemFamily": "LINUX"
       }
   }
3. We will create a daemonset service with launch type EC2. Go to services tab in the ECS cluster and click on Create.
4. Select Launch type in Compute options and EC2 in Launch type.
5. Select Service in Application type, select mirror-api-logging in Family ( The task definition we just created ), enter mirror-api-logging as Service name and set the Service type as Daemon. Then click on Create on the bottom of the page.
6. Voila, you have created a daemonset in ECS. You should see the traffic in Akto dashboard in some time.