[Prisma Cloud Compute] ECS Fargate clusters not showing up under Monitor-> Vulnerabilities->Deployed Images even though the defenders are successfully connected
3359
Created On 08/09/24 20:07 PM - Last Modified 05/21/25 08:11 AM
Symptom
-> You have installed defenders on ECS Fargate Cluster.
-> The defenders show up connected under Manage-> Defenders-> Defenders:Deployed
-> However when you go to Monitor-> Vulnerabilities-> Images-> Deployed and search for the cluster or hostname, you don't find any results.
Environment
Prisma Cloud Compute SaaS version
- Prisma Cloud Compute Self-Hosted version
- AWS ECS Fargate
Cause
- This could be happening if your task definition is missing some of the below mentioned necessary environment variables including the TW_IMAGE_NAME and TW_CONTAINER_NAME.
"environment": [
{
"name": "FIPS_ENABLED",
"value": "false"
},
{
"name": "FILESYSTEM_MONITORING",
"value": "false"
},
{
"name": "TW_CONTAINER_NAME",
"value": "xxx"
},
{
"name": "TW_DEBUG",
"value": "true"
},
{
"name": "TW_IMAGE_NAME",
"value": ""
},
{
"name": "DEFENDER_TYPE",
"value": "fargate"
},
{
"name": "FARGATE_TASK",
"value": "xxxx
}
],
You could be using Terraform to generate task definitions and some of the above environment variables might be missing.
Also verify that entryPoint is configure correctly:
Bad configuration:
The right entryPoint should be like this:
"entryPoint": [
"/var/lib/twistlock/fargate/defender",
"fargate",
"entrypoint",
"/opt/tomcat/entrypoint.sh"
],Resolution
- If you are using terraform to generate task definitions, please make sure to compare that task definition with a manually generated protected task definition and make sure that all the environment variables are present and correctly defined.
- Once the variables are added/corrected , the cluster should show under Deployed Images tab.