Upgrade Prisma Cloud running on Amazon ECS.
First upgrade Console. Console will then automatically upgrade all deployed Defenders for you. If you’ve disabled Defender auto-upgrade or if Console fails to upgrade one or more Defenders, manually upgrade your Defenders.
Console automatically upgrades most Defender types for you. If Console fails to upgrade one or more Defenders, you will see error messages in the
Manage > Defenders > Managetab. If you’ve created an alert for Defender health events, Console emits a message on the alert channel for any Defender that it fails to upgrade.
To upgrade Console, update the service with a new task definition that points to the latest image.
This procedure assumes you’re using images from Prisma Cloud’s registry. If you’re using your own private registry, push the latest Console image there first.
Copy the Prisma Cloud config file into place
- Download the latest recommended release to your local machine.$ wget <LINK_TO_CURRENT_RECOMMENDED_RELEASE_LINK>Code copied to clipboardUnable to copy due to lack of browser support.
- Unpack the Prisma Cloud release tarball.$ mkdir twistlock $ tar xvzf twistlock_<VERSION>.tar.gz -C twistlock/Code copied to clipboardUnable to copy due to lack of browser support.
- Upload the twistlock.cfg files to the host that runs Console.$ scp twistlock.cfg <ECS_INFRA_NODE>:/twistlock_console/var/lib/twistlock-configCode copied to clipboardUnable to copy due to lack of browser support.
Create a new revision of the task definition
Create a new revision of the task definition.
- Log into the Amazon ECS console.
- In the left menu, clickTask Definitions.
- Check the box for the Prisma Cloud Console task definition, and clickCreate new revision.
- Scroll to the bottom of the page and clickConfigure via JSON.
- Update the image field to point to the latest Console image.For example, if you were upgrading from Prisma Cloud version 2.4.88 to 2.4.95, simply change the version string in the image tag."image": "registry-auth.twistlock.com/tw_<accesstoken>/twistlock/console:console_2_4_95"Code copied to clipboardUnable to copy due to lack of browser support.
Update the Console service
Update the Console service.
- In the left menu of the Amazon ECS console, clickClusters.
- Click on your cluster.
- Select theServicestab.
- Check the box next the Console service, and clickUpdate.
- InTask Definition, select the version of the task definition that points to the latest Console image.
- Validate thatCluster,Service name, andNumber of tasksare correct. These values are set based on the values for the currently running task, so the defaults should be correct. The number of tasks must be 1.
- SetMinimum healthy percentto0.This lets ECS safely stop the single Console container so that it can start an updated Console container.
- SetMaximum percentto100.
- In theConfigure networkpage, accept the defaults, and clickNext.
- In theSet Auto Scalingpage, accept the defaults, and clickNext.
- ClickUpdate Service.It takes a few moments for the old Console service to be stopped, and for the new service to be started. Open Console, and validate that the UI shows new version number in the bottom left corner.
- Go toManage > Defenders > Manageand validate that Console has upgraded your Defenders.
Recommended For You
Recommended videos not found.