Use Packer to Create a Machine Image with an Installed Agent
You can use HashiCorp Packer to create a machine image with the Lacework agent pre-installed and configured. To learn more about HashiCorp Packer, see the Packer documentation.
Example Packer Template
The following example Packer template creates a machine image by remotely uploading and executing the Lacework ‘install.sh’ script on a staging instance before making the machine image available in your cloud console. You can customize the template for your environment or automate an alternative installation method using Packer.
For an overview of the Lacework agent installation script, see Lacework for Workload Security.
The following example template creates an Amazon Linux 2 AMI with the Lacework agent installed and running.
{
"variables": {
"aws_access_key": "{{env `AWS_ACCESS_KEY_ID`}}",
"aws_secret_key": "{{env `AWS_SECRET_ACCESS_KEY`}}",
"lacework_token": "{{env `LACEWORK_TOKEN`}}"
},
"builders": [
{
"type": "amazon-ebs",
"access_key": "{{user `aws_access_key`}}",
"secret_key": "{{user `aws_secret_key`}}",
"region": "us-east-1",
"source_ami_filter": {
"filters": {
"virtualization-type": "hvm",
"name": "amzn2-ami-hvm-*",
"root-device-type": "ebs"
},
"owners": ["amazon"],
"most_recent": true
},
"instance_type": "t2.micro",
"ssh_username": "ec2-user",
"ami_name": "lacework {{timestamp}}"
}
],
"provisioners": [
{
"type": "shell",
"inline": ["curl -sSL https://packages.lacework.net/install.sh | sudo bash -s -- {{user `lacework_token`}} -U Your_API_Endpoint"]
}
]
}
To use this template:
Install Packer.
Create a template file called lacework.json.
Add your credentials as environment variables.
note
You can find your Lacework Agent Access Token in the Lacework Console at Settings > Configuration > Agents. You can find and inspect the install.sh script in the same location under Install Options.
export AWS_ACCESS_KEY_ID=YOUR_AWS_ACCESS_KEY
export AWS_SECRET_ACCESS_KEY=YOUR_AWS_SECRET_KEY
export LACEWORK_TOKEN=YOUR_LACEWORK_ACCESS_TOKENRun Packer:
packer build lacework.json
In the AWS AMI console, an AMI named ‘lacework TIMESTAMP’ is displayed and ready for use.
note
The datacollector install script is idempotent.