Amazon ECS

Upgrade Prisma Cloud running on Amazon ECS.
First upgrade Console. Console will then automatically upgrade all deployed Defenders for you. If you’ve disabled Defender auto-upgrade or if Console fails to upgrade one or more Defenders, manually upgrade your Defenders.
Console automatically upgrades most Defender types for you. If Console fails to upgrade one or more Defenders, you will see error messages in the
Manage > Defenders > Manage
tab. If you’ve created an alert for Defender health events, Console emits a message on the alert channel for any Defender that it fails to upgrade.

Upgrade Console

To upgrade Console, update the service with a new task definition that points to the latest image.
This procedure assumes you’re using images from Prisma Cloud’s registry. If you’re using your own private registry, push the latest Console image there first.

Copy the Prisma Cloud config file into place

  1. Download the latest recommended release to your local machine.
  2. Unpack the Prisma Cloud release tarball.
    $ mkdir twistlock $ tar xvzf twistlock_<VERSION>.tar.gz -C twistlock/
  3. Upload the twistlock.cfg files to the host that runs Console.
    $ scp twistlock.cfg <ECS_INFRA_NODE>:/twistlock_console/var/lib/twistlock-config

Create a new revision of the task definition

Create a new revision of the task definition.
  1. Log into the Amazon ECS console.
  2. In the left menu, click
    Task Definitions
  3. Check the box for the Prisma Cloud Console task definition, and click
    Create new revision
  4. Scroll to the bottom of the page and click
    Configure via JSON
    1. Update the image field to point to the latest Console image.
      For example, if you were upgrading from Prisma Cloud version 2.4.88 to 2.4.95, simply change the version string in the image tag.
      "image": "<accesstoken>/twistlock/console:console_2_4_95"
    2. Click
  5. Click