EC2 Instances

When creating an AWS integration with Cloudhouse Guardian (Guardian), you can choose to detect and add your EC2 instance(s) to Guardian for monitoring. The following topic describes how to configure your EC2 instance(s) in Guardian; what aspects of the EC2 instance you want to be scanned, how they should be scanned, and where that data should be stored. For more information on how to set up an AWS integration, see AWS Integration.

When detecting an EC2 instance via Guardian, you can choose to detect one or both of the following node types:

Node Types

Description
Instance nodes

This option detects any Windows or Linux nodes within your EC2 instance(s).

Configuration data nodes

This option detects the EC2 configuration data associated with the EC2 instance(s).

These nodes represent the EC2 virtual machine instance and its associated configuration. For more information on the differences between these nodes, see below.

AWS Integration

On the AWS Integration page, if the EC2 Instances checkbox is selected from the list of Check Things You Want To Detect checkboxes, the following options are displayed:

Option

Description

Detect EC2 Virtual Machines (e.g. the Windows/Linux VMs) checkbox

The option to detect the EC2 Virtual Machine (VM) instance, that is, the operating system and its associated components. For example, users, services and packages.

If selected, the Operating System column in the Detected tab (Inventory > Detected) displays any detected instance nodes as 'A type of Windows' or 'A type of Linux'.
Host name property drop-down list

The name of the AWS property that will be used to detect the nodes. Select an option from the drop-down list.
Linux Credentials drop-down

When scanning Linux nodes, provide your Linux credentials according to the following:

  • Linux Connection Manager Group drop-down list – The Connection Manager group that is responsible for scanning any non-Windows node(s) in your EC2 instance. Select a Connection Manager group from the drop-down list.

  • SSH Port (Optional) field – The Secure Shell (SSH) port number that the Linux Connection Manager uses to communicate with the target nodes for scanning.

    If you selected a Linux Connection Manager from the drop-down list above, enter the port number you are using. If no value is provided, Guardian will default to port 22.

    Note: If you enter a port number that is different to the default (port 22), make sure that it matches the port number that the administrator of the target node is using to run their SSH server.

  • Linux Credentials – Option to use a stored credential. Select an option from the Credentials drop-down list. Additionally, you can select 'Add New Credential' to display the Create Credential dialog if you anticipate using these same credentials for other nodes or integrations. For more information, see Create Credential.

    Note: This option is only available if you have the Credentials feature enabled. If you don't, you'll be prompted to enter a Username and Password for authentication.

If no value is provided, the nodes are added to the Detected tab, regardless of whether the Automatically start monitoring and scanning newly detected nodes checkbox is selected.

Windows Credentials drop-down

When scanning Windows nodes, provide your Windows credentials according to the following:

  • Windows Connection Manager drop-down list – The Connection Manager group that is responsible for scanning any Windows node(s) in your EC2 instance. Select a group from the drop-down list.

  • WinRM Port field – The default port for WinRM. Enter 5985 for HTTP-based connections, or 5986 for HTTPS/cert-based connections. If you are using non-standard ports for WinRM, enter them here.

  • Windows Credentials – Option to use a stored credential. Select an option from the Credentials drop-down list. Additionally, you can select 'Add New Credential' to display the Create Credential dialog if you anticipate using these same credentials for other nodes or integrations. For more information, see Create Credential.

    Note: This option is only available if you have the Credentials feature enabled. If you don't, you'll be prompted to enter a Username and Password for authentication.

If no value is provided, the nodes are added to the Detected tab, regardless of whether the Automatically start monitoring and scanning newly detected nodes checkbox is selected.

Detect EC2 Virtual Machines Configurations checkbox

The option to detect the EC2 configuration data associated with the EC2 instance. This option detects any security groups, policies, storage properties, load balancers, and other options attached to the AWS EC2 instance.

If selected, once the integration is created, any detected configuration data node(s) are displayed with 'Config' appended to its name and the OS type is 'AWS EC2 VM Configuration' to differentiate it from the associated instance. For example, 'Windows Server 2022 Config'.

Once the correct values have been set for the above fields, you can choose the Detection Options for your integration. By default, any detected nodes are displayed within the Detected tab of your Guardian instance, with the appended identifier attributed to that EC2 instance's node type.

If you choose to promote a detected node to the Monitored tab (Inventory > Monitored) for regular scanning, it will be automatically added to the corresponding dynamic node group. For example, configuration nodes are added to ‘AWS EC2 Virtual Machine Configuration’ node groups regardless of whether they are Windows or Linux.

Note: If a Windows node group is not present in your Guardian instance, it will be automatically created upon the addition of a monitored Windows node. For more information, see Node Groups.

However, if you choose to select the Automatically start monitoring and scanning newly detected nodes checkbox, all detected nodes are added to the Monitored tab. Here, they are automatically added to the corresponding Windows, Linux ,or AWS EC2 Virtual Machine Configuration node groups.

Once you have set the correct values for each of the EC2 options displayed, you can continue completing the options to add the AWS integration to the Integrations tab (Control > Integrations) of your Guardian instance.