How to perform an unattended Spyderbat Nano Agent installation on AWS
In this walkthrough, we’ll show how you can install the Spyderbat Nano Agent automatically when an AWS EC2 instance is created - this can be useful particularly for ephemeral instances, such as when leveraging AWS auto scaling groups for example. We’ll walk through creating an EC2 instance in the AWS console using the instance launch wizard, and leverage the ability to pass in user data at instance creation time - for more information about user data and cloud-init, see AWS docs here. For installing the Spyderbat Nano Agent in an attended fashion, see the walkthrough guide here.
Step by Step guide
1) The 1st step is to retrieve the command to install the agent for your organization - click on the “New Source” button in the sources section of the product for your organization
2) Once you click on this button, you should be launched into the agent installation wizard where you will be presented with a link to install the agent, let’s copy the “wget” version of the install command and save that to the notepad.
3) Now go to the AWS EC2 management console.
4) Go to Instances and use the Launch Instances wizard to request one or more instances.
5) Choose the desired AMI for the new instances and click Select.
6) Choose the desired instance type. Then click Configure Instance Details.
7) At the bottom of the “Configure Instance Details” screen, you will see an “Advanced Details” section with an input box for “User data”
8) In the user data field, we will enter a shell script to run the install command we copied to our notepad, similar to the below (for RedHat family distributions):
#!/bin/bash yum install -y wget lsof wget --quiet -O - https://orc.spyderbat.com/v1/reg/OMJBdOBVZvzFGEMLgQSt/script | /bin/sh
The 1st line indicates this is a bash shell script, the second line ensures the ‘wget’ and ‘lsof’ utilities are installed, and the 3rd line is the install command you copied from the installation wizard. Note that we have omitted “sudo -E” from the command we copied since the user data script is run as root when the instance boots. For Debian family based distributions, the following can be used:
#!/bin/bash apt install -y wget lsof wget --quiet -O - https://orc.spyderbat.com/v1/reg/OMJBdOBVZvzFGEMLgQSt/script | /bin/sh
9) Continue with the steps in the install wizard, or jump to Review and Launch if you are done.
10) When the instance is created in AWS, it should now download and install the agent as part of the boot sequence (for reference, the cloud-init output log file is created at /var/log/cloud-init-output.log on the created instance) - note you should ensure the instance(s) that are created have outbound access on port 443 to https://orc.spyderbat.com
11) Check the “sources” section of the Spyderbat and you should now see your new instance appear in your list of sources.
You can leverage the user data in a similar fashion when using other mechanisms to create AWS EC2 instances, for example when specifying a launch template for an Auto Scaling group.