We’ve heard many of our customers asking for auto deployments of Twistlock’s Defender to ECS clusters and we’re here to help with this step-by-step guide to setting up automatic security deployments.


First, some basic info…


What is an Amazon ECS cluster?

An Amazon EC2 Container Service (Amazon ECS) cluster is a logical grouping of container instances where you can run tasks. Tasks are runtime container definitions that ECS uses to run, scale and balance the containers you are running across the cluster. When you first use Amazon ECS you will need to create a new cluster, and you should create multiple clusters in an account to keep your resources separate.


Why would I want to automate deployments to ECS clusters? What’s the benefit?

When you use Amazon ECS you don’t always manage the underlying instances yourself. Typically you use Auto Scaling groups to provision and deprovision instances as needed. When new instances join the cluster you want to make sure they have the Defender installed before running tasks to ensure full runtime, compliance and vulnerability protection for all EC2 instances that make up the cluster.


Okay, so how can I set up Automatic Security Deployments for ECS Clusters in Twistlock?

1. ) Create a new empty cluster

  • Navigate to Services > EC2 Container Services

ECS Clusters in Twistlock

  • Click Create Cluster
  • Type a name for your cluster (For Example: twistlock-protected)
  • Tick the Create empty cluster checkbox
  • Finally, create your cluster by clicking the Create button in the bottom left

ECS clusters in Twistlock=

2.) Create a new launch configuration that has user data to run our script:

ECS clusters in Twistlock

  • Navigate to EC2 -> Auto Scaling -> Launch Configurations
  • Create a new launch configuration
  • Choose the AMI and Instance Type
  • Under Configure Details expand out the Advanced Details Section
  • Add the following to the User Data section


Replace {CLUSTER_NAME} with the name of your cluster. We used twistlock-protected in the example above.

Replace {USERNAME}:{PASSWORD} with valid Twistlock credentials for your console

Replace {CONSOLE_HOST} with your console hostname or IP

Replace {CONSOLE_PORT} with the port your web console is listening on (by default 8083)


echo ECS_CLUSTER={CLUSTER_NAME}>> /etc/ecs/ecs.config

curl -k -u {USERNAME}:{PASSWORD} https://{CONSOLE_HOST}:{CONSOLE_PORT}/api/v1/scripts/defender.sh -o defender.sh

chmod a+x ./defender.sh


3.) Create a new auto scaling group to launch instances into the cluster

  • Navigate to EC2 > Auto Scaling > Auto Scaling Groups

  • Click Create Auto Scaling Group
  • Select Create an Auto Scaling group from existing launch configuration

  • Give your group a name, network and subnet
  • Set the group size to the number of instances you would like in your cluster. The default is 1
  • Click Next
  • Select Keep this group at its initial size

Note: You can use the second option to automatically scale your group based on Cloud Watch alerts. For more information on how to do this please consult the AWS documentation.

  • Click Review
  • Click Create Auto Scaling Group

And there you have it! You should see at least one EC2 instance running that has joined your cluster. You’ve completed the setup process, and can enjoy the fruits of an auto deployed Twistlock Defender in your ECS clusters.

Want more tips like this? Subscribe to our newsletter for more regular updates on container security news and tips, or contact us for a demo today.

← Back to All Posts Next Post →