Scripts to deploy and activate the Deep Security agent via AWS Elastic Beanstalk.

This is a community project and while you will see contributions from the Deep Security team, there is no official Trend Micro support for this project. The official documentation for the Deep Security APIs is available from the Trend Micro Online Help Centre.

Tutorials, feature-specific help, and other information about Deep Security is available from the Deep Security Help Center.

For Deep Security specific issues, please use the regular Trend Micro support channels. For issues with the code in this repository, please open an issue here on GitHub.

To integrate Deep Security Agent into the AWS Elastic Beanstalk configuration:

1. Edit the Deep Security Agent AWS Elastic Beanstalk extension configuration file for your operating system to match your Deep Security deployment
2. Add the configuration file to the .ebextensions directory of your source bundle.
3. Re-deploy your application and your servers will automatically download the latest Agent and activate into the list of instances on the Computers page in Deep Security.

To configure the .ebextension for use with Deep Security as a Service, you will need to replace 3 items in the appropriate .ebextension. Each of these items is in the final command in the extension (the activation step for the Deep Security agent).

As seen in the Amazon Linux extension

command: '/opt/ds_agent/dsa_control -a dsm://agents.deepsecurity.trendmicro.com:443/ "tenantID:REPLACE-WITH-YOUR-TENANT-ID" "token:REPLACE-WITH-YOUR-TENANT-PASSWORD" "policyid:REPLACE-WITH-YOUR-POLICY-ID" --max-dsm-retries 0 >/tmp/dsa_control.log 2>&1'

1. "tenantID:REPLACE-WITH-YOUR-TENANT-ID"
2. "token:REPLACE-WITH-YOUR-TENANT-PASSWORD"
3. "policyid:REPLACE-WITH-YOUR-POLICY-ID"

You can find this information within the Deep Security Manager console under Support > Deployment Scripts. This dialog will allow you to create a customized deployment script that contains these values.

To configure the .ebextension for use with your own Deep Security deployment, you will need to replace 3 items in the appropriate .ebextension. These items is in the final command in the extension (the activation step for the Deep Security agent).

As seen in the Amazon Linux extension

commands:
  00download:
    command: 'wget https://REPLACE-WITH-YOUR-DSM-IP:4119/software/agent/amzn1/x86_64/ -O /tmp/agent.rpm --quiet --no-check-certificates`'
...
  03activate:
    command: '/opt/ds_agent/dsa_control -a dsm://REPLACE-WITH-YOUR-DSM-IP:4120/ "policyid:REPLACE-WITH-YOUR-POLICY-ID" --max-dsm-retries 0 >/tmp/dsa_control.log 2>&1'

1. in 00download:, https://REPLACE-WITH-YOUR-DSM-IP:4119
2. in 03activate:, dsm://REPLACE-WITH-YOUR-DSM-IP:4120/
3. in 03activate:, "policyid:REPLACE-WITH-YOUR-POLICY-ID"

You can find this information within the Deep Security Manager console under Support > Deployment Scripts. This dialog will allow you to create a customized deployment script that contains these values.