Issue
- From: https://support.lacework.com/hc/en-us/articles/360055567574-AWS-ECS-Fargate
- The && is a shell operator and creates a dependency that requires the previous command to run in order for the next one to run. Lacework recommends using this operator because it assures the agent datacollector is running.
Environment
- Fargate containers
- AWS Fargate, sidecar deployment
Resolution
If you do not want to use the && operator, the ; operator can be used to remove the dependency.
IMPORTANT: If the Lacework datacollector fails to start with this configuration, the container will run without being secured by the Lacework agent.
- Remove the dependency by replacing && with a ; (semicolon)
- Before: sh, -c, /var/lib/lacework-backup/lacework-sidecar.sh && APPLICATION_INIT
- After: sh, -c, /var/lib/lacework-backup/lacework-sidecar.sh; APPLICATION_INIT
- The semicolon moves execution to the next command when the preceeding service startup fails.
Note: The following configuration items can result in a task startup failure.
- If the sidecar container is marked as
Essential
in the task definition. In this case, it does not matter if you use&&
or;
. The startup will fail in all cases in the event of a crash. - An invalid agent token.
- An invalid access token environment variable NAME in the task definition. The environment variable name should be
LaceworkAccessToken
and it is case-sensitive. - The application container distribution is not a supported one by the agent startup script. Lacework supports most of the common distros and it is unlikely for this to be an issue.