Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update instuctions to run cloud scanner on ec2 #2306

Merged
merged 1 commit into from
Sep 16, 2024
Merged

update instuctions to run cloud scanner on ec2 #2306

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 46 additions & 1 deletion docs/docs/cloudscanner/aws.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -294,4 +294,49 @@ For maximum coverage, you can use both Cloud Scanner and local Sensor Agent comp
--namespace deepfence \
--create-namespace \
--version CLOUD_SCANNER_HELM_CHART_VERSION
```
```

## Cloud Scanner on EC2 instance using IAM Roles

:::info

**Pre-requisite:**
- Install docker and docker compose on the EC2 instance([refer docker documentation for installation instructions](https://docs.docker.com/engine/install/))
- If a existing EC2 instance is used, check if docker and docker compose plugins are installed on the EC2 instance
:::

### Single Account Cloud Scanner on EC2 instance using IAM Roles
1. Create the IAM role and instance profile for deepfence cloud scanner using the cloudformation script [deepfence-cloud-scanner-single-account-iam-role](https://us-east-1.console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://deepfence-public.s3.amazonaws.com/cloud-scanner/self-hosted/ec2/single-account-ec2-iam-role/deepfence-cloud-scanner-single-account-iam-role.template)
2. Note the instance profile from the cloudformation stack output
3. Modify the EC2 instance, add the instance profile created by cloudformation script
4. Create a directory **deepfence-cloud-scanner** and download docker-compose.yaml from the url
```
https://raw.githubusercontent.com/deepfence/cloud-scanner/main/docker-compose.yaml
```
```bash
mkdir deepfence-cloud-scanner && cd deepfence-cloud-scanner
wget https://raw.githubusercontent.com/deepfence/cloud-scanner/main/docker-compose.yaml
```
5. Update the account details and console details in the docker-compose.yaml
6. Start the cloud scanner using docker compose
```
docker compose up -d
```

### Organization Account Cloud Scanner on EC2 instance using IAM Roles
1. Create the IAM role and instance profile for deepfence cloud scanner using the cloudformation script [deepfence-cloud-scanner-organization-stackset-iam-role](https://us-east-1.console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://deepfence-public.s3.amazonaws.com/cloud-scanner/self-hosted/ec2/organization-ec2-iam-role/deepfence-cloud-scanner-organization-stackset-iam-role.template)
2. Note the instance profile from the cloudformation stack output
3. Modify the EC2 instance, add the instance profile created by cloudformation script
4. Create a directory **deepfence-cloud-scanner** and download docker-compose.yaml from the url
```
https://raw.githubusercontent.com/deepfence/cloud-scanner/main/docker-compose.yaml
```
```bash
mkdir deepfence-cloud-scanner && cd deepfence-cloud-scanner
wget https://raw.githubusercontent.com/deepfence/cloud-scanner/main/docker-compose.yaml
```
5. Update the organization account details and console details in the docker-compose.yaml
6. Start the cloud scanner using docker compose
```
docker compose up -d
```
Loading