Prisma Cloud Compute: Empty ECS Cluster name on UI

568

Created On 05/15/25 23:44 PM - Last Modified 05/28/25 17:36 PM

Prisma Cloud Compute Defender Connectivi

Prisma Cloud Compute Defender

Prisma Cloud - Runtime Security

Symptom

No Cluster Name for the ECS cluster nodes under the Prisma Cloud Runtime Security Console UI

GUI Path: Runtime Security / Compute >> Manage >> Defenders >> Deployed Defenders

Environment

Prisma Cloud Compute Self-Hosted Console
Prisma Cloud Compute SAAS Console
AWS ECS Cluster

Cause

If we generate a task definition from the Prisma Cloud Compute Console for the ECS defender, this field is empty by default:

{
"name": "DEFENDER_CLUSTER",
"value": ""
}

Unless you go to Runtime Security >> Manage >> Defenders >> Manual Deploy >> Orchestrator and ECS >> Advanced Settings while generating the task definition and manually add the cluster name, this field will remain empty.

Now, if we don't enter the cluster name manually and deploy the task definition as-is, our backend logic will extract the cluster name from the default config file /etc/ecs/ecs.config.

If the cluster name is not available in this config file, it will deploy with an empty cluster name unless you manually specify it in the task definition.

Resolution

There are two fields in the compute host API response for the ECS nodes named "Clusters" and "ecsClusterName"

Values for both fields are based on the following two scenarios:

If you don't specify Cluster Name under Task Definition (Empty Cluster Name field):

In this scenario, both of the fields (ecsClusterName and clusters) are sourcing data from the same place. i.e, from /etc/ecs/ecs.config ( you can check it by doing ssh into your ECS EC2 and check out the file (ecs.config))

If you do specify Cluster Name under Task Definition:

In this scenario, "ecsClusterName" is the name of your Cluster under AWS Console > ECS "clusters" contains the name you specified under Task Definition.

Additional Information