Deploy the Distributed Cloud AIP Agent via Amazon AMIs

This document describes configuration steps for deploying the F5 Distributed Cloud App Infrastructure Protection (AIP) host-based Agent in your Amazon Machine Image (AMI) environment.

Agent 3.x Series

Do not run the tsagent setup command as part of your Amazon Machine Image (AMI) build process. The tsagent setup command registers the Agent with the Distributed Cloud AIP service. This registration process assigns a custom token to the Agent. If you include the tsagent setup command as part of your AMI build process, then the same Agent token will be included on every system deployed using that AMI. This means that multiple Agents will report as a single Agent in Distributed Cloud AIP.

To prevent an AMI from including a registered Agent:

  1. Install the Distributed Cloud AIP Linux 3.x Series Agent using the appropriate instructions for your operating system (OS), but do not run the tsagent setup command.
  2. Run the following command to ensure the Agent does not attempt to start when you boot your instance:
    systemctl disable threatstack
  3. Make any other necessary configuration changes to your AMI.
  4. Save your AMI.
  5. When you deploy the AMI, as part of your node provisioning or as part of the Amazon User Data script run the following commands:
    sudo tsagent setup --deploy-key=<your deploy key> --ruleset="Base Rule Set" --hostname=`hostname`
    sudo systemctl enable threatstack
    sudo systemctl start threatstack
    Replace <your deploy key> with your Distributed Cloud AIP Linux 3.x series Agent deploy key. The Agent now registers and starts when your client boots.
Agent 2.x Series

Do not run the tsagent setup command as part of your Amazon Machine Image (AMI) build process. The tsagent setup command registers the Agent with the Distributed Cloud AIP service. This registration process assigns a custom token to the Agent. If you include the tsagent setup command as part of your AMI build process, then the same Agent token will be included on every system deployed using that AMI. This means that multiple Agents will report as a single Agent in Distributed Cloud AIP.

To prevent an AMI from including a registered Agent:

  1. Install the Distributed Cloud AIP Linux 2.x Series Agent using the appropriate instructions for your operating system (OS), but do not run the tsagent setup command.
  2. Run the following command to ensure the Agent does not attempt to start when you boot your instance:
    systemctl disable threatstack
  3. Make any other necessary configuration changes to your AMI.
  4. Save your AMI.
  5. When you deploy the AMI, as part of your node provisioning or as part of the Amazon User Data script run the following commands:
    sudo tsagent setup --deploy-key=<your deploy key> --ruleset="Base Rule Set" --hostname=`hostname`
    sudo systemctl enable threatstack
    sudo systemctl start threatstack
    Replace <your deploy key> with your Distributed Cloud AIP Linux 2.x series Agent deploy key. The Agent now registers and starts when your client boots.
Was this article helpful?
3 out of 3 found this helpful