Request for Assistance with Running Distributor on Schedule for Falcon Sensor Installation on EC2 Instances in Managed Control Tower Accounts and Regions

[drey143]

I'm trying to run a distributor on a schedule to install Falcon Sensor on EC2 instances in all accounts and regions from within our master account because we have our accounts being managed by Control Tower. Unfortunately, I am unable to find helpful documentation that could assist me in achieving this.

[ffalor]

Hey @drey143

Are you asking how to use control tower? Or what's required to running distributor on a schedule.

If you're asking about running distributor, you can use state manager to ensure all new and existing ec2 instances have the sensor installed on them. The documentation in this repo has an example in the readme. You will also need to store your api keys in that specific region either through Param store or Secrets Manager. That's all that is required to get a region setup for our Official Distributor package. (Assuming SSM is setup correctly).

[drey143]

@ffalor thanks for your quick response, I'm asking whats required to run distrubutor with multiple accounts within a single organization. SSM is deployed in our master account to manage ec2 instances deployed in member accounts.