These are AWS CloudFormation templates for TrendMicro SecureCloud 3.5 agents. You can use these templates in AWS CloudFormation to automatically launch an ebs data disk encrypted instance on AWS. The disk encryption key is managed by TrendMicro SecureCloud Key Management Server.
- SecureCloud KMS login account with valid seats. (1 seat for 1 encryption disk)
- An AWS EC2 account that CloudFormation service and EC2 service are enabled.
- Download the latest template file archive from GitHub
- Login to AWS CloudFormation Console (you can switch to different region you like, to launch instances.)
- Click
"Create New Stack"
and input your desired stack name, for example: "my-securecloud-test-instance" - Click
"Upload a Template File"
,"Browse"
, choose a template file(platform) you have downloaded at Step 1. and click "Continue" - Input
"KeyPairName"
, the EC2 KeyPairs used to access EC2 instances. - Input
"PASSPHRASE"
, SecureCloud KMS Console -> Administration -> User Management -> Provision passphrase - Input
"ACCOUNTID"
, SecureCloud KMS Console -> Administration -> User Management -> Account ID - Input
"InstanceType"
, allowed types are "m1.small", "m1.medium", "m1.large", "m1.xlarge", "m2.xlarge", "m2.2xlarge", "m2.4xlarge", "c1.medium", "c1.xlarge". - Click "Continue".
- (Optional) Input a key/value pair for instance tag, for example: "Name/my-securecloud-test-instance-01"
- Click "Continue".
- Review your final settings for CloudFormation stack creation.
- Click "Continue" to lauch stack
- In CloudFomration Stacks management console, wait for stack creation to complet (about 5~10 mins).
- After creation complete, in SecureCloud KMS Console, you can see the updated ebs data disk information and the progress of encryption.
-
Why need to input KeyPairName?
This is the key-pair assigned to the newly instance that you lauched.details please refer Amazon EC2 Key Pairs doc
-
How can I change the ebs volume size or add more ebs volumes into the instance that can protected by SecureCloud?
You can modify the templeate to add more resources when creating CloudFormation stacks. You can add more deivce name and change the size. please noted, the DeviceName can't be duplicated.
"BlockDeviceMappings" : [ {"DeviceName" : "/dev/sdm", "Ebs" : { "VolumeSize" : "1" } }, {"DeviceName" : "/dev/sdn", "Ebs" : { "VolumeSize" : "2" } }, {"DeviceName" : "/dev/sdo", "Ebs" : { "VolumeSize" : "size_you_want"} }],
(Linux Only) When add more ebs volumes, we also need to modify "UserData" section for new disk partition, create filesystem and mount point.
"UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [ "#!/bin/bash\n", "(echo n;echo p;echo 1;echo;echo;echo w) | fdisk /dev/xvdm\n", "(echo n;echo p;echo 1;echo;echo;echo w) | fdisk /dev/xvdn\n", "(echo n;echo p;echo 1;echo;echo;echo w) | fdisk /dev/xvdo\n", "mkfs.ext3 /dev/xvdm1\n", "mkfs.ext3 /dev/xvdn1\n", "mkfs.ext3 /dev/xvdo1\n", "mkdir -p /securedisk/disk1\n", "mkdir -p /securedisk/disk2\n", "mkdir -p /securedisk/disk3\n", "mount /dev/xvdm1 /securedisk/disk1\n", "mount /dev/xvdn1 /securedisk/disk2\n", "mount /dev/xvdn1 /securedisk/disk3\n",
-
Can I use other AMI?
(Experimental!!) For RedHat CloudFormation templates, you can refer AWS RedHat AMI ID list and change your desired version/arch AMI ID. However, if you found CloudFormation not work in some specific AMI ID, please feel free report to us, we will try to figure it out, and to see if is there any thing we can improve in CloudFormation templates.
For other platforms and AMIs, there are still some testing need to be done. For example, the necessary packages, CloudFormation init helper version...etc. We will keep updating CloudFormation templates with more platforms and AMIs in the future.