Spyderbat
Book a DemoStart FreeContact Us
  • Spyderbat Product Docs
  • Getting Started
    • Create an Organization
    • Install the Nano Agent
    • Three Things to Try with Spyderbat Community Edition
    • Manage Users and Roles
  • Installation
    • Spyderbat Nano Agent
      • Kubernetes
        • Pre Deployment Environment Data Collection Script
      • Linux Standalone
      • AWS Unattended Install
        • Secure your Registration Code with AWS Secrets Manager
      • Create a Golden Image with the Nano Agent Pre-Installed
    • Spyderbat AWS Agent
      • AWS Linux VM
      • Kubernetes
      • Configuration Guide - AWS Linux VM
      • Configuration Guide - Kubernetes
    • Install Spyctl CLI
      • Initial Configuration
    • Install Spydertop CLI
    • Install the Spyderbat Event Forwarder
      • Helm Chart
      • Traditional Installer
  • Concepts
    • Guardian & Interceptor
      • Ruleset Policies
      • Workload Policies
    • Flashback (Go Back In Time)
      • Investigations
    • Search
      • Saved Searches
    • Summarize
      • Spydertrace Summarize
    • Dashboards
      • Dashboard Categories
    • Reports
    • Notifications
      • Notification Targets
      • Notification Templates
    • Actions
    • Integrations
      • AWS Integration
      • Spyderbat Event Forwarder
    • Suppression & Tuning
    • Scout (Detections)
      • Custom Flags
  • Tutorials
    • Flashback
      • How to Use the Investigations Feature in Spyderbat
    • Guardian
      • How to Lock Down Your Workloads With Guardian Policies Using Spyctl
      • How to Put Guardrails Around Your K8s Clusters Using Spyctl
    • Integrations
      • How to Configure Event Forwarder Webhook for Panther
      • How to Set Up Spyderbat to Ingest Falco Alerts
      • How to Create and Use a Spyderbat API Key
    • Notifications
      • How to Set Up Notifications Using Spyctl
      • How to Set up Agent-Health Notifications Using Spyctl
    • Dashboards
    • Miscellaneous
      • How to Set Up Spyderbat to Monitor Systems From vulnhub.com
    • Scout (Detections)
      • How to Set Up Custom Flags Using Spyctl CLI
  • Reference
    • Policies
      • Response Actions
    • Rulesets
    • Selectors
    • Notifications
    • Spyctl CLI
      • Spyctl Commands
      • Guardian Policy Management using Spyctl
      • Notification Template Management using Spyctl
      • Notification Target Management using Spyctl
    • Search
      • All Operators
      • All Fields
      • All Related Objects
  • Quick Links
    • Contact Us
    • Try Spyderbat for Free
    • Book a Demo
Powered by GitBook

© SPYDERBAT, Inc., All Rights Reserved

On this page
  • Permissions Required by the Spyderbat AWS Agent
  • Deployment Options for the AWS Agent
  • Getting Started with the AWS Agent

Was this helpful?

Export as PDF
  1. Installation

Spyderbat AWS Agent

Overview of the AWS Agent, deployment options and how to get started

Last updated 3 months ago

Was this helpful?

The Spyderbat AWS Agent enables AWS Context Integration in the Spyderbat Platform. This integration provides a comprehensive view of cloud assets and IAM configurations, enhancing the ability to detect and investigate potential security incidents.

For an overview of the AWS Agent and its role in the Spyderbat Platform, refer to the .

Permissions Required by the Spyderbat AWS Agent

To function effectively, the Spyderbat AWS Agent requires specific permissions to collect data from AWS APIs. Below are the key permissions grouped by AWS services:

  • EC2:

    • ec2:Describe*

  • EKS:

    • eks:List*

    • eks:Describe*

  • IAM Roles and Policies:

    • iam:Get*

    • iam:List*

    • iam:Put*

  • STS (Security Token Service):

    • sts:AssumeRole

    • sts:AssumeRoleWithWebIdentity

The agent also supports consuming configured secrets (registration key) in AWS Secrets Manager - which would require an extra permission to access the configured secret arn.

Permissions are configured using a custom AWS policy attached to the IAM Role that the AWS Agent assumes. How the agent assumes this role depends on the deployment options and is discussed in the more detailed deployment guides.

Deployment Options for the AWS Agent

Spyderbat offers multiple deployment options for the AWS Agent to suit different environments and requirements. Below are the currently available deployment methods:

  1. Hosted on an AWS VM: You can deploy the AWS Agent on a virtual machine within your AWS account. This option gives you full control over the agent and its environment.

  2. Hosted on a Kubernetes Cluster: The AWS Agent can be deployed as a Kubernetes pod within a cluster. This is suitable for users who want to integrate AWS context alongside their Kubernetes workloads.

For detailed installation instructions for each deployment option, refer to the respective guides:

Getting Started with the AWS Agent

To begin using the Spyderbat AWS Agent:

  1. Choose a Deployment Method: Decide whether to deploy the agent on an AWS VM, a Kubernetes cluster, or use the hosted option.

  2. Deploy the Agent: Follow the instructions in the relevant deployment guide to deploy the AWS Agent.

Once deployed, the agent will start collecting cloud context and feeding it to the Spyderbat Platform, where it can be used for enhanced visibility, detection, and investigation.

AWS Context integration page in the integration concepts section
AWS VM Deployment Guide
Kubernetes Deployment Guide