Bitdefender Security for AWS compatibility and requirements

Bitdefender Security for AWS is exclusively compatible and integrates with the Amazon Elastic Compute Cloud (Amazon EC2) web service. To use Bitdefender Security for AWS, you need an account on the GravityZone Cloud Control Center (Security Console) and to install BEST on each instance to be protected. You can obtain an account by registering here.

Control Center can be accessed from the following web browsers:

Internet connection is needed.

Bitdefender Security for AWS protects instances running one of the following operating systems:

For subscribing to Bitdefender Security for AWS as a direct customer, you must first have an active AWS account. As a best practice, it is strongly recommended that you create and use IAM user accounts associated to your AWS root account.

Moreover, make sure to use a production account where you will be charged by AWS on a monthly basis for using the Bitdefender service.

For details about subscribing to Bitdefender Security for AWS, refer to Subscribing to Bitdefender Security for Amazon Web Services in AWS Marketplace.

The Amazon EC2 integration in GravityZone is now based on cross-account access login. This procedure avoids sharing long-term AWS credentials, such as Access Key ID and Secret Access Key.

The Amazon EC2 integration procedure requires you to provide an ARN (Amazon Resource Name - unique identifier for AWS resources) associated with a role attached to your AWS user account.

It is recommended to set up the Amazon integration using an IAM user account created specifically for this purpose. The IAM user requires IAMFullAccess permission to be able to create the role required for the AWS integration in GravityZone.

Before starting to configure the AWS integration:

For details about integrating GravityZone with your Amazon EC2 instances, refer to Setting up the GravityZone integration with Amazon EC2 using a cross-account role.

Here are the ports that you need to add in Amazon Security Groups for ensuring proper communication between Bitdefender security agents, Security Servers and the Security Console.

Amazon EC2 security groups must allow inbound access to SSH and RDP during the BEST installation on instances. If you run firewall software on your instances, make sure to configure it to allow access to all of the previously specified ports.

The ports must be added also by users that have VPC instances in Amazon Web Services. Our recommendation is to add 0.0.0.0/0 as a source address but, if you require to allow traffic only for specific IP addresses, please contact Bitdefender customer support.