Bake the Deep Security Agent into your AMI

The term “baking into an AMI” refers to the practice of installing preconfigured software onto the instance that your Amazon Machine Image (AMI) is based on. When doing this with the Deep Security Agent, we recommended that you preactivate the agent before you bake it into your AMI.

  1. Go to Administration > System Settings > Agents . Configure Deep Security Manager to allow agent-initiated activation, and to reactivate cloned and unknown agents.
  1. Install and activate a Deep Security Agent on the instance that you will use to create your AMI. You can also assign an initial policy.
  1. Create an AMI from your instance.

when you launch an instance based on this AMI, the Deep Security Agent will start. The agent will apply the protection policy assigned in your AMI until the first time it communicates with the Deep Security Manager. Then the agent will be reactivated, and the manager can assign a different policy at that time. See Automatically assign policies based on AWS EC2 instance tags.