Protect EC2 instances with Deep Security as a Service

Applies to Deep Security as a Service only

To protect your Amazon Web Services (AWS) EC2 instances with Deep Security as a Service:

  1. Modify your AWS security group to allow port 443 outbound traffic.
  2. Add your AWS cloud account to Deep Security.
  3. Deploy Deep Security Agents to your EC2 instances.

    Deep Security Agent is designed to protect servers, not laptops.
    To protect AWS WorkSpaces virtual desktop infrastructure (VDI) workstations, add the “Plus” application bundle instead. It includes Trend Micro Worry-Free Business Security.

Modify your AWS security group to allow port 443 outbound traffic

If you have AWS security groups or firewall policies that restrict outbound traffic from your EC2 instances, you must allow outbound communication over port 443.

  1. Log in to your Amazon Web Services Console.
  2. Go to EC2 > Network & Security > Security Groups.
  3. Select the security group that is associated with your EC2 instances, then select Actions > Edit outbound rules.
  4. Allow outbound traffic to Deep Security as a Service IP addresses over port 443.

Add your AWS cloud account to Deep Security

This adds your EC2 instances to Deep Security, and creates a cross-account role for Deep Security.

If you already added some EC2 instances that belong to this AWS account, and you follow these steps, Deep Security will move the EC2 instances under the AWS account in the navigation tree on Computers.

  1. Log in to Deep Security as a Service.
  2. Go to Computers.
  3. Select Add > Add AWS Account.
  4. On the Setup Type screen of the wizard, select Quick.
  5. The next screen describes what will happen during the setup process, and provides a URL that you can send to your AWS administrator if you do not have access to AWS. Click Next.
  6. If you have not already logged into your AWS account, the wizard prompts you to log in.
  7. On the Select Template screen, in Source, keep the default Amazon S3 template URL for Deep Security (https://ds-cloud-formation-templates.s3.amazonaws.com/). Click Next. select CloudFormation template
  8. On the Specify Details screen, type a name for the AWS CloudFormation stack that will be used to group your EC2 resources for Deep Security. Click Next.
  9. If your organization uses tags, on the Options screen, add them. Click Next.
  10. On the Review screen, select I acknowledge that this template might cause AWS CloudFormation to create IAM resources, and then click Create.

    When the cross-account role is created and the account has been set up, a success message will appear. You don't need to wait; you can close the wizard before the success message appears. All of your account's EC2 instances will appear in Deep Security Manager on Computers, organized by region, VPC, and subnet.

    If your account doesn't appear in Deep Security Manager within 10 minutes, or if an error message appears, see Issues adding your AWS account to Deep Security.

Deploy Deep Security Agents to your EC2 instances

  1. In Deep Security Manager, in the top right corner, select Support > Deployment Scripts.

    As you select settings, the deployment script generator will generate a corresponding script (PowerShell for Windows, bash for Linux), that you will run on your Deep Security instance.

  2. Select the Platform to which you are deploying the software.
  3. Select Activate Agent automatically after installation.
  4. Select a Policy based on the operating system to which you will be deploying the Agent(s).
  5. Keep defaults for other settings.
  6. Copy the deployment script.
  7. In your EC2 instances, paste and run the script.

    The script will download, install, and activate a Deep Security Agent on your EC2 instance, and then apply the Deep Security protection policy that you selected.

    Windows

    1. Connect to your Windows instance via RDP.
    2. Right-click the PowerShell icon and select Run as Administrator.
    3. Paste the script into PowerShell and then run it.

    Linux

    1. Connect to your Linux instance via SSH.
    2. Start bash with sudo or as a superuser account such as root.

      sudo bash

    3. Paste the script into the CLI and then run it.
  8. In Deep Security Manager, go to Computers. In the row for your EC2 instance, verify that the Status column is "Managed (Online)" or that it is managed and an activity is occurring, and that a policy is assigned.