Spyderbat
Book a DemoStart FreeContact Us
  • Spyderbat Product Docs
  • Getting Started
    • Create an Organization
    • Install the Nano Agent
    • Three Things to Try with Spyderbat Community Edition
    • Manage Users and Roles
  • Installation
    • Spyderbat Nano Agent
      • Kubernetes
        • Pre Deployment Environment Data Collection Script
      • Linux Standalone
      • AWS Unattended Install
        • Secure your Registration Code with AWS Secrets Manager
      • Create a Golden Image with the Nano Agent Pre-Installed
    • Spyderbat AWS Agent
      • AWS Linux VM
      • Kubernetes
      • Configuration Guide - AWS Linux VM
      • Configuration Guide - Kubernetes
    • Install Spyctl CLI
      • Initial Configuration
    • Install Spydertop CLI
    • Install the Spyderbat Event Forwarder
      • Helm Chart
      • Traditional Installer
  • Concepts
    • Guardian & Interceptor
      • Ruleset Policies
      • Workload Policies
    • Flashback (Go Back In Time)
      • Investigations
    • Search
      • Saved Searches
    • Summarize
      • Spydertrace Summarize
    • Dashboards
      • Dashboard Categories
    • Reports
    • Notifications
      • Notification Targets
      • Notification Templates
    • Actions
    • Integrations
      • AWS Integration
      • Spyderbat Event Forwarder
    • Suppression & Tuning
    • Scout (Detections)
      • Custom Flags
  • Tutorials
    • Flashback
      • How to Use the Investigations Feature in Spyderbat
    • Guardian
      • How to Lock Down Your Workloads With Guardian Policies Using Spyctl
      • How to Put Guardrails Around Your K8s Clusters Using Spyctl
    • Integrations
      • How to Configure Event Forwarder Webhook for Panther
      • How to Set Up Spyderbat to Ingest Falco Alerts
      • How to Create and Use a Spyderbat API Key
    • Notifications
      • How to Set Up Notifications Using Spyctl
      • How to Set up Agent-Health Notifications Using Spyctl
    • Dashboards
    • Miscellaneous
      • How to Set Up Spyderbat to Monitor Systems From vulnhub.com
    • Scout (Detections)
      • How to Set Up Custom Flags Using Spyctl CLI
  • Reference
    • Policies
      • Response Actions
    • Rulesets
    • Selectors
    • Notifications
    • Spyctl CLI
      • Spyctl Commands
      • Guardian Policy Management using Spyctl
      • Notification Template Management using Spyctl
      • Notification Target Management using Spyctl
    • Search
      • All Operators
      • All Fields
      • All Related Objects
  • Quick Links
    • Contact Us
    • Try Spyderbat for Free
    • Book a Demo
Powered by GitBook

© SPYDERBAT, Inc., All Rights Reserved

On this page
  • Prerequisites
  • Step-by-Step Deployment
  • Step 1: Launch an AWS VM
  • Step 2: Connect to the VM and Install Dependencies
  • Step 3: Install the Spyderbat AWS Agent
  • Step 4: Verify Integration
  • Managing the AWS Agent Service
  • Troubleshooting
  • Next Steps

Was this helpful?

Export as PDF
  1. Installation
  2. Spyderbat AWS Agent

AWS Linux VM

Automatic installation of the Spyderbat AWS Agent on an AWS EC2 instance

This guide provides detailed instructions on how to deploy the Spyderbat AWS Agent on an AWS Virtual Machine (VM). The AWS Agent runs as a systemd service on the VM to ensure continuous operation. Deploying the agent on an AWS VM gives you complete control over the environment and configuration, allowing you to integrate AWS context into the Spyderbat Platform.

Prerequisites

Before deploying the Spyderbat AWS Agent on an AWS VM, make sure you have the following prerequisites in place:

  1. Sudo Permissions: You will need sudo permissions to install the Spyderbat AWS Agent.

  2. Outbound Network Access: The system you’re installing Spyderbat's AWS Agent on should have outbound access on port 443 to https://orc.spyderbat.com.

  3. AWS Account: You need an AWS account with administrative access to create and configure resources. The VM must be launched within the AWS account that you wish to monitor.

