Issue

• From: https://support.lacework.com/hc/en-us/articles/360055567574-AWS-ECS-Fargate
• The && is a shell operator and creates a dependency that requires the previous command to run in order for the next one to run. Lacework recommends using this operator because it assures the agent datacollector is running.

Environment

• Fargate containers
• AWS Fargate, sidecar deployment

Resolution

If you do not want to use the && operator, the ; operator can be used to remove the dependency.

IMPORTANT: If the Lacework datacollector fails to start with this configuration, the container will run without being secured by the Lacework agent.

• Remove the dependency by replacing && with a ; (semicolon)
  • Before: sh, -c, /var/lib/lacework-backup/lacework-sidecar.sh && APPLICATION_INIT 
  • After: sh, -c, /var/lib/lacework-backup/lacework-sidecar.sh; APPLICATION_INIT
• The semicolon moves execution to the next command when the preceeding service startup fails.

Note: The following configuration items can result in a task startup failure.

1. If the sidecar container is marked as Essential in the task definition. In this case, it does not matter if you use && or ;. The startup will fail in all cases in the event of a crash.
2. An invalid agent token.
3. An invalid access token environment variable NAME in the task definition. The environment variable name should be LaceworkAccessToken and it is case-sensitive.
4. The application container distribution is not a supported one by the agent startup script. Lacework supports most of the common distros and it is unlikely for this to be an issue.