As a cloud security admin, you can secure your AWS workloads (EC2 instances) at the time of rollout through sensor installation scripts for the AWS Userdata, Ansible, Chef, or Puppet configuration management tools.

You can log in to the EC2 instance and run the sensor installation script commands directly into that instance but it is a more time consuming process. For more efficiency, use the Carbon Black Cloud console to download the customized sensor install script and install it as part of the instance initialization.

Procedure

  1. On the left navigation bar, select Inventory > Public Cloud > AWS.
  2. In the AWS Workloads page, click the Sensor Options drop-down menu, and select Download sensor install scripts.
    The Download Sensor Install Scripts windows displays.
  3. Locate the OS version for your instance and use the Sensor Version drop-down menu to select the related sensor version to install.
    These scripts are customized with pre-populated Org Keys and selected platform details.
  4. Click Download Scripts.
  5. After the package downloads, unzip it.
    You can see the installation folders for each of the configuration management tools.
  6. Open the cloud-platform-scripts > AWS folder.
  7. Create a virtual machine (VM) and use the sensor installation script (user_data_linux.sh for Linux VM or user_data_windows.ps1 for Windows VM) that is relevant to the configuration management tool in your environment.

    The following steps show how to create an EC2 instance with an userdata script running as a part of the instance initialization.

    1. Click Launch instances in the AWS Management Console, select an IAM template, and choose an instance type.
    2. Locate the Step 3: Confgure Instance Details > Advanced Details > User data option and upload the aws-userdata script As file.
    3. To tag your instance, navigate to Step 5: Add Tags and define the key-value pairs.
      For example:
      Key Value
      Name latestSensorInstalled
      Priority P2
    4. Click Launch > Launch Instance.
      The sensor installation through userdata script starts as part of the instance initialization.
  8. Optional. Create Auto Scaling Groups with the same userdata script for easier sensor installation in frequently used images.

Results

After the sensor installs, the instance displays on the Inventory > Public Cloud > AWS > Enabled tab in the Carbon Black Cloud console.