  4. VM Instance Profile with Required IAM Role: The VM must have an instance profile attached that includes an IAM Role with the following permissions:

    • EC2: ec2:Describe*

    • EKS: eks:List*, eks:Describe*

    • IAM Roles and Policies: iam:Get*, iam:List*, iam:Put*

    • ECR: ecr:Describe*, ecr:List*, ecr:Get*

    • STS: sts:AssumeRole, sts:AssumeRoleWithWebIdentity

    • Secrets Manager (Optional): Access to the ARN of the configured secret for the registration key.

Here is an example permissions policy that can be used when creating the role

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Effect": "Allow",
			"Action": [
				"ec2:Describe*",
				"eks:List*",
				"eks:Describe*",
				"organizations:ListDelegatedAdministrators",
				"organizations:DescribeOrganization",
				"organizations:DescribeOrganizationalUnit",
				"organizations:DescribeAccount",
				"organizations:ListAWSServiceAccessForOrganization",
				"iam:Get*",
				"iam:List*",
 				"iam:Put*",
				"ecr:Describe*",
				"ecr:List*",
				"ecr:Get*"
			],
			"Resource": "*"
		}
	]
}

Step-by-Step Deployment

Step 1: Launch an AWS VM

Launch an AWS VM within the AWS account you wish to monitor. The instance should be configured with the following settings:

  • Amazon Machine Image (AMI): Use an AMI that supports Linux (e.g., Amazon Linux 2, Ubuntu).

  • Instance Type: Choose an instance type suitable for your workload (e.g., t3.medium).

  • Network Settings: Ensure the instance has access to the internet or appropriate VPC configuration for accessing AWS APIs.

  • IAM Role: Attach the IAM Role created earlier with the required permissions.

  • Configure storage and other instance details as needed.

Step 2: Connect to the VM and Install Dependencies

Step 3: Install the Spyderbat AWS Agent

  • Log in to the Spyderbat UI

  • Navigate to the Sources menu (top left)

  • Click on the Add Source button, and select Install AWS Agent

This will bring you to the following screen:

The agent installation command is obtained from the Spyderbat UI that you can execute on the VM. Click on the tab 'curl' there, and then the command below will be provided that you can paste. If you do not have Curl installed on your system, select the 'wget' tab to copy this command instead. Then use that in the VM to install the agent.

Here's how the curl command will look like

curl --retry 5 https://orc.spyderbat.com/v1/reg/<registration-key>/script?agentType=aws_agent -o installSpyderbatAws.sh
sudo -E /bin/sh ./installSpyderbatAws.sh

Now execute this script on the AWS VM.

Step 4: Verify Integration

The CLI and UI both provide you with feedback on the process. In the UI, check marks of the install progress will be displayed. Once the Spyderbat AWS Agent is installed, registers with Spyderbat, and is transmitting data, you will see that the agent was installed successfully both in your terminal and in the Spyderbat UI.

Managing the AWS Agent Service

The Spyderbat AWS Agent runs as a systemd service (aws_agent.service) on the VM. You can use the following commands to manage the AWS Agent service:

  • Check Service Status:

    sudo systemctl status aws_agent.service
  • Start the Service:

    sudo systemctl start aws_agent.service
  • Stop the Service:

    sudo systemctl stop aws_agent.service
  • Restart the Service:

    sudo systemctl restart aws_agent.service
  • View Service Logs:

    sudo journalctl -u aws_agent.service

Troubleshooting

  • Agent Logs: Check the agent logs using the following command:

    sudo journalctl -u aws_agent.service
  • Permission Issues: Ensure the IAM Role attached to the VM has the correct permissions as listed in the prerequisites.

  • Network Connectivity: Verify that the VM has access to the internet or the required VPC endpoints to communicate with AWS services.

Next Steps

  • Once the AWS Agent is successfully deployed and integrated, you can proceed to use the spyderbat platform to monitor and investigate your assets.

Last updated 4 days ago

Was this helpful?

Install Docker by following the official .

The AWS Agents behavior can be customized using a configuration file. For more details on advanced configuration of the agent, consult they

Docker installation guide
Spyderbat AWS Agent Configuration Guide
Add AWS Agent Source
AWS VM Curl Install