Connect an AWS account with CloudFormation
Overview
This page provides instructions on installing the Upwind Sensor in an ECS environment using AWS CloudFormation StackSets. By default, the Upwind Sensor runs as a Daemon.
Prerequisites
- Cluster servers must have a VPC with a NAT Gateway.
- If cluster servers contain images with a kernel version that is less than 5 (for example Amazon Linux 2) use the bcc agent version.
Setup
Step 1: Credentials
This step is relevant only if you want to create new client credentials. If you already have client credentials, you can skip this step.
Select the + (plus) symbol at the top of the screen and select Connect ECS Cluster. Select Generate a new one to create a new client ID and client secret. Provide a name and select Generate. Alternatively, you can generate it in the Credentials page in the console. For more information review the documentation on Credentials.
After you have generated the secret, it will automatically be copied into step 3 and inserted into the UPWIND_CLIENT_ID and UPWIND_CLIENT_SECRET fields.
Step 2: Choose ECS Cluster
Select the ECS Cluster you would like to connect.
Step 3: Log in to the desired AWS Account
Log into the AWS console for the desired account.
Step 4: Run AWS CloudFormation Template
Note: The CloudFormation template will deploy the Upwind ECS service and set task definitions to support EC2 workloads and tasks on your ECS cluster. To connect a template, manually enter a VPC ID and Subnet ID (one or more).
Step 5: Test Connectivity
For each ECS service (upwind-sensor and upwind_cluster_manager), run:
aws ecs describe-services --cluster [your-cluster-name] --services upwind-sensor upwind_cluster_manager
Expected Output:
- Service Status: Ensure
"status": "ACTIVE"for both services. - Task Counts: For upwind-sensor, expect a task per instance due to its daemon strategy. For upwind_cluster_manager,
desiredCountshould equalrunningCount, typically 1. - Deployments: Verify
"status": "PRIMARY"and counts match under"deployments".