Installing 3rd party software

bucketAV launches and terminates EC2 instances on-demand. In case you need to install 3rd party software, like security agents, doing so manually by logging into running EC2 instances is not an option. Use AWS Systems Managers as described in the following instead.

We do not recommend to install 3rd party software on the EC2 instances managed by bucketAV. Modifying the state of the EC2 instances comes with the risk of breaking all or parts of the functionality of bucketAV. We also offer only limited support in case you decide to install 3rd party software.

Configuring AWS Systems Manager State Manager (#)

Before you start, ensure that the configuration parameter SystemsManagerAccess is set to true. Depending on your use case, you might need to extend the IAM permissions for the EC2 instances as well. You could do so by adding the managed policy AmazonSSMManagedInstanceCore to the ManagedPolicyArns configuration parameter as well, for example.

Next, head to the AWS Systems Manager service and select State Manager from the sub navigation. Then, click the Create association button.

Configuring AWS Systems Manager State Manager: Step 1

Provide a name, bucketav for example. To run a short Shell script every time a new EC2 instance starts, search for and select the AWS-RunShellScript command.

Configuring AWS Systems Manager State Manager: Step 2

Configure the parameters for the document, for example, by providing the commands to execute.

Also, configure the target selection by using tags. We recommend selecting EC2 instances by the tag with key aws:cloudformation:stack-name and the name of bucketAV’s CloudFormation stack, which most likely is bucketav in case you followed our installation instructions closely.

Configuring AWS Systems Manager State Manager: Step 3

Select No schedule, which causes the State Manager to execute the document only once immediately after an EC2 instance was launched by bucketAV.

Then, click the Create Association button.

Configuring AWS Systems Manager State Manager: Step 4

After a while, the state of the association should change from Pending to Success. The configured document runs the Shell script on all EC2 instances launched by bucketAV.

Configuring AWS Systems Manager State Manager: Step 5

In case, bucketAV launches new instances in the future, the State Manager will apply the same changes to those instances as well.

Need more help?

Write us, and we'll get back to you as soon as we can.

Send us an email