1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma Cloud Compute Edition Administrator’s Guide
    5. Install
    6. Console on Fargate

    Console on Fargate

    You can run Prisma Cloud Console in AWS Fargate.
    This procedure assumes you’ve already created an ECS cluster.

    Create a security group

    Create a security group that opens ports 8083-8084 for Prisma Cloud Console and port 2049 for NFS.
    1. In the AWS console, go to
      Services > Compute > EC2 > Security Groups
      .
    2. Click
      Create security group
      .
    3. In
      Security group name
      , enter a name, such as
      pc-security-group
      .
    4. In
      Description
      , enter
      Prisma Cloud Compute Console on Fargate
      .
    5. In
      VPC
      , select the VPC where your ECS cluster runs.
    6. Create an inbound rule for Prisma Cloud Console ports.
      1. Under
        Inbound rules
         , click
        Add rule
        .
      2. Under
        Type
        , select
        Custom TCP
        .
      3. Under
        Port range
        , enter
        8083-8084
        .
      4. Under
        Source
        , select
        Anywhere
        .
    7. Create an inbound rule for NFS, where Console stores its data.
      1. Click
        Add rule
        .
      2. Under
        Type
        , select
        NFS
        .
      3. Under
        Source
        , select
        Anywhere
        .
    8. Click
      Create security group
      .
    9. Write down the security group ID and save it for later.

    Create an EFS file system

    Create a highly available file system for Console to store its data.
    1. In the AWS console, go to
      Services > Storage > EFS
      .
    2. Click
      Create file system
      .
    3. Click
      Customize
       to open a more detailed dialog.
    4. Enter a value for
      Name
      , such as
      pc-efs-console
      .
    5. Set the throughput mode to
      Provisioned
      .
    6. Set
      Provisioned Throughput (MiB/s)
       to 0.1 MiB/s per Defender that will be deployed.
    7. Click
      Next
      .
    8. In
      VPC
      , select the VPC where your EC2 cluster runs and the relevant mount targets.
    9. For each mount target, change the security group to the ID of the pc-security-group.
    10. Click
      Next
      , accepting all defaults, until the file system is created.
    11. Write down the file system ID and save it for later.

    Create target groups

    Create two target groups for the load balancer, one for port 8083 and one for port 8084.
    1. In the AWS console, go to
      Services > Compute > EC2 > Load Balancing > Target Groups
      .
    2. Click
      Create target group
      .
    3. In
      Basic configuration
      , select
      IP addresses
      .
    4. Enter a value for
      Name
      , such as
      pc-tgt-8083
       or
      pc-tgt-8084
      .
    5. Set
      Protocol
       to
      TCP
       and
      Port
       to
      8083
       or
      8084
       respectively.
    6. In VPC, select the VPC where your ECS cluster runs.
    7. For port 8083 only, specify the following health check configuration:
      • Health check protocol
        :
        HTTPS