Scripts to deploy and activate the Trend Micro Deep Security Agent via AWS Elastic Beanstalk.
Switch branches/tags
Nothing to show
Clone or download
melanie-jackson and nickwillan Update README.md
- Changed "tenantPassword" to "token" 
- Changed "Help > Deployment Scripts" to "Support > Deployment Scripts"
Latest commit 07f3c20 May 25, 2018

README.md

Deep Security for AWS Elastic Beanstalk

Scripts to deploy and activate the Deep Security agent via AWS Elastic Beanstalk.

Support

This is a community project and while you will see contributions from the Deep Security team, there is no official Trend Micro support for this project. The official documentation for the Deep Security APIs is available from the Trend Micro Online Help Centre.

Tutorials, feature-specific help, and other information about Deep Security is available from the Deep Security Help Center.

For Deep Security specific issues, please use the regular Trend Micro support channels. For issues with the code in this repository, please open an issue here on GitHub.

Usage

To integrate Deep Security Agent into the AWS Elastic Beanstalk configuration:

  1. Edit the Deep Security Agent AWS Elastic Beanstalk extension configuration file for your operating system to match your Deep Security deployment
  2. Add the configuration file to the .ebextensions directory of your source bundle.
  3. Re-deploy your application and your servers will automatically download the latest Agent and activate into the list of instances on the Computers page in Deep Security.

Using The .ebextension With Deep Security as a Service

To configure the .ebextension for use with Deep Security as a Service, you will need to replace 3 items in the appropriate .ebextension. Each of these items is in the final command in the extension (the activation step for the Deep Security agent).

As seen in the Amazon Linux extension

command: '/opt/ds_agent/dsa_control -a dsm://agents.deepsecurity.trendmicro.com:443/ "tenantID:REPLACE-WITH-YOUR-TENANT-ID" "token:REPLACE-WITH-YOUR-TENANT-PASSWORD" "policyid:REPLACE-WITH-YOUR-POLICY-ID" --max-dsm-retries 0 >/tmp/dsa_control.log 2>&1'

  1. "tenantID:REPLACE-WITH-YOUR-TENANT-ID"
  2. "token:REPLACE-WITH-YOUR-TENANT-PASSWORD"
  3. "policyid:REPLACE-WITH-YOUR-POLICY-ID"

You can find this information within the Deep Security Manager console under Support > Deployment Scripts. This dialog will allow you to create a customized deployment script that contains these values.

Using The .ebextension With Deep Security

To configure the .ebextension for use with your own Deep Security deployment, you will need to replace 3 items in the appropriate .ebextension. These items is in the final command in the extension (the activation step for the Deep Security agent).

As seen in the Amazon Linux extension

commands:
  00download:
    command: 'wget https://REPLACE-WITH-YOUR-DSM-IP:4119/software/agent/amzn1/x86_64/ -O /tmp/agent.rpm --quiet --no-check-certificates`'
...
  03activate:
    command: '/opt/ds_agent/dsa_control -a dsm://REPLACE-WITH-YOUR-DSM-IP:4120/ "policyid:REPLACE-WITH-YOUR-POLICY-ID" --max-dsm-retries 0 >/tmp/dsa_control.log 2>&1'
  1. in 00download:, https://REPLACE-WITH-YOUR-DSM-IP:4119
  2. in 03activate:, dsm://REPLACE-WITH-YOUR-DSM-IP:4120/
  3. in 03activate:, "policyid:REPLACE-WITH-YOUR-POLICY-ID"

You can find this information within the Deep Security Manager console under Support > Deployment Scripts. This dialog will allow you to create a customized deployment script that contains these values.