We currently have several AWS Accounts in our BigFix environment which are used by our developer for test etc….
As part of this environment users are allows to set up instance as well as auto scaling groups. Basically, they have free rein to do what they want.
However, IT do have some governance over what goes on regarding security tool etc….
To this end we only install the BigFix Client (via an AWS SSM document) on machines that have been online in these account for 24 hours or more.
This is causing us a few issues for example
- Some one set up an autoscaling group which produced over 1000 short lived instances
- These were picked up by the plugin portal and added to BigFix.
- This then skews the patching reports etc… as they are included in the report.
Unfortunately, there seems to be known way to do the following.
- Set the scan cycle separately for each AWS account in the Plug in portal.
- Set the deletion time for machines separately for each AWS account.
- As this BigFix environment also includes production machines along with end user machines we do not want to decrease the automatic deletion time which is currently set a 30 days.
We did brainstorm a couple of idea (these are in no particular order)
- Ignore the development account. But the company policy will not allow us to do that.
- Set up a separate plugin portal server with a longer scan time.
- Set up a separate BigFix environment.
- Set up a script to compare what we currently have in these AWS accounts and remove them from BigFix via the API.
I am curious to know how people deal with cloud instance which can come a go within a matter of hours or days.
Any advice or insights would be greatly appreciated.