Guides
Start typing to search…

Deploying a scanner from the AMI Catalog

AWS Appliance Deployment Guide

Guide for deploying CyberOptix appliances in Amazon Web Services.

Overview

CyberOptix appliances are pre-configured scanner instances available as Amazon Machine Images (AMI) in the AWS Marketplace. Deploying an appliance in AWS provides a quick way to add scanning capacity in cloud environments.

Prerequisites

  • AWS account with EC2 launch permissions
  • VPC and subnet configured
  • Security group allowing outbound HTTPS (443)
  • SSH key pair for instance access

Deploy Appliance

Step 1: Find CyberOptix AMI

  1. Navigate to EC2Launch Instance
  2. Click Application and OS Images (Amazon Machine Image)
  3. Select Community AMIs tab
  4. Search for: optix-appliance
CyberOptix AMI Search

Step 2: Verify AMI Publisher

Confirm the AMI is published by Purple Team Software:

Owner ID: 739275446494

Security Note: Only use AMIs published by this verified owner ID to ensure authenticity.

Step 3: Launch Instance

  1. Click SelectLaunch instance with AMI
  2. Configure instance settings:
SettingRecommended ValueMinimum Value
Instance Typet3.xlarge (4 vCPU, 16 GB RAM)t3.large (2 vCPU, 8 GB RAM)
Storage120 GB gp3100 GB gp3
NetworkVPC with internet gatewayVPC with NAT gateway
Security GroupAllow outbound 443Allow outbound 443
  1. Select your SSH key pair
  2. Click Launch instance

Step 4: Access Appliance

Connect to the appliance via SSH using the appropriate default username:

Ubuntu 24.04-based appliances:

ssh -i your-key.pem ubuntu@<instance-public-ip>

Red Hat 9-based appliances:

ssh -i your-key.pem ec2-user@<instance-public-ip>

Instance Configuration

Recommended Instance Types

Instance TypevCPUMemoryUse Case
t3.large28 GBLight scanning, development
t3.xlarge416 GBStandard production scanning
t3.2xlarge832 GBHeavy scanning workloads
m5.xlarge416 GBConsistent performance needs

Storage Configuration

  • Volume Type: gp3 (general purpose SSD)
  • Size: 120 GB minimum
  • IOPS: 3,000 (default)
  • Throughput: 125 MB/s (default)

Network Configuration

VPC Requirements:

  • Internet gateway or NAT gateway for outbound connectivity
  • Route to CyberOptix platform (0.0.0.0/0 or specific IP ranges)

Security Group Rules:

TypeProtocolPortDestinationPurpose
OutboundHTTPS4430.0.0.0/0CyberOptix platform
OutboundCustomVariousTarget subnetsScanning targets
InboundSSH22Your IPManagement access

Post-Deployment

After launching the appliance:

  1. Connect via SSH using the default username
  2. Verify connectivity to CyberOptix platform
  3. Configure the appliance using the scanner configuration guide
  4. Link to scanner group with the provided link command
  5. Assign to zones for automated scanning

Available AMI Versions

CyberOptix maintains AMIs for multiple operating systems:

AMI NameOSDefault UserUse Case
optix-appliance-ubuntuUbuntu 24.04ubuntuStandard deployments
optix-appliance-rhelRHEL 9ec2-userEnterprise environments

Cost Optimization

Right-Sizing:

  • Start with t3.large and scale up based on scanning load
  • Monitor CPU and memory utilization in CloudWatch
  • Use AWS Compute Optimizer recommendations

Scheduling:

  • Stop instances when not actively scanning (non-production)
  • Use EC2 Instance Scheduler for automated start/stop
  • Consider Spot Instances for development/testing

Storage:

  • Use gp3 volumes (20% cheaper than gp2)
  • Delete old scan data and logs periodically
  • Enable EBS snapshots for backup, delete old snapshots

Monitoring & Troubleshooting

CloudWatch Metrics

Monitor these key metrics:

  • CPUUtilization - Should remain below 80% during scans
  • NetworkIn/NetworkOut - Indicates scanning activity
  • DiskReadBytes/DiskWriteBytes - Scan result storage

Common Issues

Cannot connect to CyberOptix platform:

  • Verify security group allows outbound 443
  • Check route table has internet gateway/NAT gateway
  • Confirm DNS resolution is working

SSH connection refused:

  • Verify security group allows inbound SSH from your IP
  • Check instance is in "running" state
  • Confirm you're using correct username (ubuntu vs ec2-user)

Insufficient memory errors:

  • Upgrade to instance type with more RAM
  • Reduce concurrent scanning tasks
  • Increase swap space (not recommended for production)

Security Best Practices

Access Control:

  • Restrict SSH access to specific IP addresses
  • Use AWS Systems Manager Session Manager instead of SSH
  • Rotate SSH keys regularly

IAM Roles:

  • Attach IAM role with minimum required permissions
  • Use AWS Secrets Manager for sensitive configuration
  • Enable CloudTrail logging for audit

Network Security:

  • Deploy in private subnet with NAT gateway
  • Use VPC endpoints for AWS service access
  • Enable VPC Flow Logs for network monitoring

Updates:

  • Enable automatic security updates
  • Subscribe to Purple Team Software AMI update notifications
  • Test new AMI versions in non-production first

Next Steps

  1. Complete appliance configuration
  2. Link appliance to scanner group
  3. Assign scanner group to zones
  4. Configure scan schedules and blackout dates
  5. Monitor scan results in CyberOptix platform

Additional Resources

Updated about 2 months ago