Install Windows Agent with Packer

You can use HashiCorp Packer to create an Amazon Machine Image (AMI) with the Lacework agent pre-installed and configured.

Prerequisites

Install Packer on your machine. For details on how to install and provision Packer, see Install Packer.
Install the AWS CLI on your machine. For instructions, see Installing or updating the latest version of the AWS CLI.
Download the Packer for AWS script (packer.zip file) using the instructions in Download Windows Agent Installers to your machine.
Unzip the packer.zip file. The packer folder that is created contains the following folders and files:

   \config-json
            config.json
            install.ps1
            lacework-vars.pkrvars.hcl
            lacework.pkr.hcl
            variables.pkr.hcl
            winrm_bootstrap.txt
    \setting-token
            install-man.ps1
            lacework-vars.pkrvars.hcl
            lacework-without-config-json.pkr.hcl
            variables.pkr.hcl
            winrm_bootstrap.txt

Packer Build using Configuration File

This deployment uses the config.json agent configuration file to provision the Windows agent.

Prepare Files Required to Install Agent with Packer

The following sections describe the files that are required to configure the variables for your environment. You can modify the sample files in the config-json folder.

Prepare config.json File

Modify the config.json file in the config-json folder.

{
    "tokens": {
        "accesstoken":"<accessToken>"
    },
    "schemaversion": "0.6",
    "serverurl": "<serverURL>"
}

Where:

accessToken specifies your agent access token. For more information, see Obtain an Access Token for the Windows Agent.
serverUrl specifies your Lacework API server URL, either api.lacework.net (default), or aprodus2.agent.lacework.net (for US-02 (US)), api.fra.lacework.net (for European Union (EU)), or auprodn1.agent.lacework.net (for Australia and New Zealand (ANZ)).
note
The serverurl property is optional if your Lacework tenant is deployed in the US, but mandatory for non-US tenants.
- https://api.lacework.net - US (default)
- https://aprodus2.agent.lacework.net - US-02 (US)
- https://api.fra.lacework.net - European Union (EU)
- https://auprodn1.agent.lacework.net - Australia and New Zealand (ANZ)

By default, the agent is automatically upgraded when a new version is available. To disable automatic upgrade, see Upgrade the Windows Agent.

Prepare HCL Files

Modify the following HashiCorp Configuration Language (HCL) files in the config-json folder.

lacework-vars.pkrvars.hcl

region="<awsRegion>"
ami_name="<amiPrefixName>"
instance_type="<awsInstanceType>"

Where region specifies the AWS region, ami_namespecifies the name of the AMI built by Packer, and instance_type specifies the AWS EC2 instance type.

variables.pkr.hcl

AWS_ACCESS_KEY_ID="<awsAccessID>"
AWS_SECRET_ACCESS_KEY="<awsSecretKey>"

Where AWS_ACCESS_KEY_ID specifies your AWS access key ID and AWS_SECRET_ACCESS_KEY specifies your AWS secret access key.

Prepare Install PowerShell Script

Modify the install.ps1 PowerShell script in the config-json folder. This script runs the agent's MSI installer.

# Install Lacework Windows Agent
#

try {
  Write-Host "Downloading Lacework Windows Agent"
  Invoke-WebRequest -Uri "https://updates.lacework.net/windows/<ReleaseVersion>/LWDataCollector.msi" -OutFile LWDataCollector.msi

  Write-Host "Installing Lacework Windows Agent"
  $lacework = (Start-Process msiexec.exe -ArgumentList "/i","LWDataCollector.msi","CONFIGFILE=C:\config.json","/passive" -NoNewWindow -Wait -PassThru)
  if ($lacework.ExitCode -ne 0) {
    Write-Error "Error installing Lacework Windows Agent"
    exit 1
  }

}
catch
{
  Write-Error $_.Exception
  exit 1
}

Where:

Invoke-WebRequest -Uri "https://updates.lacework.net/windows/<ReleaseVersion>/LWDataCollector.msi" cmdlet specifies the URL for the Lacework Windows agent MSI package. To obtain the URL for the MSI package, do the following:
1. Follow the instructions in Download the Windows Agent Installer and click MSI Package.
2. Click Copy URL to obtain the URL for the MSI package.
3. Use the copied URL in the Invoke-WebRequest -Uri cmdlet.
CONFIGFILE specifies the location of the config.json file.

