Option 2: Use the Network Sensor AMI

The Network Sensor AMI allows you to skip some of the manual steps involved in deploying the sensor because it comes preloaded with Amazon Linux 2 and the Network Sensor.

To deploy using the Network Sensor AMI:

1. Open the AWS console. From the “Services” page, select EC2 and click on AMIs on the left menu.
2. Select Private Images and search for Rapid7 AWS Network Sensor for Insight IDR.

3. Select the AMI and click Launch.
4. On the “Choose an Instance Type” page, select instance size t3.xlarge.
5. Select Next.
6. On the “Configure Instance Details” page:
   1. Use “Network” to select the correct VPC to deploy the sensor
   2. Use “Subnet” to select the subnet for the Platform Comms interface.
   3. Use “Network Interfaces” to Add Device.
   4. Use “Subnet” to select the Mirror Traffic Subnet.

7. Scroll down to “Advanced Details”, locate the “User Data” block and enter the Insight Platform install token as follows:

TOKEN=us:dbbbb4e8e-239e4-475a-8b73-0df7feed3d0f

8. Select Add Storage.
9. Select Add Tags.
10. Add tags as desired.
11. Select Configure Security Group.
12. Choose Select an existing security group.
13. Select the Platform Comms Security Group.
14. Select Review and Launch.
15. Select Launch to launch the instance, choosing an appropriate KeyPair.
16. Allow the instance to finish launching.