Learn how to create an Amazon Machine Image (AMI) file of your Cortex XDR Broker virtual machine (VM).
After you download your Cortex XDR Broker VMDK image, you can convert the image to an Amazon Web Services (AWS) Amazon Machine Image (AMI) using the AWS CLI. The task below explains how to do this on Ubuntu Linux.
Danger
Download a Cortex XDR Broker VM VMDK image. For more information, see the virtual machine compatability requirements in Configure the Broker VM.
You need to set up an AWS VM Import role (
vmimport
) before you continue with the steps to convert the image as it is required for theimport-image
CLI command. You can use a different role, if the rolevmimport
doesn't exist or doesn't have the required permissions. For more information on setting up an AWS VM Import role and the permissions required, see Required service role.
To convert the image to AWS, perform the following procedures in the order listed below.
You need to log in using an AWS Identity and Access Management (IAM) user, where the permissions are defined in the IAM policy to use the virtual machine Import and export.
Log in to the AWS IAM Console, and in the navigation pane, select Access Management → Users → Add Users.
Select Access key - Programmatic access as the AWS credential type, and click Next: Permissions.
Select Attach Existing Policies directly → Create Policy,
In the JSON tab, copy and paste the following syntax to define the policy:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetBucketLocation", "s3:GetObject", "s3:PutObject" ], "Resource": ["arn:aws:s3:::mys3bucket","arn:aws:s3:::mys3bucket/*"] }, { "Effect": "Allow", "Action": [ "ec2:CancelConversionTask", "ec2:CancelExportTask", "ec2:CreateImage", "ec2:CreateInstanceExportTask", "ec2:CreateTags", "ec2:DescribeConversionTasks", "ec2:DescribeExportTasks", "ec2:DescribeExportImageTasks", "ec2:DescribeImages", "ec2:DescribeInstanceStatus", "ec2:DescribeInstances", "ec2:DescribeSnapshots", "ec2:DescribeTags", "ec2:ExportImage", "ec2:ImportInstance", "ec2:ImportVolume", "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances", "ec2:ImportImage", "ec2:ImportSnapshot", "ec2:DescribeImportImageTasks", "ec2:DescribeImportSnapshotTasks", "ec2:CancelImportTask" ], "Resource": "*" } ] }
Click Next until you can specify the Policy name, and then click Create Policy.
Select the policy that you created above based on the syntax you added.
Complete the user creation process.
After confirmation that the user is created, record the following user information, which you will need later.
User name
Access key ID
Secret access key
Install the AWS CLI and configure it with the IAM user that you created.
Login to the server with admin privilege and install the AWS CLI.
# sudo bash # apt install awscli
Run the following command to configure the AWS CLI:
# aws configure
You need to specify the proper configurations for the following:
AWS Access Key ID—The Access key ID for the IAM user you created.
AWS Secret Access Key—The Secret access key for the IAM user you created.
Default region name—The Region where you've defined the IAM user you created.
You are now ready to implement commands in the AWS CLI.
To create an AMI image, you need to download Broker VM VMDK file from the Cortex XDR Web Console, import this file to your S3 bucket, and then convert the VMDK file in the S3 bucket into an AMI Image.
In the Cortex XDR Web Console , select Settings → Configurations → Data Broker → Broker VMs → Add Broker → VMDK.
Download the VMDK file, such as
broker-vm-<broker-vm-version>.vmdk
, to you ubuntu computer.Navigate and log in to your AWS account.
In the AWS Console, navigate to Services → Storage → S3 → Buckets.
In the S3 buckets page, + Create bucket to upload your Broker VM image to this bucket.
Specify a unique name for the S3 bucket and use the default configurations.
Upload the Broker VM VMDK you downloaded from Cortex XDR to the AWS S3 bucket.
Run
# aws s3 cp ~/<path/to/broker-vm-version.vmdk> s3://<your_bucket/broker-vm-version.vmdk>
Prepare the following configurations files on your hard drive.
configuration.json
Run the following command in Ubuntu:
# vi configuration.json
Copy and paste the following syntax into the json file.
In S3Bucket, replace <your_bucket> with the Bucket Name and not its ARN Name. S3Key is the VMDK filename, which you should replace instead of <broker-vm-version.vmdk>.