Run Packer to Build AMI

Install the Windows agent by running the following Packer command:

packer build -var-file=lacework-vars.pkrvars.hcl lacework.pkr.hcl

Packer Build without Configuration File

This deployment does not use an agent configuration file, but instead specifies the agent token and API endpoint in the install script.

Prepare Files Required to Install Agent with Packer

The following sections describe the files that are required file to configure the variables for your environment. You can modify the sample files in the setting-token folder.

Create HCL Files

Modify the following HashiCorp Configuration Language (HCL) files in the setting-token folder.

lacework-vars.pkrvars.hcl

region="<awsRegion>"
ami_name="<amiPrefixName>"
instance_type="<awsInstanceType>"

Where region specifies the AWS region, ami_namespecifies the name of the AMI built by Packer, and instance_type specifies the AWS instance type

variables.pkr.hcl

AWS_ACCESS_KEY_ID="<ACCESS_KEY_ID>"
AWS_SECRET_ACCESS_KEY="<SECRET_ACCESS_KEY>"

Where AWS_ACCESS_KEY_ID specifies your AWS access key ID and AWS_SECRET_ACCESS_KEY specifies your AWS secret access key.

Prepare Install PowerShell Script

Modify the install-man.ps1 PowerShell script in the setting-token folder. This script runs the agent's MSI installer.

# Install Lacework Windows Agent
#

try {
  Write-Host "Downloading Lacework Windows Agent"
  Invoke-WebRequest -Uri "https://updates.lacework.net/windows/<ReleaseVersion>/LWDataCollector.msi" -OutFile LWDataCollector.msi

  Write-Host "Installing Lacework Windows Agent"
  $lacework = (Start-Process msiexec.exe -ArgumentList "/i","LWDataCollector.msi","ACCESSTOKEN=<accessToken>", "SERVERURL=<serverURL>","/passive" -NoNewWindow -Wait -PassThru)
  if ($lacework.ExitCode -ne 0) {
    Write-Error "Error installing Lacework Windows Agent"
    exit 1
  }

}
catch
{
  Write-Error $_.Exception
  exit 1
}

Where:

Invoke-WebRequest -Uri "https://updates.lacework.net/windows/<ReleaseVersion>/LWDataCollector.msi" cmdlet specifies the URL for the Lacework Windows agent MSI package. To obtain the URL for the MSI package, do the following:
1. Follow the instructions in Download the Windows Agent Installer and click MSI Package.
2. Click Copy URL to obtain the URL for the MSI package.
3. Use the copied URL in the Invoke-WebRequest -Uri cmdlet.
ACCESSTOKEN specifies the access token for your agent. For more information, see Obtain an Access Token for the Windows Agent.
SERVERURL specifies your Lacework API server URL, either api.lacework.net (default), or aprodus2.agent.lacework.net (for US-02 (US)), api.fra.lacework.net (for European Union (EU)), or auprodn1.agent.lacework.net (for Australia and New Zealand (ANZ)).

Run Packer to Build AMI

Install the Windows agent by running the following Packer command:

packer build -var-file=lacework-vars.pkrvars.hcl lacework-without-config-json.pkr.hcl

Prerequisites​

Packer Build using Configuration File​

Prepare Files Required to Install Agent with Packer​

Prepare config.json File​

note

Prepare HCL Files​

Prepare Install PowerShell Script​

Run Packer to Build AMI​

Packer Build without Configuration File​

Prepare Files Required to Install Agent with Packer​

Create HCL Files​

Prepare Install PowerShell Script​

Run Packer to Build AMI​

Prerequisites

Packer Build using Configuration File

Prepare Files Required to Install Agent with Packer

Prepare config.json File

Prepare HCL Files

Prepare Install PowerShell Script

Run Packer to Build AMI

Packer Build without Configuration File

Prepare Files Required to Install Agent with Packer

Create HCL Files

Prepare Install PowerShell Script

Run Packer to Build AMI