Steps for Deploying the Threat Stack Agent via Amazon AMI's

This document describes configuration steps for deploying the Threat Stack host-based Agent in your Amazon Machine Image (AMI) environment.

Agent 1.x Series

Do not run the cloudsight setup command as part of your Amazon Machine Image (AMI) build process. The cloudsight setup command registers the Agent with the Threat Stack service. This registration process assigns a custom token to the Agent. If you include the cloudsight setup command as part of your AMI build process, then the same Agent token will be included on every system deployed using that AMI. This means that multiple Agents will report as a single Agent in the Threat Stack Cloud Security PlatformⓇ.

To prevent an AMI from including a registered Agent, follow these steps:

  • As part of your AMI build process, install the Threat Stack Agent using the apt or yum process described in the Deploy the Threat Stack Agent article.

    Warning

    Do not install the Threat Stack Agent using curl as this registers the Agent.

  • Create the AMI.
  • When you deploy the AMI, as part of your node provisioning or as part of the Amazon User Data run the cloudsight setup --deploy-key=<your deploy key> command.
    • Replace <your deploy key> with your Threat Stack Agent deploy key. When your client boots up it registers and starts the Threat Stack Agent.
Agent 2.x Series

Do not run the tsagent setup command as part of your Amazon Machine Image (AMI) build process. The tsagent setup command registers the Agent with the Threat Stack service. This registration process assigns a custom token to the Agent. If you include the tsagent setup command as part of your AMI build process, then the same Agent token will be included on every system deployed using that AMI. This means that multiple Agents will report as a single Agent in the Threat Stack Cloud Security PlatformⓇ.

To prevent an AMI from including a registered Agent, follow these steps:

  • As part of your AMI build process, install the Threat Stack Agent using the apt or yum process described in the Deploy the Threat Stack Agent article.

    Warning

    Do not install the Threat Stack Agent using curl as this registers the Agent.

  • Create the AMI.
  • When you deploy the AMI, as part of your node provisioning or as part of the Amazon User Data run the tsagent setup --deploy-key=<your deploy key> command.
    • Replace <your deploy key> with your Threat Stack Agent deploy key. When your client boots up it registers and starts the Threat Stack Agent.
  • Run the systemctl disable threatstack command to ensure the Agent does not attempt to start upon boot up of the instance.
  • After running the tsagent setup command, update the User Data script to include the systemctl enable threatstack command.
    • This will ensure the Threat Stack Agent comes up upon subsequent boots.
Was this article helpful?
3 out of 3 found this helpful
Have more questions? Submit a request