Create a Broker VM Amazon Machine Image (AMI)
Learn how to create an Amazon Machine Image (AMI) file
of your Cortex XDR broker virtual machine (VM).
After you download
your
Cortex
XDR
Broker VMDK
image,
you can convert the image to Amazon Web Services (AWS) AMI.Be
sure you set up an AWS VM Import role (
vmimport
)
before you continue with the steps to convert the image as it is
required for the import-image
CLI command.
You can use a different role, if the role vmimport
doesn't
exist or doesn't have the required permissions. For more information
on setting up an AWS VM Import role and the permissions required,
see Required service role.To convert the
image.
Set up AWS CLI
(
Optional
)
If you haven’t done so already, set up your AWS CLI as follows:- Install the AWS zip file by running the following command on your local machine:curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip"unzip awscli-bundle.zipsudo /usr/local/bin/python3.7 awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/awsConnect to your AWS account by running:aws configure
- Navigate and log in to your AWS account.
- In the AWS Console, navigate to .
- In theS3 bucketspage,+ Create bucketto upload your broker image to.
- Runaws s3 cp ~/<path/to/broker-vm-version.vmdk> s3://<your_bucket/broker-vm-version.vmdk>Prepare a configuration file on your hard drive.For example:[ { "Description":"<Broker VM Version>", "Format":"vmdk", "UserBucket":{ "S3Bucket":"<your_bucket>", "S3Key":"<broker-vm-version.vmdk>" } }]Create a AMI image from the VMDK file.Runaws ec2 import-image --description="<Broker VM Version>" --disk-containers="file:///<file:///path/to/configuration.json>"Creating an AMI image can take up to 60 minutes to complete.To track the progress, use thetask idvalue from the output and run:
.aws ec2 describe-import-image-tasks --import-task-ids import-ami-<task-id>Completed status output example:
.{ "ImportImageTasks":[ { "...", "SnapshotDetails":[ { "Description":"Broker VM version", "DeviceName":"/dev/<name>", "DiskImageSize":2976817664.0, "Format":"VMDK", "SnapshotId":"snap-1234567890", "Status":"completed", "UserBucket":{ "S3Bucket":"broker-vm", "S3Key":"broker-vm-<version>.vmdk" } } ], "Status":"completed", "..." } ]}(Optional) After the AMI image has been created, you can define a new name for the image.Navigate to and locate your AMI image using the task ID. Select the pencil icon to enter a new name.Launch an Instance- Navigate to .
- Search for your AMI image andLaunchthe file.
- In theLaunch Instance Wizarddefine the instance according to your company requirements andLaunch.
- (Optional) In theInstancespage, locate your instance and use the pencil icon to rename the instanceName.
- Define HTTPS and SSH access to your instance.Right-click your instance and navigate to .In theChange Security Groupspop-up, select HTTPS to be able to access the Broker VM Web UI, and SSH to allow for remote access when troubleshooting. Make sure to allow these connection to the broker from secure networks only.Assigning security groups can take up to 15 minutes.
- Verify the broker VM has started correctly.Locate your instance, right-click and navigate to .You are directed to your broker VM console listing your broker details.
Create an AMI Image
