Skip to content
/ aws-elastic-beanstalk-integration Public

A repo with steps and examples of how to deploy the Falcon sensor in AWS Elastic Beanstalk

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

CrowdStrike/aws-elastic-beanstalk-integration

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
.ebextensions
.ebextensions
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
application.py
application.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

CrowdStrike logo

CrowdStrike Falcon Elastic Beanstalk Deployment

This repository contains a sample AWS Elasticbeanstalk application to help illustrate how to deploy the Falcon sensor on your Elastic Beanstalk compute resources.

The recommended way is to use use an ebextension to deploy the Falcon sensor, but there are two other methods described at the bottom of this readme you can also utilize.

Table of Contents

ebextensions (Recommended)

Configuration

  1. First, add the Falcon client id and secret to Secrets Manager.

  2. Create a scripts folder. In the script folder, create the following file.

scripts/install_falcon.sh

#!/bin/bash

export FALCON_CLIENT_ID="$(aws secretsmanager get-secret-value --secret-id "$SECRET_ID" --query SecretString --output text | jq -r .FALCON_CLIENT_ID)"
export FALCON_CLIENT_SECRET="$(aws secretsmanager get-secret-value --secret-id "$SECRET_ID" --query SecretString --output text | jq -r .FALCON_CLIENT_SECRET)"

curl -L https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.7.1/bash/install/falcon-linux-install.sh | bash

Note

This script retrieves the Falcon credentials from secrets manager, and installs the sensor using the linux script from the falcon-scripts repository.

  1. Create a .ebextensions directory in the root of the application package. Within this folder, create the following files.

.ebextensions/secrets_manager.config

option_settings:
  aws:elasticbeanstalk:application:environment:
    SECRET_ID: <secret name>

Tip

Remember to change <secret name> to your actual secret name

Note

This config will ensure the secret name is exported as an environment variable.

.ebextensions/falcon.config

container_commands:
  01_falcon:
    command: "sh scripts/install_falcon.sh"

Note

This config will execute the falcon install script we previously created at runtime.

Deploying the example application

Prerequisites

  • Have a current CrowdStrike Subscription
  • Have appropriate AWS permissions to run CloudFormation and create resources
  • Generate Falcon API credentials (Client ID and Client Secret)
  • Ensure you have the aws-elasticbeanstalk-service-role deployed in your AWS account

Deployment steps

Step 1: Store Falcon credentials

  1. Open the AWS console ans navigate to Secrets Manager.

  2. Click on Store a new secret.

  3. Under Secret type Choose Other type of secret

  4. Create an entry for FALCON_CLIENT_ID and FALCON_CLIENT_SECRET with their respective values

  5. Under Secret Name enter ebs/falcon/credentials

  6. Click Next -> Next -> Store

Step 2: Create a key-pair

Note

If you already have a key pair you want to use, feel free to skip this step

  1. In the AWS Console, navigate to EC2

  2. Under Network and security click Key Pairs

  3. Click Create key pair

  4. Give your key pair a suitable name.

  5. Click Create key pair as save your key to a secure location.

Step 3: Create an Instance profile

  1. Navigate to IAM in the AWS console.

  2. Click Roles and Create role

  3. Under Select trusted entity choose AWS Service

  4. Under Use case choose EC2 then click Next

  5. Select the AWSElasticBeanstalkWebTier and SecretsManagerReadWrite managed policies. Click Next

  6. Give your role a name then click Create role

Step 4: Create Elastic Beanstalk Environment

  1. Navigate to Elastic Beanstalk in the AWS Console Click on Create environment
  • Configure Environment
    • Choose the following values
      • Environment tier: Web server environment
      • Application Name: CSHelloWorld
      • Platform: Python
      • Platform branch: Python 3.12
      • Platform version: 4.3.1(Recommended)
    • Click Next
  • Configure service access
    • For Existing service roles choose aws-elasticbeanstalk-service-role
    • For EC2 key pair, choose the key pair we created earlier
    • For EC2 instance profile choose the instance profile we created earlier
    • Click Next until you arrive at Configure instance traffic and scaling
  • Configure instance traffic and scaling
    • For Root volume type choose General Purpose 3(SSD)
    • Leave everything else as default, scroll down, and click Skip to review
    • Click Submit

Step 5: Package the sample application

Open up this root directory in your terminal and execute the following commands

zip -r ./hello_world.zip .

Step 6: Deploy the sample application

  1. Navigate back to the environment we created in Elastic Beanstalk.

  2. Click Upload and deploy.

  3. Select the hello_world.zip file we created.

  4. Click Deploy

Step 7: Verify the application deployment

  1. Click the url under Domain

  2. You should see a simple webpage with a Hello World! message

Step 8: Verify the Falcon sensor installation

  1. In the logs tab, click Request logs and then Full

  2. Download and unzip the contents

  3. In the var/log/ directory, open the cfn-init-cmd.log file. At the bottom of the file, you should see some logs that resemble the following

...
2024-12-03 17:53:01,286 P3644 [INFO] Command 01_falcon
2024-12-03 17:53:14,245 P3644 [INFO] -----------------------Command Output-----------------------
2024-12-03 17:53:14,246 P3644 [INFO]    % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
2024-12-03 17:53:14,247 P3644 [INFO]                                   Dload  Upload   Total   Spent    Left  Speed
2024-12-03 17:53:14,247 P3644 [INFO]  
2024-12-03 17:53:14,247 P3644 [INFO]    0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
2024-12-03 17:53:14,247 P3644 [INFO]  100 35817  100 35817    0     0   164k      0 --:--:-- --:--:-- --:--:--  164k
2024-12-03 17:53:14,247 P3644 [INFO]  Check if Falcon Sensor is running ... [ Not present ]
2024-12-03 17:53:14,247 P3644 [INFO]  Falcon Sensor Install  ... 
2024-12-03 17:53:14,247 P3644 [INFO]  Installed:
2024-12-03 17:53:14,247 P3644 [INFO]    falcon-sensor-7.20.0-17306.amzn2023.x86_64                                    
2024-12-03 17:53:14,247 P3644 [INFO]  
2024-12-03 17:53:14,247 P3644 [INFO]  [ Ok ]
2024-12-03 17:53:14,247 P3644 [INFO]  Falcon Sensor Register ... [ Ok ]
2024-12-03 17:53:14,247 P3644 [INFO]  Falcon Sensor Restart  ... [ Ok ]
2024-12-03 17:53:14,247 P3644 [INFO]  Falcon Sensor installed successfully.
2024-12-03 17:53:14,247 P3644 [INFO] ------------------------------------------------------------
2024-12-03 17:53:14,248 P3644 [INFO] Completed successfully.

Congratulations! The sensor was successfully installed.

Tip

You can further confirm this by querying for your instance in the Falcon console.

Other Deployment Options

AWS SSM

This method involves using AWS SSM distributor to deploy the Falcon sensor directly on the machine. An in depth guide can be found in this repository

Baked in AMI

This method involves creating custom AMIs with the Falcon sensor already installed using EC2 Image Builder, and using that AMI for your Elasticbeanstalk compute resources. An in depth guide can be found here to-do: add documentation reference

About

A repo with steps and examples of how to deploy the Falcon sensor in AWS Elastic Beanstalk

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

5 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages