Skip to main content

Generate a Protected YAML Fargate Task Definition



x-prisma-cloud-target-env: {"permission":"manageDefenders","saas":true,"self-hosted":true}
x-public: true

Returns a protected Fargate task definition for a CloudFormation YAML template given an unprotected task definition.

cURL Request

Refer to the following example cURL command that accepts the task definition in YAML format for a CloudFormation template:

<HOSTNAME> is a single list item from the /api/v<VERSION>/defenders/names endpoint.

Unprotected task definition in unprotected.yaml

$ curl -k \
-u <USER> \
-H 'Content-Type: application/yaml' \
--data-binary "@unprotected.yaml"
--output protected.yaml \

New Protected task will be in protected.yaml


Query Parameters

    consoleaddr string

    ConsoleAddr is the remote console address.

    defenderType string

    Possible values: [none,docker,dockerWindows,containerdWindows,swarm,daemonset,serverLinux,serverWindows,cri,fargate,appEmbedded,tas,tasWindows,serverless,ecs]

    DefenderType is the type of the defender to create the install bundle for.

    interpreter string

    Interpreter is a custom interpreter set by the user to run the fargate defender entrypoint script.

    cloudFormation boolean

    CloudFormation indicates if the given fargate task definition is in Cloud Formation format.

    filesystemMonitoring boolean

    FilesystemMonitoring is the filesystem monitoring flag.

    extractEntrypoint boolean

    ExtractEntrypoint indicates if entrypoint will be extracted automatically.

    registryType string

    RegistryType is the registry type for fetching image details needed to create fargate task definition (e.g., dockerhub).

    registryCredentialID string

    RegistryCredentialID of the credentials in the credentials store to use for authenticating with the registry.

    defenderImage string

    DefenderImage is the full path to the Defender image, if not specified Prisma's private registry is used.

    defenderImagePullSecret string

    DefenderImagePullSecret is the name of the secret required to pull the Defender image from private registry.


  • Array [
  • integer

  • ]