You must set up AWS services on your AWS account to be able to receive inventory updates in Carbon Black Cloud. The AWS services setup pushes notifications to the Carbon Black Public Cloud service about your EC2 instances or Auto Scaling group (ASG) management actions. For example, you can get a notification when an EC2 instance launches or terminates, or when an Auto Scaling group is created.

To set up the AWS services, you must create EventBridge rules and AWS resources supporting these rules in the onboarded AWS account. The EventBridge reacts to a change in your environment only when you set a rule to match a specific incoming event. Once you create the rule, it sends the matched incoming event to multiple targets for processing. Rules in EventBridge only work in the region they are created. For more details, see Amazon EventBridge rules.

The Amazon EventBridge delivers a stream of real-time data from AWS services and routes that data to the Carbon Black Public Cloud service. To automate the provisioning of the required AWS resources, you use the AWS CloudFormation stack.

The AWS CloudFormation lets you model, provision, and manage the Amazon EventBridge resources by treating infrastructure as code. You use CloudFormation to declare all the needed resources as a template file in JSON format. For details on the template file, see the CFN template.

You must create the following AWS resources, as a part of the CloudFormation stack, in all the AWS regions added into your onboarded AWS account.

Diagram showing CloudFormation components supporting EventBridge resources for streaming inventory updates in Carbon Black Cloud .

EventBridge resources setup in the AWS Management console.

The table below describes the AWS resources listed above.

Resources Description
EventBridge CBInventoryRule Matches the EC2 State Change Events.
CBInventoryCloudTrailRule Matches the below events related to EC2 instances and ASG.
  • EC2 Events that are subscribed to:
    • AssociateAddress
    • DisassociateAddress
    • AssignPrivateIpAddresses
    • UnassignPrivateIpAddresses
    • CreateTags
    • DeleteTags
    • ModifyInstanceAttribute
    • ModifyNetworkInterfaceAttribute
    • ModifyImageAttribute
  • ASG Events that are subscribed to:
    • CreateAutoScalingGroup
    • AttachInstances
    • UpdateAutoScalingGroup
    • DeleteAutoScalingGroup
    • DetachInstances
APIDestination EventBridge API destinations are HTTP endpoints that you can invoke as the target of a rule. The target for the CBInventoryRule and the CBInventoryCloudTrailRule is the Carbon Black Public Cloud service.
CBInventoryApiConnection The Carbon Black Public Cloud API is secured and needs an authorization header to be called by the API destination. To achieve this, you must create a Connection resource. A Connection defines the authorization type and credentials you can use for authorization with the API destination HTTP endpoint.
IAM Role CBInventoryApiDestinationRole The IAM role is used by the CBInventoryRule and the CBInventoryCloudTrailRule. The IAM role gives access only to these rules to invoke the API Destination created above.
Secret CBInventoryApiKeySecret Stores the Carbon Black API key in the secret manager.