NikP-PAN
commented
3 years ago -
If the user decides to install/set up the console on ECS (ec2 launch type), then they would need to use EFS as a persistent storage. Container instances are leveraging Autoscaling groups (ASG) so the EBS volumes won't persist after the instance is terminated. The defenders have no need to EFS. and the defender install docs (for ECS on ec2 launch type) should reflect that.
-
Agree on point 2
-
Agree on point 3. https://docs.twistlock.com/docs/compute_edition/api/access_api.html#accessing-the-api-using-token-authentication
The step to add port 2049 seems to be unnecessary now. Its seems we are not using EFS/NFS anywhere in the new defender.
The step about choosing the Amazon ECS-Optimized Amazon Linux 2 AMI is not as intuitive as one would think. I think this is due to a change in the UI. You must know the ami-id ahead of time to choose it. This would be a good link to have on that section. https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html
When it comes to the install bundle and the service parameter, I think there should be a link on how to generate the bearer token. I know at the top it states that you need that, but it should have a link somewhere for how to do that. I had to go back and search through the docs to figure out how to do it and it was bit of a pain. Everything else seems to be pretty straight forward.