Integrating with Amazon EC2 Services

4.1.1. About Amazon EC2 Integration in Control Center

From GravityZone Control Center, administrators are enabled to integrate with the Amazon Elastic Compute Cloud (EC2) service and centrally deploy, manage and monitor Bitdefender security on their instance inventory. Proprietary scanning servers are hosted by Bitdefender in the AWS Cloud to ensure an optimal footprint on the protected instances and to eliminate the scanning overhead occurring with traditional security software.

Bitdefender Control Center manages Amazon EC2 instances through dedicated features, such as:

● Integrated EC2 inventory grouped by Amazon regions and Availability Zones.

Once the Amazon EC2 integrationhas been configured, the Amazon instances belonging to the provided user account credentials are imported in Control Center under the network inventory. A custom Amazon EC2 group will be

displayed, containing all the Amazon regions and their Availability Zones, which contain instances.

You can differentiate between online and offline instances by their icon:

– Offline instances – Online instances

● Specific EC2 filtering in the network view:

– Filtering endpoints by EC2 instances type

– Filtering endpoints by EC2 tags defined in your Amazon management console – Filtering EC2 instances by their power status (running, stopped, terminated)

● Automatic (default) scan modes for EC2 instances set on Central Scan with Bitdefender Security Server hosted in the corresponding AWS region, with fallback on Hybrid Scan (with Light Engines using in-the-cloud scanning and, partially, the local signatures).

Note

It is recommended to use the default scan modes for EC2 instances because these are specifically designed for a small footprint and low resource consumption.

For instances with powerful resources, you can also configure the EC2 instances to use Private cloud scanning with Bitdefender Security Server hosted in the corresponding AWS region, with fallback on Local Scanning (Full Engines using signatures and engines stored locally).

● Grouping terminated instances in a specific folder of the network tree. Previously managed (protected) instances that were terminated from the Amazon management console are stored under Terminated Managed Instances group placed in Amazon EC2 folder. You can still obtain information about these instances via reports. If no longer needed, terminated instances can be deleted from the network inventory.

4.1.2. Configuring the Amazon EC2 Integration in Control Center

Security for Amazon Web Services integration requires the access key ID and secret access key of your AWS account or of an AWS Identity and Access Management (IAM) user.

To configure your Amazon EC2 integration:

1. Connect and log in to Control Center.

2. Click your username in the upper-right corner of the console and choose Integrations. The integrations page will show up.

3. Click the Add button at the upper side of the table.

4. Click the Add Amazon EC2 Integration link. A configuration window will appear.

5. Enter your Amazon user access keys in the available fields.

Note

It is recommended to set up integration with your AWS account using the access key of an IAM user created specifically for this purpose.

Your Amazon user linked to the provided credentials must have at least read-only rights on Amazon EC2.

6. Click Save.

7. The AWS License Agreement is displayed. You must read and agree with the license terms to be able to continue.

8. Control Center will check if the provided AWS keys are valid. If so, your Amazon instances will be imported in Control Center and the integration is done.

From this point, you can view and manage your Amazon instances from the Network page, under Custom Groups > Amazon EC2 node. Here, your Amazon EC2 instances are grouped under their Amazon regions and the corresponding Availability Zones. Control Center automatically synchronizes with Amazon EC2 inventory every 15 minutes. You can also manually synchronize with Amazon inventory using the Synchronize with Amazon EC2 button placed at the upper side of the Network page.

If the provided Amazon access credentials are not valid, you will be notified and prompted to enter them again.

4.1.3. Subscribing to Security for Amazon Web Services

As a direct Bitdefender customer, you can anytime configure your Security for Amazon Web Services from theIntegrationspage.

Once the Amazon EC2 Integration has been configured, you will start to use this service in trial mode for 30 days. You will receive by email a confirmation of your

subscription for 30-days trial of your Amazon EC2 services. During the trial period, you will be able to fully protect and manage any number of instances using the security services available with GravityZone Control Center.

If you want to continue using this service after the trial period, you will need to license your AWS subscription by authorizing payments to Bitdefender from your Amazon Payments account. This is a one-time operation during your credit card validity period and it fulfills two functions: licensing of your AWS subscription and payment authorization with your Amazon Payments account for subsequent monthly billing.

After licensing your AWS subscription, you will be charged monthly based on your usage.

Warning

If you do not subscribe within the trial period, your managed instances will be expired after 30 days from your subscription and they will no longer be protected.

Licensing your AWS Subscription

1. Log in to Control Center using your account.

2. Click your username in the upper-right corner of the console and choose My Company.

3. Under the AWS Subscription section, click the Pay with Amazon widget.

4. You will be redirected to the Amazon Sign In page. Log in using your Amazon Payments account.

Note

You must configure your browser to accept third-party cookies for the Amazon widget to work.

5. Configure your Amazon Payment method by selecting a valid credit card and enabling the option Use my selected payment method for future purchases and payments to this merchant.

6. Click Save. Your AWS subscription is now Licensed.

Note

If the selected credit card has expired, you will need to re-license your AWS subscription by following the above-mentioned steps.

Cancelling your AWS Subscription

You can cancel your AWS subscription, at any time, directly from your Control Center company account. When you cancel your AWS subscription:

● All the Bitdefender security agents installed on your instances are expired and those instances remain unprotected immediately.

● The payment authorization for your subscription on Amazon Payments is automatically canceled. However, you will be charged for your current month usage, up to the time when you unsubscribe.

To unsubscribe:

1. Log in to Control Center using your account.

2. Click your username in the upper-right corner of the console and choose My Company.

3. Under the AWS Subscription section, click the Cancel Subscription button.

4. You will have to confirm your action by clicking Yes. Your AWS subscription is now Canceled.

You can anytime subscribe again to the service by following thelicensing procedure.

Editing your AWS Subscription

1. Log in to Control Center using your account.

2. Click your username in the upper-right corner of the console and choose My Company.

3. Under the AWS Subscription section, click the Pay with Amazon widget.

4. Log in using your Amazon Payments account.

5. Make the changes that you need.

6. Click Save.

Note

After editing your AWS Subscription, you will receive two emails from Amazon Payments, which will confirm the cancellation of the previous authorization and the setting-up of a new payment method.