A CloudFormation (CFN) template describes your resources and dependencies so that you can run and configure them as a stack. You can run the AWS CFN template and create or update the CloudFormation stack by using either the AWS Management console or through the AWS Command Line Interface (AWS CLI).

To simplify creating the CloudFormation stack, Carbon Black Cloud provides a setup script that uses AWS CLI internally for running the CFN template.

You set up the script for each AWS region in the onboarded AWS account to stream events on management changes from your AWS account into the Carbon Black Cloud console. The setup script is a Bash/PowerShell script that uses a CloudFormation template describing the intended state of all the resources you must deploy in that AWS region. The stack implements and manages the outlined resources in the template as a single unit. For example, you can delete a collection of resources by deleting the stack. For more details, see Working with stacks.

Optionally, you can use AWS CloudShell to run the event setup script. The AWS CloudShell is a browser-based shell for interacting with your AWS resources directly from the AWS console. For details, see AWS CloudShell.

Prerequisites

  • Become familiar with the following possible values for the <ScriptURL> per onboarding environment.
    Linux Windows
    https://prod.cwp.carbonblack.io/public-cloud/us/aws/shell/setup-cbc-event-stream.sh https://prod.cwp.carbonblack.io/public-cloud/us/aws/powershell/setup-cbc-event-stream.ps1
    https://prod.cwp.carbonblack.io/public-cloud/ap/aws/shell/setup-cbc-event-stream.sh https://prod.cwp.carbonblack.io/public-cloud/ap/aws/powershell/setup-cbc-event-stream.ps1
    https://prod.cwp.carbonblack.io/public-cloud/eu/aws/shell/setup-cbc-event-stream.sh https://prod.cwp.carbonblack.io/public-cloud/eu/aws/powershell/setup-cbc-event-stream.ps1
    https://prod.cwp.carbonblack.io/public-cloud/au/aws/shell/setup-cbc-event-stream.sh https://prod.cwp.carbonblack.io/public-cloud/au/aws/powershell/setup-cbc-event-stream.ps
  • Set the following access level permission and assign it to the API Key for executing the event stream setup script.

    Defining the Public Cloud permissions in the Add Access Level page for running the event stream setup script.

    For more details, see Create Access Levels.

  • Retrieve your API Secret Key and API ID credentials. For more information, see Create and Manage an API Key.
  • Become familiar with installing the AWS CLI on your EC2 instance. For Linux installations, see Install or update to the latest version of the AWS CLI. For Windows installations, see Installing the AWS Tools for PowerShell on Windows.

Procedure

  1. Install and configure the AWS CLI on your EC2 instance.
  2. To download and run the bash script, issue the command:
    curl <ScriptURL> --output setup-cbc-event-stream.sh && bash setup-cbc-event-stream.sh --CBInventoryApiHost <APIHost> --CBInventoryOrgKey <OrgKey> --CBInventoryApiKey <API_Secret_Key>/<API_ID> --region <Comma separated AWS regions>

    The bash script takes the following parameters:

    Parameter Description
    ScriptURL The onboarding envirnment. For example, https://prod.cwp.carbonblack.io/public-cloud/us/aws/shell/setup-cbc-event-stream.sh in Linux or https://prod.cwp.carbonblack.io/public-cloud/us/aws/powershell/setup-cbc-event-stream.ps1 in Windows.

    For a full list of possible production environments, see the table in the Prerequisites section of this topic.

    CBInventoryApiHost The host for Carbon Black Public Cloud service. For example, defense-dev01.cbdtest.io.
    CBInventoryOrgKey Locate the org key in Carbon Black Cloud console by going to the > Settings > API Access > API Keys tab.
    CBInventoryApiKey The API Key, which is stored in the secret manager and is passed when sending the push notification to Carbon Black Cloud. For more details, see Create and Manage an API Key.
    Region Comma-separated AWS region IDs. Single and multiple regions are supported.
    The AWS services are set for the selected regions.