Upgrade Prisma Cloud running on Amazon ECS.
Upgrading Console (Amazon ECS)
To upgrade Console, update the service with a new task definition that points to the latest image.
This procedure assumes you’re using images from Prisma Cloud’s registry. If you’re using your own private registry, push the latest Console image there first.
Copy the Prisma Cloud config file into place
- Go to the Releases page and download the latest release to your local machine.$ wget <LINK_TO_CURRENT_RECOMMENDED_RELEASE_LINK>
- Unpack the Prisma Cloud release tarball.$ mkdir twistlock $ tar xvzf twistlock_<VERSION>.tar.gz -C twistlock/
- Upload thetwistlock.cfgfiles to the host that runs Console.$ scp twistlock.cfg <ECS_INFRA_NODE>:/twistlock_console/var/lib/twistlock-config
Create a new revision of the task definition
Create a new revision of the task definition.
- Log into the Amazon ECS console.
- In the left menu, clickTask Definitions.
- Check the box for the Prisma Cloud Console task definition, and clickCreate new revision.
- Scroll to the bottom of the page and clickConfigure via JSON.
- Update theimagefield to point to the latest Console image.For example, if you were upgrading from Prisma Cloud version 2.4.88 to 2.4.95, simply change the version string in the image tag."image": "registry-auth.twistlock.com/tw_<accesstoken>/twistlock/console:console_2_4_95"
Update the Console service
Update the Console service.
- In the left menu of the Amazon ECS console, clickClusters.
- Click on your cluster.
- Select theServicestab.
- Check the box next the Console service, and clickUpdate.
- InTask Definition, select the version of the task definition that points to the latest Console image.
- Validate thatCluster,Service name, andNumber of tasksare correct. These values are set based on the values for the currently running task, so the defaults should be correct. The number of tasks must be 1.
- SetMinimum healthy percentto0.This lets ECS safely stop the single Console container so that it can start an updated Console container.
- SetMaximum percentto100.
- In theConfigure networkpage, accept the defaults, and clickNext.
- In theSet Auto Scalingpage, accept the defaults, and clickNext.
- ClickUpdate Service.It takes a few moments for the old Console service to be stopped, and for the new service to be started. Open Console, and validate that the UI shows new version number in the bottom left corner.You can now upgrade all your Defenders from the Console UI.
Upgrade single Container Defenders
The Console user interface lets you upgrade all Defenders in a single shot. This method minimizes the effort required to upgrade all your deployed Defenders.
Alternatively, you can select which Defenders to upgrade. Use this method when you have different maintenance windows for different deployments. For example, you might have an open window on Tuesday to upgrade thirty Defenders in your development environment, but no available window until Saturday to upgrade the remaining twenty Defenders in your production environment. In order to give you sufficient time to upgrade your environment, older versions of Defender can coexist with the latest version of Defender and the latest version of Console.
Prerequisites:You have already upgraded Console.
- Open Console.
- On the left menu bar, go toManage > Defender > Manageand clickDefendersto see a list of all your deployed stand-alone Container Defenders.
- Upgrade your stand-alone Defenders. You can either:
- Upgrade all Defenders at the same time by clickingUpgrade all.
- Upgrade a subset of your Defenders by clicking the individualActions > Upgradebutton in the row that corresponds to the Defender you want to upgrade.TheRestartandDecommissionbuttons are not available for DaemonSet Defenders. They are only available for stand-alone Defenders.
Recommended For You
Recommended videos not found.