AWS ECS Support
The Cado platform will collect key logs and forensic artifacts from AWS ECS systems.
How to Import
-
Go to Import > Cloud
-
Then select the target Cluster and Task:
-
Then click Acquire Container.
-
Confirm details and click Start Import
Cado will now automatically collect all the key logs and forensic artifacts from the container to enable an investigation.
For a typical acquisition, import and processing will take a few minutes to complete.
info
ECS Import Requirements
- You’ll need to enable enableExecuteCommand on your ECS task, there is no way to add this to an already existing task.
- Currently ECS acquisitions are only available on Linux based containers.
You will receive an error such as this:
If either:
- Your IAM role doesn't have the required ECS permissions for IAM:
"ecs:ListClusters",
"ecs:DescribeClusters",
"ecs:ListServices",
"ecs:DescribeServices",
"ecs:ListTasks",
"ecs:DescribeTasks",
"ecs:ExecuteCommand"
- Or the Cluster and Task do not have enableExecuteCommand enabled.
Data Flow Diagram
For a diagram of how our ECS acquisitions operate, please see our Knowledge Base.