This article discusses how to automatically protect a new instance of Amazon Web Services (AWS) running on Windows.
- Log in to the DSaaS management console.
- Go to the Help menu, and then click Deployment Scripts.
- On the script generator window, do the following:
- Select/enable the following:
- Agent (Recommended)
- Microsoft Windows (64 bit)
- Activate the Agent Automatically
- Specify a policy.
- Select/enable the following:
- Copy the generated script contents and save it as a local file in your disk.
- From the AWS management Console, initiate the Launch Instance dialog in the same region as before.
- Select an Amazon Machine Image (AMI).
In this example, Windows Server 2012 Base is selected.
- Select m1.medium as the Instance Type, and then click Next.
- Under the Advanced Details section, paste the deployment script on the User data field.
- Click Next.
- Leave the default storage settings, and then click Next.
- Provide the unique instance name, and then click Next.
- In the Security Group configuration page, select the Security Group that you created before.
- Go to the EC2 Instances view to verify that the status of instance is initializing.
- Proceed with the next step while waiting for the instance checks to complete.
- Log in to the Deep Security management console and go to the Computers tab.
- Right-click the Amazon account, and then on the left panel click Synchronize Now.
Wait until the account synchronization is complete and verify that the new AWS instance is visible.
- Use the Deep Security management console to monitor the automatic activation and policy assignment process for the new instance.
The newly provisioned Amazon instance should appear with status "Managed (Online)" and with the assigned Security profile.