How to set up Security-as-a-Service for AWS
Security-as-a-Service for Amazon Web Services (AWS) is a malware protection service developed by Bitdefender for Amazon Elastic Cloud Compute (EC2) environments. Built on Security for Virtualized Environments (SVE) by Bitdefender, an innovative and comprehensive solution designed specifically for virtualized environments, Security-as-a-Service for AWS protects Amazon EC2 instances running Windows or Linux operating systems.
This article provides you with instructions on how to set up Security-as-a-Service for AWS in your Amazon EC2 environment. It is useful to first get familiar with the Security-as-a-Service for AWS components (described in this KB article).
Before you start, check Security-as-a-Service for AWS compatibility and requirements and make sure to have the required Amazon security credentials at hand. You can find all necessary information in this KB article.
To set up Security-as-a-Service for AWS on your Amazon EC2 instances:
- Subscribe to the service.
- Access the Security-as-a-Service for AWS website and set up your account.
- Install Silent Agent on the instances you want to protect.
Step 1 – Subscribe to the Service
When subscribing, you are required to sign in to Amazon Payments and authorize payments to Bitdefender for your Security-as-a-Service for AWS subscription. You can try Security-as-a-Service for AWS free of charge for a period of 30 days. During the trial period, you can cancel your subscription at any time without incurring any charges.
To subscribe to Security-as-a-Service for AWS:
- Go to https://amazon.bitdefender.net/register.
Provide the required information to create your account.
Note: Your account login details will be sent to the provided address.
- Click Subscribe. You are automatically redirected to the Amazon Payments website to authorize payments to Bitdefender for your subscription.
- Sign in using your Amazon account.
- If needed, change the payment method and billing address.
- Click Confirm. Once you confirm the payment authorization, you are automatically redirected to the Security-as-a-Service for AWS login page.
You can log in and proceed to set up the service.
Check your email to find out your account login details. If you do not find the email with your account details in your Inbox, check the Spam and Junk/Trash folders. Another email has been sent to your Amazon email address to inform you about the payment authorization.
Step 2 – Set Up Your Company Account
Before you can use Security-as-a-Service for AWS, you must set up your company account, including integration with your Amazon Web Services (AWS) account.
To set up your company account:
- Go to the Security-as-a-Service for AWS website: https://amazon.bitdefender.net.
- Log in using the account details received by email after subscribing to the service.
- Read and confirm that you agree with the License Agreement. If you do not agree with these terms, you cannot use the service.
- Provide all the necessary information to configure your company account.
Under Account Details, you can change your company account details.
Note: It is recommended that you change your automatically generated password.
Under Virtualization, configure integration with your AWS account. Provide your Amazon access key ID and secret key so that Security Console can integrate with your AWS account.
Note: The Amazon Credentials button is unavailable until your Security Console company account is set up and synchronized with your AWS account. Amazon credentials are required for remote authentication and automatic deployment of Silent Agent on instances. More information is provided in the next section.
- Under Settings, configure the account settings according to your preferences.
- Click Submit.
Step 3 – Install Silent Agent on Instances
To protect instances with Security-as-a-Service for AWS, you must install Silent Agent (the client software) on each of them. Silent Agent manages protection on the local instance. It sends scan requests to the Security Virtual Appliance, which performs the actual scan. It also communicates with Security Console to receive the administrator's commands and to send the results of its actions.
Preparing for Silent Agent Installation
Prepare for Silent Agent installation as follows:
- Make sure the instances you want to protect run a supported operating system.
- Uninstall (not just disable) any existing antimalware software from instance. Running other security software simultaneously with Security-as-a-Service for AWS may affect their operation and cause major problems with the system.
- The installation requires administrative privileges. Make sure to have all the necessary credentials at hand (for example, the private keys of your Amazon EC2 key pairs).
- Configure the Amazon EC2 security groups to allow SSH and Remote Desktop Protocol access from your computer and SSH access from the Security Console instance.
- If you run firewall software on your instances, make sure to configure it to allow access to the Security-as-a-Service for AWS communication ports.
You connect to individual instances via a SSH or Remote Desktop client and use the installation link from Security Console to download and install Silent Agent locally.
To obtain the download links for the installation files:
- Connect to Security Console using your company account.
- Go to the Computers > Installation Areapage.
- Click Installation Link. The window that appears provides you with the download links for the Windows web installer and the Linux installation script.
Run the installation file using administrator/root privileges.
Remote Installation and Automatic Deployment
On instances running Linux operating systems, you can install Silent Agent remotely, from Security Console, or automatically, using Amazon EC2 tags. For any of these methods, you must first specify the remote authentication credentials:
- Connect to Security Console using your company account.
- Go to the Accounts > My Accountpage.
- Under Virtualization, click Amazon Credentials. You can view the list of key names imported from your AWS account and detailed information about them.
- For each key name, you must specify the private key and, if needed, complete the list of user names to authenticate with. To specify the necessary credentials, click the Edit icon in the Actioncolumn. You can either upload the Amazon private key file or insert its content in the text box. You can remove or add user names as needed.
Remote Installation. To remotely install Silent Agent from Security Console:
- Go to the Computers > View Computerspage. This page displays your Amazon EC2 instances.
- Click the Show menu located above the table (to the left) and choose Unmanaged Computers.
- Select the check boxes corresponding to the Linux instances on which you want to install protection. Use the menu under the OScolumn to filter instances by operating system.
- Click Tasks and choose Installfrom the menu.
- Click Install Silent Agent. A confirmation window informs you if the task has been created successfully.
You can view task execution status and results on the Computers > View Tasks page. Installation takes minutes to complete.
Automatic Deployment. Add the autodeployment tag to existing instances or to new instances (when you launch them) and Security Console automatically deploys Silent Agent on the tagged instances. The default details of the automatic deployment tag are:
Automatic deployment is completed within a few minutes after the tag has been added. Automatic deployment is performed in the background.
- Key: bitdefender
- Value: autodeploy