Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Install a CWPP Agent using AWS SSM

After the POP deployment is completed successfully and all the services are installed properly you can deploy the CWPP agent on an autoscaling instance or an EC2 instance created in the proper region. 

Before installation, verify the following:

  • Validate the options provided to the installation script 

  • Check permission for Installation, Space requirements, and Platform support 

  • DXL (Data eXchange Layer) Configuration files are downloaded from the CICD (Continuous Integration and Continuous Delivery) Service that the Installer Binary will use to communicate with the DXL Broker hosted in the POP. 

  • Installer binary is downloaded from the CICD Service and executed.

  • Logs are saved locally and showed on the console and sent to the CICD Service.

Once the agent deployment is successful, validate if the same is reported to the POP in Skyhigh CASB in the Resources tab 


To install a CSPP Agent using AWS SSM:  

  1. In the AWS console, select the AWS region where the POP is installed. 
  2. Go to AWS Systems Manager > Documents.
  3. At the top of the console, select Create command or session. This allows you to create your own document in either JSON or YAML. Compile the agent install script in JSON or YAML.  
  4. Replace the JSON contents with the contents from the attached document, CWPAgentSSMDocumentContent.json
  5. Click Create new version.
  6. From the client configuration package, copy the DevOpsConfig.tar to the AWS S3 location. Then enter the location under Command parameters in the S3 Path
  7. Choose Run Command. Specify the Target resources by selecting from three methods and Run the command. 

After the SSM is completed, you can see that the instance is reported in Skyhigh CASB in Analytics > Resources as Managed.  

  • Was this article helpful?