Deploying Crowd Strike as a side car in AWS ECS – No Down time and secured

Reading Time: 3 minutes

What does Crowd Strike do ?

Crowd Strike is a cloud-hosted, next-generation endpoint security platform that provides antivirus, threat intelligence and more secured. The Crowd Strike Falcon Sensor is a lightweight agent installed on devices and servers. It acts as the first line of defense against malware, ransomware, and other security threats by continuously monitoring system activity.

What is a Sidecar Container?

A sidecar container is a helper container that runs alongside the main application container within the same pod or task.

Key characteristics of a sidecar container:

• Runs independently alongside the application

• Requires no code changes to the main application

• Can be added without downtime

• Enhances the application with additional functionality such as security, logging, or monitoring

ECS Architecture Overview

ECS Cluster → Services → Tasks → Task Definitions

Why Crowd Strike as a Sidecar?

Running Crowd Strike as a sidecar container allows you to protect workloads without modifying application code or disrupting service availability. This approach helps prevent unauthorized access and protects servers from potential attacks.

Benefits follows like below,

• Antivirus protection
• Endpoint detection and response
• Identity protection
• Runtime threat detection
• Continuous compliance and visibility
• Firewall management

How to create crowd strike as a side car ?

To create or deploy crowd strike as a side car in ECS

1. Work with the development team to obtain the correct API or application endpoint JSON with the latest revision.
2. Identify the existing ECS service and task definition that is currently running.
3. Update the task definition to include a sidecar container for Crowd Strike.
4. Add a shell script to initialize the Falcon sensor using the correct Customer ID (CID).
5. Export required environment variables like AWS region and Crowd strike ID.
6. Must Ensure prerequisites like CrowdStrike installation Git repository and latest Falcon sensor version being used.

Sample template of shell script to deploy CS as sidecar

How to test

• We can validate by running the docker image
• Manually verify the ECS task definition loaded or not and properly service is up and running or not from ECS.

After deployment:

1. Container logs Crowd strike connected and running or not.
2. Connected with Crowd Strike Engineer and know the status or run the falcon sensor commands to check the status.
3. Application Availability should track via Load balancer, Application insights etc.,