AWS Systems Manager Distributor is a tool integrated with AWS Systems Manager that you can use to securely store and distribute software packages in your accounts. By integrating Workload Security with AWS Systems Manager Distributor, you can distribute agents across multiple platforms, control access to managed instances, and automate your deployments.

Create an IAM policy Parent topic

Follow the instructions in Importing existing managed policies.
In the Import managed policies window, add the AmazonSSMManagedInstanceCore policy.

Create a role and assign the policy Parent topic

Follow the instructions in Creating a role for an AWS service.
In the Attach permissions policies window, add the AmazonSSMManagedInstanceCore permission.

Create parameters Parent topic

Procedure

  1. In your AWS console, navigate to AWS Systems Manager Application Management Parameter Store.
  2. There are four parameters that need to be created. Click Create parameter and enter the Name and Value as listed in the following table. The other fields can be left with their default values.
    Name
    Value
    dsActivationUrl
    On the Workload Security console, go to Support Deployment Scripts. Go to the top of the generated script and copy the dsActivationUrl.
    dsManagerUrl
    On the Workload Security console, go to Support Deployment Scripts. Go to the top of the generated script and copy the dsManagerUrl.
    dsTenantId
    On the Workload Security console, go to Support Deployment Scripts. Scroll to the bottom of the generated script and copy the tenantID.
    dsToken
    On the Workload Security console, go to Support Deployment Scripts. Scroll to the bottom of the generated script and copy the token.
    Make sure the values for dsActivationUrl and dsManagerUrl are entered exactly as they appear, taking care to include the trailing slash where applicable.

Create association Parent topic

Procedure

  1. In the AWS console, go to AWS Systems Manager Node Management Distributor.
  2. Select the TrendMicro-CloudOne-WorkloadSecurity package, then Install on a Schedule.
  3. The Create Association page opens. Fill in the required fields. For Installation Type, you should use the In-place update option.
  4. Create a schedule. Using a scheduled State Manager Association ensures that agents are always installed and up to date.
  5. Click Create Association.

Protect your computers Parent topic

You should configure a cloud connector for each AWS account which will contain managed agents. It might also be necessary to create a policy specific to the systems which will be managed by Distributor.