Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Install a CWPP Agent Using AWS User Data

After the POP deployment is completed successfully and all the services are installed properly then agent deployment process can be done on an autoscaling instance or an EC2 instance created in the proper region. 

Before installation, verify the following:

  • Validate the options provided to the installation script 

  • Check permission for Installation, Space requirements, and Platform support 

  • DXL (Data eXchange Layer) Configuration files are downloaded from the CICD (Continuous Integration and Continuous Delivery) Service that the Installer Binary will use to communicate with the DXL Broker hosted in the POP. 

  • Installer binary is downloaded from the CICD Service 
    curl -o install.sh --cacert ca-cicd.crt --key cicd-client.key --cert cicd-client.crt https://cwpp-cicd.cwpp.skyhigh:8080/cwpp/cicd/v1/agent-installer/linux/pkg   (more details in section Install a CWPP Agent via Command line on a VM)

  • Logs are saved locally and showed on the console and sent to the CICD Service.

Once the agent deployment is successful, validate if the same is reported to the POP in Skyhigh CASB in the Resources tab.

To install CWPP agents through user data:  

  1. Download the Client install package from the UI and extarct the file PoPCICDPackage.tar

  2. Copy the file PoPCICDPackage.tarto a S3 bucket accessible in your AWS account by the instance profile of the EC2 instance created here.

  3. In AWS, go to Create EC2 instance and initiate an instance creation.

  4. In the Configure Instance Details wizard, select an IAM Role that has EC2-ReadOnlyAccessToS3Buckets 

  5. An example script that takes the certificates and required files from an S3 bucket can be downloaded there:  InstallAgent.sh

  6. Adjust the script and update the path the the file PoPCICDPackage.tarin the user-data script

  7. Upload a custom user data script to install the agent automatically.

NOTE: Ensure that the AWS S3 location in the script contains a valid and accessible path to the file PoPCICDPackage.tar as on an accessible S3 bucket. You might need to adjust the settings for the instance profile to be able to access and download from the S3 bucket.

 

 

  1. Ensure that the agents have outbound connection access to the internet. This is required to download the required package is needed.

  2. Create the instance. 

Once the instance creation is done, as part of the instance creation the  script installs the CWPP agent. The installed agent will report to Skyhigh CASB and will be flagged as a managed instance.  

  • Was this article helpful?