Install Windows Agent on AWS with Packer
You can use HashiCorp Packer to create an Amazon Machine Image (AMI) with the Lacework agent pre-installed and configured.
Prerequisites
- Install Packer on your machine. For details on how to install and provision Packer, see Install Packer.
- Install the AWS CLI on your machine. For instructions, see Installing or updating the latest version of the AWS CLI.
- Download the Packer for AWS script (packer.zip file) using the instructions in Download Windows Agent Installers to your machine.
- Unzip the packer.zip file. The packer folder that is created contains the following folders and files:
\config-json
config.json
install.ps1
lacework-vars.pkrvars.hcl
lacework.pkr.hcl
variables.pkr.hcl
winrm_bootstrap.txt
\setting-token
install-man.ps1
lacework-vars.pkrvars.hcl
lacework-without-config-json.pkr.hcl
variables.pkr.hcl
winrm_bootstrap.txt
Packer Build with Configuration File
This deployment uses the config.json agent configuration file to provision the Windows agent.
Prepare Files Required to Install Agent with Packer
The following sections describe the files that are required to configure the variables for your environment. You can modify the sample files in the config-json folder.
Prepare teh config.json File
Modify the config.json file in the config-json folder.
{
"tokens": {
"accesstoken":"<accessToken>"
},
"schemaversion": "0.6",
"serverurl": "<serverURL>"
}
Where:
accessTokenspecifies your agent access token. For more information, see Agent Access Token.serverUrlspecifies your Lacework agent server URL. For more information, see serverurl Property.
By default, the agent is automatically upgraded when a new version is available. To disable automatic upgrade, see Upgrade the Windows Agent.
Prepare the HCL Files
Modify the following HashiCorp Configuration Language (HCL) files in the config-json folder.
lacework-vars.pkrvars.hcl
region="<awsRegion>"
ami_name="<amiPrefixName>"
instance_type="<awsInstanceType>"
Where region specifies the AWS region, ami_namespecifies the name of the AMI built by Packer, and instance_type specifies the AWS EC2 instance type.
variables.pkr.hcl
AWS_ACCESS_KEY_ID="<awsAccessID>"
AWS_SECRET_ACCESS_KEY="<awsSecretKey>"
Where AWS_ACCESS_KEY_ID specifies your AWS access key ID and AWS_SECRET_ACCESS_KEY specifies your AWS secret access key.
Prepare the Install PowerShell Script
Modify the install.ps1 PowerShell script in the config-json folder. This script runs the agent's MSI installer.
# Install Lacework Windows Agent
#
try {
Write-Host "Downloading Lacework Windows Agent"
Invoke-WebRequest -Uri "https://updates.lacework.net/windows/<ReleaseVersion>/LWDataCollector.msi" -OutFile LWDataCollector.msi
Write-Host "Installing Lacework Windows Agent"
$lacework = (Start-Process msiexec.exe -ArgumentList "/i","LWDataCollector.msi","CONFIGFILE=C:\config.json","/passive" -NoNewWindow -Wait -PassThru)
if ($lacework.ExitCode -ne 0) {
Write-Error "Error installing Lacework Windows Agent"
exit 1
}
}
catch
{
Write-Error $_.Exception
exit 1
}
Where:
Invoke-WebRequest -Uri "https://updates.lacework.net/windows/<ReleaseVersion>/LWDataCollector.msi"cmdlet specifies the URL for the Lacework Windows agent MSI package. To obtain the URL for the MSI package, do the following:- Follow the instructions in Download the Windows Agent Installer and click MSI Package.
- Click Copy URL to obtain the URL for the MSI package.
- Use the copied URL in the
Invoke-WebRequest -Uricmdlet.
CONFIGFILEspecifies the location of the config.json file.
Run Packer to Build AMI
Install the Windows agent by running the following Packer command:
packer build -var-file=lacework-vars.pkrvars.hcl lacework.pkr.hcl
Packer Build without Configuration File
This deployment does not use an agent configuration file, but instead specifies the agent token and API endpoint in the install script.
Prepare Files Required to Install Agent with Packer
The following sections describe the files that are required file to configure the variables for your environment. You can modify the sample files in the setting-token folder.
Create the HCL Files
Modify the following HashiCorp Configuration Language (HCL) files in the setting-token folder.
lacework-vars.pkrvars.hcl
region="<awsRegion>"
ami_name="<amiPrefixName>"
instance_type="<awsInstanceType>"
Where region specifies the AWS region, ami_namespecifies the name of the AMI built by Packer, and instance_type specifies the AWS instance type
variables.pkr.hcl
AWS_ACCESS_KEY_ID="<ACCESS_KEY_ID>"
AWS_SECRET_ACCESS_KEY="<SECRET_ACCESS_KEY>"
Where AWS_ACCESS_KEY_ID specifies your AWS access key ID and AWS_SECRET_ACCESS_KEY specifies your AWS secret access key.
Prepare the Install PowerShell Script
Modify the install-man.ps1 PowerShell script in the setting-token folder. This script runs the agent's MSI installer.
# Install Lacework Windows Agent
#
try {
Write-Host "Downloading Lacework Windows Agent"
Invoke-WebRequest -Uri "https://updates.lacework.net/windows/<ReleaseVersion>/LWDataCollector.msi" -OutFile LWDataCollector.msi
Write-Host "Installing Lacework Windows Agent"
$lacework = (Start-Process msiexec.exe -ArgumentList "/i","LWDataCollector.msi","ACCESSTOKEN=<accessToken>", "SERVERURL=<serverURL>","/passive" -NoNewWindow -Wait -PassThru)
if ($lacework.ExitCode -ne 0) {
Write-Error "Error installing Lacework Windows Agent"
exit 1
}
}
catch
{
Write-Error $_.Exception
exit 1
}
Where:
Invoke-WebRequest -Uri "https://updates.lacework.net/windows/<ReleaseVersion>/LWDataCollector.msi"cmdlet specifies the URL for the Lacework Windows agent MSI package. To obtain the URL for the MSI package, do the following:- Follow the instructions in Download the Windows Agent Installer and click MSI Package.
- Click Copy URL to obtain the URL for the MSI package.
- Use the copied URL in the
Invoke-WebRequest -Uricmdlet.
ACCESSTOKENspecifies the access token for your agent. For more information, see Agent Access Token.SERVERURLspecifies your Lacework agent server URL. For more information, see serverurl Property.
Run Packer to Build AMI
Install the Windows agent by running the following Packer command:
packer build -var-file=lacework-vars.pkrvars.hcl lacework-without-config-json.pkr.hcl