As a cloud security admin, you can secure your AWS workloads (EC2 instances) at the time of rollout through sensor installation scripts for the AWS Userdata, Ansible, Chef, or Puppet configuration management tools.
You can log in to the EC2 instance and run the sensor installation script commands directly into that instance, but it is a time consuming process. For efficiency, use the
Carbon Black Cloud console to download the customized sensor install script and install it as part of the instance initialization.
Procedure
- On the navigation bar, click .
- In the AWS Workloads page, click the Sensor Options drop-down menu and select Download sensor install scripts.
The
Download Sensor Install Scripts window displays.
- Locate the OS version for your instance and use the Sensor Version drop-down menu to select the related sensor version to install.
These scripts are customized with pre-populated Org Keys and selected platform details.
- Click Download Scripts.
- Unzip the downloaded package.
The sensor installation folders are available for each of the configuration management tools.
If you select the aws-userdata folder, it contains one script for Unix-based platforms and one PowerShell script for Windows.
- Use the script that is relevant to your configuration management tool.
The following steps show how to create an EC2 instance with a Userdata script running as a part of the instance initialization.
- Click Launch instances in the AWS Management Console, select an IAM template, and select an instance type.
- Locate the option and upload the aws-userdata script As file.
- To tag your instance, go to Step 5: Add Tags and define the key-value pairs.
For example:
| Key |
Value |
| Name |
latestSensorInstalled |
| Priority |
P2 |
- Click .
The sensor installation starts as part of the instance initialization.
- Optional: Create Auto Scaling Groups using the same aws-userdata script for easier sensor installations in frequently used images.
Results
After the sensor installs, the instance displays on the
Enabled tab.