[ { "Description":"Cortex XDR Broker VM <version>", "Format":"vmdk", "UserBucket":{ "S3Bucket":"<your_bucket>", "S3Key":"<broker-vm-version.vmdk>" } } ]
trust-policy.json
Run the following command in ubuntu:
# vi trust-policy.json
Copy and paste the following syntax into the json file.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "vmie.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals":{ "sts:Externalid": "vmimport" } } } ] }
role-policy.json
Run the following command in Ubuntu:
# vi role-policy.json
Copy and paste the following syntax into the json file. Replace the <disk-image-file-bucket> and <export-bucket> with the correct bucket name. You can specify * to configure access to all your S3 buckets.
{ "Version":"2012-10-17", "Statement":[ { "Effect": "Allow", "Action": [ "s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::<disk-image-file-bucket>", "arn:aws:s3:::<disk-image-file-bucket>/*" ] }, { "Effect": "Allow", "Action": [ "s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket", "s3:PutObject", "s3:GetBucketAcl" ], "Resource": [ "arn:aws:s3:::<export-bucket>", "arn:aws:s3:::<export-bucket>/*" ] }, { "Effect": "Allow", "Action": [ "ec2:ModifySnapshotAttribute", "ec2:CopySnapshot", "ec2:RegisterImage", "ec2:Describe*" ], "Resource": "*" } ] }
Use the
create-role
command to create a role namedvmimport
and grant VM import and export access to thetrust-policy.json
file.# aws iam create-role --role-name vmimport --assume-role-policy-document "file://trust-policy.json"
Use the
put-role-policy
command to attach the policy to thevmimport
role created above.# aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document "file:// role-policy.json"
Create an AMI image from the VMDK file.
Run
# aws ec2 import-image --description "Cortex XDR Broker VM <Version>" --disk-containers "file://configuration.json"
Note
Creating an AMI image can take up to 60 minutes to complete.
To track the progress, use the
task id
value from the output and run:# aws ec2 describe-import-image-tasks --import-task-ids import-ami-<task-id>
Completed status output example:
{ "ImportImageTasks":[ { "...", "SnapshotDetails":[ { "Description":"Broker VM version", "DeviceName":"/dev/<name>", "DiskImageSize":2976817664.0, "Format":"VMDK", "SnapshotId":"snap-1234567890", "Status":"completed", "UserBucket":{ "S3Bucket":"broker-vm", "S3Key":"broker-vm-<version>.vmdk" } } ], "Status":"completed", "..." } ]}
Once the task is complete, the AMI Image is ready for use.
(Optional) After the AMI image has been created, you can define a new name for the image.
Select Services → EC2 → IMAGES → AMIs and locate your AMI image using the task ID. Select the pencil icon to specify a new name.
You can launch the a Broker VM instance in AWS EC2 using the AMI Image created.
Important
A t2.medium (4GB RAM) is the lowest machine type that can be used as an instance type. Usually, the lowest machine type is sufficient with the Local Agent Settings applet. Yet, when enabling more applets, 8 GB is required.
To view the AMI image that you added, select Services → EC2 → Images → AMIs.
Select EC2 → Instances, and click Launch instances to create an instance of the AMI image.
In the Launch Instance Wizard define the instance according to your company requirements and Launch.
(Optional) In the Instances page, locate your instance and use the pencil icon to rename the instance Name.
Define HTTPS and SSH access to your instance.
Right-click your instance, and select Networking → Change Security Groups.
In the Change Security Groups pop-up, select HTTPS to be able to access the Broker VM Web UI, and SSH to allow for remote access when troubleshooting. Make sure to allow these connections to the Broker VM from secure networks only.
Note
Assigning security groups can take up to 15 minutes.
Verify the Broker VM has started correctly.
Locate your instance, right-click, and select Instance Settings → Get Instance Screenshot.
You are directed to your Broker VM console listing your Broker details.
Registration of the Broker VM to Cortex XDR is performed from the Broker VM Web Console.
Obtain a registration token from the Cortex XDR Web Console by selecting Settings → Configurations → Data Broker → Broker VMs → Add Broker → Generate Token.
Determine the IP Address of the EC2 instance and use it to open the Broker VM Web Console, such as
https://<ip_address>
.Complete the registration process by entering the token information.