Steps for Deploying the Threat Stack Agent via Amazon AMI's


If you are a customer who build's AMI's on Amazon (or any sort of system imaging), and are deploying the Threat Stack agent, it's important to note that you should _not_ run "cloudsight setup" as part of the AMI build process.  

Running "cloudsight setup" registers the node with the Threat Stack service, and when you deploy multiple systems from the same base AMI with a registered Threat Stack client, you could end up with multiple agents reporting as a single Agent in the UI.  This is because a custom token is created and assigned to each agent when it's registered via the "cloudsight setup" command.

The ideal steps to take when bundling the Threat Stack agent within an Amazon AMI are as follows.

1) As part of your AMI build process, install the threat stack agent via apt or yum (not via curl as that will register the agent)

2) Now that the agent is installed, the bits are on disk, don't `cloudsight setup` yet, create an AMI with this (and any other things you need)

3) When you deploy, as part of your node provisioning, or as part of the amazon user data execute the "cloudsight setup --deploy-key=<key>..."

4) This will then register the client at boot time and start the Threat Stack service.

Was this article helpful?
3 out of 3 found this helpful
Have more questions? Submit a request



Article is closed for comments.