Overview
v2.5 - EKS 1.22 AMI w/ FCG PCI Compliance Reporting w/ S3 Upload of report and Falco Container Security
- Will upload reports nightly to S3 Bucket
- Supports Reading from EC2_TAG or Secrets or OS ENV
- EC2 Requires Instance Profile w/ AWS Secreds Read access to 'fcg/config' & Write to S3 Bucket
- Example Policies Available From Support and will be posted to github SECRETS_PATH: fcg/config [format: JSON, Key:Value - {"S3_BUCKET":"BUCKET_NAME"} TAG: fcg_s3bucket -
For Using EC2 TAGS:
- Requires TAGS in MetaData enablement:
- https://aws.amazon.com/about-aws/whats-new/2022/01/instance-tags-amazon-ec2-instance-metadata-service/
- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-options.html
Future Updates:
- Realtime Container Scanning for malware and vulernabilities
- Additional PCI Hardening
- Malware Scanning
- STIG Hardening
- Discord Server for Support
- EKS 1.23+ Support Support:
Highlights
- PCI Compliant Auditing & Reporting w/ S3 Upload of Reports
- Falco Container Security
Details
Typical total price
$0.47/hour
Pricing
- ...
Instance type | Product cost/hour | EC2 cost/hour | Total/hour |
---|---|---|---|
t2.nano | $0.07 | $0.006 | $0.076 |
t2.micro AWS Free Tier | $0.07 | $0.012 | $0.082 |
t2.small | $0.07 | $0.023 | $0.093 |
t2.medium | $0.07 | $0.046 | $0.116 |
t2.large | $0.07 | $0.093 | $0.163 |
t2.xlarge | $0.07 | $0.186 | $0.256 |
t2.2xlarge | $0.07 | $0.371 | $0.441 |
t3.nano | $0.07 | $0.005 | $0.075 |
t3.micro AWS Free Tier | $0.07 | $0.01 | $0.08 |
t3.small | $0.07 | $0.021 | $0.091 |
Additional AWS infrastructure costs
Type | Cost |
---|---|
EBS General Purpose SSD (gp2) volumes | $0.10/per GB/month of provisioned storage |
Vendor refund policy
no refunds
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
v2.7c - EKS 1.22 AMI w/ FCG PCI SOCS Compliance Reporting w/ S3 Upload of report and Falco Container Security - Includes AWS Cloud Watch Agent Configured to send alerts - Will upload reports nightly to S3 Bucket - Supports Reading from EC2_TAG or Secrets or OS ENV - EC2 Requires Instance Profile w/ AWS Secrets Read access to 'fcg/config' & Write to S3 Bucket - Example Policies Available From Support and will be posted to github SECRETS_PATH: fcg/config [format: JSON, Key:Value - {"S3_BUCKET":"BUCKET_NAME"} TAG: fcg_s3bucket - For Using EC2 TAGS: - Requires TAGS in MetaData enablement: * https://aws.amazon.com/about-aws/whats-new/2022/01/instance-tags-amazon-ec2-instance-metadata-service/ * https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-options.html Updates: * Realtime Container Scanning for malware and vulernabilities * Additional PCI Hardening * Malware Scanning * STIG Hardening * Discord Server for Support * EKS 1.23+ Support Support: - support@atcsecure.com SSH Access: * Ensure you launch with your key * PORT 22 Usage: * Use as an AMI in your EKS launch templates * Configure AWS Secret or EC2_TAG for S3 Reports * Falco logs go to cloudwatch
Additional details
Usage instructions
Falco Container Logs destination: /var/log/falco-events.log & Cloudwatch
AWS Cloudwatch Installed
SSH into the instance, the PCI compliance report is located @ /var/log/report.html, it is updated nightly.
To use the S3 Feature, the ec2 instance or EKS node must have write access to an s3 bucket via instance profile and needs to know the S3 Bucket Name. The name can be passed via AWS Secrets or EC2 Tags.
For secrets it will read "fcg/config", the json key:value is {"S3_BUCKET":"BUCKET_NAME"}
S3_Reporting: Ensure Instance Profile allows write to S3
When Using AWS_SECRETS: Ensure instance profile allows access to read fcg/config
For Using EC2 TAGS:
- Requires TAGS in MetaData enablement:
Resources
Vendor resources
Support
Vendor support
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.