- 22 Mar 2024
- 1 Minute to read
- PDF
Build an AWS AMI
- Updated on 22 Mar 2024
- 1 Minute to read
- PDF
Instructions for creating an AMI
These instructions assume you’re using Amazon Linux 2, but can be adapted generically for other Amazon Machine Image (AMI)-compatible distributions.
Start an EC2 instance with your preferred setup.
Install dependent packages.
For example: yum install -y redhat-lsb-coreInstall the package.
For example: rpm -i canary_forwarder-1.4.15.x86_64.rpmStop the cfsvcd service.
For example: sudo systemctl stop cfsvcd or initctl stop cfsvcdCopy the config.json file to /opt/redcanary/
Note: Do not perform this step any earlier.
Confirm there is no state.json file in /opt/redcanary/. If there is, delete it.
Shut down the VM instance.
Create the AMI from the VM instance.
Using the AMI created in the preceding steps, launch as many VMs as needed.
Red Canary can show two different hostnames for an AMI-launched endpoint
Since AMI’s are clones of an EC2 Instance, some data may be cached for that VM. On startup, the agent aggressively uploads information about the endpoint to notify the platform of its installation. On initialization of the EC2 instance, the agent and hostname resolution face a race condition in which the agent may upload data before the hostname has been updated to the most recent one. This results in no material impact on the service we provide you.
Resetting the identifier if the cfsvcd service is running
You can reset the agent’s unique identifier by deleting the /opt/redcanary/state.json file.