Build an AWS AMI

Instructions for creating an AMI

These instructions assume you’re using Amazon Linux 2, but can be adapted generically for other Amazon Machine Image (AMI)-compatible distributions.

1. Start an EC2 instance with your preferred setup.

2. Install dependent packages.
   For example: yum install -y redhat-lsb-core

3. Install the package.
   For example: rpm -i canary_forwarder-1.4.15.x86_64.rpm

4. Stop the cfsvcd service.
   For example: sudo systemctl stop cfsvcd or initctl stop cfsvcd

5. Copy the config.json file to /opt/redcanary/

   Note: Do not perform this step any earlier.

6. Confirm there is no state.json file in /opt/redcanary/. If there is, delete it.

7. Shut down the VM instance.

8. Create the AMI from the VM instance.

9. Using the AMI created in the preceding steps, launch as many VMs as needed.

Red Canary can show two different hostnames for an AMI-launched endpoint

Since AMI’s are clones of an EC2 Instance, some data may be cached for that VM. On startup, the agent aggressively uploads information about the endpoint to notify the platform of its installation. On initialization of the EC2 instance, the agent and hostname resolution face a race condition in which the agent may upload data before the hostname has been updated to the most recent one. This results in no material impact on the service we provide you.

Resetting the identifier if the cfsvcd service is running

You can reset the agent’s unique identifier by deleting the /opt/redcanary/state.json file.