AWS Linux VM
Automatic installation of the Spyderbat AWS Agent on an AWS EC2 instance
This guide provides detailed instructions on how to deploy the Spyderbat AWS Agent on an AWS Virtual Machine (VM). The AWS Agent runs as a systemd service on the VM to ensure continuous operation. Deploying the agent on an AWS VM gives you complete control over the environment and configuration, allowing you to integrate AWS context into the Spyderbat Platform.
Prerequisites
Before deploying the Spyderbat AWS Agent on an AWS VM, make sure you have the following prerequisites in place:
Sudo Permissions: You will need sudo permissions to install the Spyderbat AWS Agent.
Outbound Network Access: The system you’re installing Spyderbat's AWS Agent on should have outbound access on port 443 to
https://orc.spyderbat.com.AWS Account: You need an AWS account with administrative access to create and configure resources. The VM must be launched within the AWS account that you wish to monitor.
VM Instance Profile with Required IAM Role: The VM must have an instance profile attached that includes an IAM Role with the following permissions:
EC2:
ec2:Describe*EKS:
eks:List*,eks:Describe*IAM Roles and Policies:
iam:Get*,iam:List*,iam:Put*STS:
sts:AssumeRole,sts:AssumeRoleWithWebIdentitySecrets Manager (Optional): Access to the ARN of the configured secret for the registration key.
Step-by-Step Deployment
Step 1: Launch an AWS VM
Launch an AWS VM within the AWS account you wish to monitor. The instance should be configured with the following settings:
Amazon Machine Image (AMI): Use an AMI that supports Linux (e.g., Amazon Linux 2, Ubuntu).
Instance Type: Choose an instance type suitable for your workload (e.g.,
t3.medium).Network Settings: Ensure the instance has access to the internet or appropriate VPC configuration for accessing AWS APIs.
IAM Role: Attach the IAM Role created earlier with the required permissions.
Configure storage and other instance details as needed.
Step 2: Connect to the VM and Install Dependencies
Install Docker by following the official Docker installation guide.
Step 3: Install the Spyderbat AWS Agent
Log in to the Spyderbat UI
Navigate to the Sources menu (top left)
Click on the Add Source button, and select Install AWS Agent
This will bring you to the following screen:
The agent installation command is obtained from the Spyderbat UI that you can execute on the VM. Click on the tab 'curl' there, and then the command below will be provided that you can paste. If you do not have Curl installed on your system, select the 'wget' tab to copy this command instead. Then use that in the VM to install the agent.
Here's how the curl command will look like
Now execute this script on the AWS VM.
Step 4: Verify Integration
The CLI and UI both provide you with feedback on the process. In the UI, check marks of the install progress will be displayed. Once the Spyderbat AWS Agent is installed, registers with Spyderbat, and is transmitting data, you will see that the agent was installed successfully both in your terminal and in the Spyderbat UI.
Managing the AWS Agent Service
The Spyderbat AWS Agent runs as a systemd service (aws_agent.service) on the VM. You can use the following commands to manage the AWS Agent service:
Check Service Status:
Start the Service:
Stop the Service:
Restart the Service:
View Service Logs:
Troubleshooting
Agent Logs: Check the agent logs using the following command:
Permission Issues: Ensure the IAM Role attached to the VM has the correct permissions as listed in the prerequisites.
Network Connectivity: Verify that the VM has access to the internet or the required VPC endpoints to communicate with AWS services.
Next Steps
Once the AWS Agent is successfully deployed and integrated, you can proceed to use the spyderbat platform to monitor and investigate your assets.
The AWS Agents behavior can be customized using a configuration file. For more details on advanced configuration of the agent, consult they Spyderbat AWS Agent Configuration Guide
Last updated
Was this helpful?
