Automate deployment with AWS SSM
Do not continue with these steps if you have already deployed the Workload Security Agent using the Lambda automation. The WS Agent AWS SSM is an alternative deployment method.
Integrating the Workload Security Agent with AWS Systems Manager Distributor
AWS Systems Manager Distributor is a feature integrated with AWS Systems Manager that you can use to securely store and distribute software packages in your accounts. By integrating Workload Security with AWS Systems Manager Distributor, you can distribute Deep Security Agents across multiple platforms, control access to managed instances, and automate your deployments.
1. In the Cloud One Workload Security console.
- Click Support.
- Select Deployment Scripts.
1.1 Locate the 4 parameters described below:
Leave the default selections and scroll to the bottom of the bash script provided.
- Copy down the manager URL :
https://app.deepsecurity.trendmicro.com:443 - Copy down the activation URL:
dsm://agents.deepsecurity.trendmicro.com:443/ - Copy down the tenantID.
- Copy down the token.
2. Lets launch the stack to input parameters we collected from Cloud One for Parameter Store Systems Manager.
- Click on Next.
2.1 Lets input the parameters.
-
Input activation URL for dsActivationUrl Parameter
-
Input manager URL for dsManagerUrl Parameter
-
Input tenantID for dsTenantId Parameter
-
Input token for dsToken Parameter
2.2 Once the parameters are filled in, click on Next.
- Click on Next
- Click on Submit
- Please wait for the CloudFormation template to complete.
- Once the Cloudformation is complete, please navigate to System Manager- Parameter Store. Within Parameter Store we will see the four parameters that was created.
3. Verify your server fleet is now managed and has the appropriate security policy automatically assigned.
- Navigate to Cloud One - Workload Security.
- Click the Computers tab.
Here you get complete visibility into the server fleet status. (Optional) Even more information can be displayed by clicking columns.
Et voila, we just automated the deployment of multiple Workload Security Agents in our AWS environment 🤩 ☁️ 🤖 🚀