Skip to main content

Use Packer to Create a Machine Image with an Installed Agent

You can use HashiCorp Packer to create a machine image with the Lacework agent pre-installed and configured. To learn more about HashiCorp Packer, see the Packer documentation.

Example Packer Template

The following example Packer template creates a machine image by remotely uploading and executing the Lacework ‘install.sh’ script on a staging instance before making the machine image available in your cloud console. You can customize the template for your environment or automate an alternative installation method using Packer.

For an overview of the Lacework agent installation script, see Lacework for Workload Security.

The following example template creates an Amazon Linux 2 AMI with the Lacework agent installed and running.

{
  "variables": {
    "aws_access_key": "{{env `AWS_ACCESS_KEY_ID`}}",
    "aws_secret_key": "{{env `AWS_SECRET_ACCESS_KEY`}}",
    "lacework_token": "{{env `LACEWORK_TOKEN`}}"
  },
  "builders": [
    {
      "type": "amazon-ebs",
      "access_key": "{{user `aws_access_key`}}",
      "secret_key": "{{user `aws_secret_key`}}",
      "region": "us-east-1",
      "source_ami_filter": {
      "filters": {
      "virtualization-type": "hvm",
      "name": "amzn2-ami-hvm-*",
      "root-device-type": "ebs"
    },
      "owners": ["amazon"],
      "most_recent": true
    },
      "instance_type": "t2.micro",
      "ssh_username": "ec2-user",
      "ami_name": "lacework {{timestamp}}"
    }
  ],
  "provisioners": [
    {
      "type": "shell",
      "inline": ["curl -sSL https://packages.lacework.net/install.sh | sudo bash -s -- {{user `lacework_token`}} -U Your_API_Endpoint"]
    }
  ]
}

To use this template:

  1. Install Packer.

  2. Create a template file called lacework.json.

  3. Add your credentials as environment variables.

    note

    You can find your Lacework Agent Access Token in the Lacework Console at Settings > Configuration > Agents. You can find and inspect the install.sh script in the same location under Install Options.

    export AWS_ACCESS_KEY_ID=YOUR_AWS_ACCESS_KEY
    export AWS_SECRET_ACCESS_KEY=YOUR_AWS_SECRET_KEY
    export LACEWORK_TOKEN=YOUR_LACEWORK_ACCESS_TOKEN
  4. Run Packer:

    packer build lacework.json
  5. In the AWS AMI console, an AMI named ‘lacework TIMESTAMP’ is displayed and ready for use.

note

The datacollector install script is idempotent.