forked from aquasecurity/aqua-aws
-
Notifications
You must be signed in to change notification settings - Fork 0
/
aquaAgent.json
106 lines (105 loc) · 2.07 KB
/
aquaAgent.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Install Aqua Agent on ECS.",
"Parameters": {
"aquaGatewayAddress": {
"Description": "The Aqua gateway address include port accessible from the Aqua Agent",
"Type": "String"
},
"aquaToken": {
"NoEcho": "true",
"Description": "Aqua Agent installation token retrieved from Aqua Management Console.",
"Type": "String"
},
"aquaAgentImage": {
"Type": "String",
"Description": "Enter image path on ECR."
},
"cluster": {
"Type": "String",
"Description": "Enter cluster name",
"Default": "test"
}
},
"Resources": {
"aquaAgentTaskdefinition": {
"Type": "AWS::ECS::TaskDefinition",
"Properties": {
"ContainerDefinitions": [{
"Memory": 256,
"Essential": "true",
"MountPoints": [{
"ContainerPath": "/var/run/docker.sock",
"SourceVolume": "docker-socket"
}],
"Name": "aqua-agent",
"Environment": [{
"Name": "SCALOCK_SERVER",
"Value": {
"Ref": "aquaGatewayAddress"
}
},
{
"Name": "AQUA_MODE",
"Value": "CONTAINER"
},
{
"Name": "AQUA_RUN_WATCHER",
"Value": "yes"
},
{
"Name": "SILENT",
"Value": "yes"
},
{
"Name": "SCALOCK_TOKEN",
"Value": {
"Ref": "aquaToken"
}
},
{
"Name": "RESTART_CONTAINERS",
"Value": "no"
}
],
"Image": {
"Ref": "aquaAgentImage"
},
"Cpu": 256
}],
"Volumes": [{
"Host": {
"SourcePath": "/var/run/docker.sock"
},
"Name": "docker-socket"
}],
"Family": {
"Fn::Join": [
"-",
[{
"Ref": "cluster"
},
"aqua-agent-install"
]
]
}
}
},
"aquaAgentDaemon": {
"DependsOn": [
"aquaAgentTaskdefinition"
],
"Type": "AWS::ECS::Service",
"Properties": {
"Cluster": {
"Ref": "cluster"
},
"SchedulingStrategy": "DAEMON",
"ServiceName": "aquaAgent",
"TaskDefinition": {
"Ref": "aquaAgentTaskdefinition"
}
}
}
}
}