Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    Home FortiCNAPP CLI Reference

    lacework agent aws-install ec2ssh

    lacework agent aws-install ec2ssh

    Use SSH to securely connect to EC2 instances

    Synopsis

    This command installs the agent on all EC2 instances in an AWS account using SSH.

    To filter by one or more regions:

    lacework agent aws-install ec2ssh --include_regions us-west-2,us-east-2

    To filter by instance tag:

    lacework agent aws-install ec2ssh --tag TagName,TagValue

    To filter by instance tag key:

    lacework agent aws-install ec2ssh --tag_key TagName

    To provide an existing access token, use the '--token' flag. This flag is required when running non-interactively ('--noninteractive' flag). The interactive command 'lacework agent token list' can be used to query existing tokens.

    lacework agent aws-install ec2ssh --token <token>

    To explicitly specify the server URL that the agent will connect to:

    lacework agent aws-install ec2ssh --server_url https://your.server.url.lacework.net

    You will need to provide an SSH authentication method. This authentication method should work for all instances that your tag or region filters select. Instances must be routable from your local host.

    To authenticate using username and password:

    lacework agent aws-install ec2ssh --ssh_username <your-user> --ssh_password <secret>

    To authenticate using an identity file:

    lacework agent aws-install ec2ssh -i /path/to/your/key

    To specify an AWS credential profile other than 'default':

    lacework agent aws-install ec2ssh --credential_profile aws-profile-name

    The environment should contain AWS credentials in the following variables: - AWS_ACCESS_KEY_ID - AWS_SECRET_ACCESS_KEY - AWS_SESSION_TOKEN (optional), - AWS_REGION (optional)

    This command will automatically add hosts with successful connections to '~/.ssh/known_hosts' unless specified with '--trust_host_key=false'.

    lacework agent aws-install ec2ssh [flags]

    Options

          --credential_profile string   AWS credential profile to use (default "default")
  -h, --help                        help for ec2ssh
  -i, --identity_file string        identity (private key) for public key authentication (default "~/.ssh/id_rsa")
  -r, --include_regions strings     list of regions to filter on
  -n, --max_parallelism int         maximum number of workers executing AWS API calls, set if rate limits are lower or higher than normal (default 50)
      --server_url https://         server URL that agents will talk to, prefixed with https:// (default "https://agent.lacework.net")
      --ssh_password string         password for authentication
      --ssh_port int                port to connect to on the remote host (default 22)
      --ssh_username string         username to login with
      --tag strings                 only select instances with this tag
      --tag_key string              only install agents on infra with this tag key
      --token string                agent access token
      --trust_host_key              automatically add host keys to the ~/.ssh/known_hosts file (default true)

    Options inherited from parent commands

      -a, --account string      account subdomain of URL (i.e. <ACCOUNT>.lacework.net)
  -k, --api_key string      access key id
  -s, --api_secret string   secret access key
      --api_token string    access token (replaces the use of api_key and api_secret)
      --debug               turn on debug logging
      --json                switch commands output from human-readable to json format
      --nocache             turn off caching
      --nocolor             turn off colors
      --noninteractive      turn off interactive mode (disable spinners, prompts, etc.)
      --organization        access organization level data sets (org admins only)
  -p, --profile string      switch between profiles configured at ~/.lacework.toml
      --subaccount string   sub-account name inside your organization (org admins only)

    See also

    Previous
    Next

    lacework agent aws-install ec2ssh

    lacework agent aws-install ec2ssh

    Use SSH to securely connect to EC2 instances

    Synopsis

    This command installs the agent on all EC2 instances in an AWS account using SSH.

    To filter by one or more regions:

    lacework agent aws-install ec2ssh --include_regions us-west-2,us-east-2

    To filter by instance tag:

    lacework agent aws-install ec2ssh --tag TagName,TagValue

    To filter by instance tag key:

    lacework agent aws-install ec2ssh --tag_key TagName

    To provide an existing access token, use the '--token' flag. This flag is required when running non-interactively ('--noninteractive' flag). The interactive command 'lacework agent token list' can be used to query existing tokens.

    lacework agent aws-install ec2ssh --token <token>

    To explicitly specify the server URL that the agent will connect to:

    lacework agent aws-install ec2ssh --server_url https://your.server.url.lacework.net

    You will need to provide an SSH authentication method. This authentication method should work for all instances that your tag or region filters select. Instances must be routable from your local host.

    To authenticate using username and password:

    lacework agent aws-install ec2ssh --ssh_username <your-user> --ssh_password <secret>

    To authenticate using an identity file:

    lacework agent aws-install ec2ssh -i /path/to/your/key

    To specify an AWS credential profile other than 'default':

    lacework agent aws-install ec2ssh --credential_profile aws-profile-name

    The environment should contain AWS credentials in the following variables: - AWS_ACCESS_KEY_ID - AWS_SECRET_ACCESS_KEY - AWS_SESSION_TOKEN (optional), - AWS_REGION (optional)

    This command will automatically add hosts with successful connections to '~/.ssh/known_hosts' unless specified with '--trust_host_key=false'.

    lacework agent aws-install ec2ssh [flags]

    Options

          --credential_profile string   AWS credential profile to use (default "default")
  -h, --help                        help for ec2ssh
  -i, --identity_file string        identity (private key) for public key authentication (default "~/.ssh/id_rsa")
  -r, --include_regions strings     list of regions to filter on
  -n, --max_parallelism int         maximum number of workers executing AWS API calls, set if rate limits are lower or higher than normal (default 50)
      --server_url https://         server URL that agents will talk to, prefixed with https:// (default "https://agent.lacework.net")
      --ssh_password string         password for authentication
      --ssh_port int                port to connect to on the remote host (default 22)
      --ssh_username string         username to login with
      --tag strings                 only select instances with this tag
      --tag_key string              only install agents on infra with this tag key
      --token string                agent access token
      --trust_host_key              automatically add host keys to the ~/.ssh/known_hosts file (default true)

    Options inherited from parent commands

      -a, --account string      account subdomain of URL (i.e. <ACCOUNT>.lacework.net)
  -k, --api_key string      access key id
  -s, --api_secret string   secret access key
      --api_token string    access token (replaces the use of api_key and api_secret)
      --debug               turn on debug logging
      --json                switch commands output from human-readable to json format
      --nocache             turn off caching
      --nocolor             turn off colors
      --noninteractive      turn off interactive mode (disable spinners, prompts, etc.)
      --organization        access organization level data sets (org admins only)
  -p, --profile string      switch between profiles configured at ~/.lacework.toml
      --subaccount string   sub-account name inside your organization (org admins only)

    See also

    Previous
    Next