Skip to content
/ AWS_Cloud_Agent_Bootstrap Public
forked from mkhanal1/AWS_Cloud_Agent_Bootstrap

Deploy Cloud Agent via AWS CloudWatch, Lambda & SSM Doc for Bootstrap in AWS Cloud

2 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Qualys-Public/AWS_Cloud_Agent_Bootstrap

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

41 Commits
Bootstrap.yml
Bootstrap.yml
 
 
Invoke-QCA.py
Invoke-QCA.py
 
 
README.md
README.md
 
 
eventfilters.png
eventfilters.png
 
 
eventsources.png
eventsources.png
 
 
eventtargets.png
eventtargets.png
 
 
parameters.png
parameters.png
 
 

Repository files navigation

AWS_Cloud_Agent_Bootstrap

Deploy Cloud Agent via use of CloudWatch,Lambda & AWS Systems Manager (AWS SSM) in AWS Cloud (Based on GARLC)

License

THIS SCRIPT IS PROVIDED TO YOU "AS IS." TO THE EXTENT PERMITTED BY LAW, QUALYS HEREBY DISCLAIMS ALL WARRANTIES AND LIABILITY FOR THE PROVISION OR USE OF THIS SCRIPT. IN NO EVENT SHALL THESE SCRIPTS BE DEEMED TO BE CLOUD SERVICES AS PROVIDED BY QUALYS

Description

Taking an inspiration from GARLC, we have built this tutorial to help you achieve a state where all your newly launched instances will have Qualys Cloud Agent(CA) installed. This tutorial makes use of following services:

  • AWS Lambda
  • Amazon EC2 Run Command
  • CloudWatch Events
  • S3 Bucket

Logic:

We start by creating a Rule that invokes an AWS Lambda function when any instance enters the “Running” state. The Lambda function will trigger the Run command on the instance to install Qualys Cloud Agent(CA).

Prerequisites:

EC2 instance has the AWS Systems Manager Agent (SSM agent) installed and has an IAM role that allows Run Command. For more information, refer to the following links:

Usage

Lambda

  1. Create a Lambda function named Invoke-QCA and copy the contents from the file. It performs the following tasks:

  • Checks whether the AWS Systems Manager Agent (SSM agent) is installed on the instance and has the instance assigned instance profile for SSM to run.

  • Builds the commands and send it to Run command via an API. It populates the parameters: ActivationID, CustomerID, AgentLocationWindows, AgentLocationDebian, AgentLocationRPM. Agents will be stored at S3 Bucket.

Note: Ensure that you insert the apt Input parameters titled “REPLACE_ME”.

Image

CloudWatch:

  1. Create a Rule in CloudWatch Events matching the event pattern that describes an instance’s state change to “running”. This can be done while creating a rule with Event Pattern and selecting Service Name as EC2 and Event Type as EC2 Instance State-change Notification as shown in the diagram. Select Specific state(s) and select running. Select the previously created Lambda function as your target.

eventsources|100x100,30%

eventfilters|100x100,30%

eventtargets |100x100,30%

NOTE: The cloudformation template named "Bootstrap.yml" is uploaded in the same folder and can be used to deploy this setup.

About

Deploy Cloud Agent via AWS CloudWatch, Lambda & SSM Doc for Bootstrap in AWS Cloud

Topics

aws lambda-functions cloudwatch-events ssm-document cloudagent

Resources

Readme
Activity
Custom properties

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%