For a Lacework agent to be able to retrieve the EC2 instance 'Name' tag, the EC2 instance must have permission to DescribeTags.
To provide the necessary permission, complete the following steps:
- Log in to the IAM service.
- Select Policies.
- Click Create policy.
- Select the JSON tab and replace the displayed policy with:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "ec2:DescribeTags",
"Resource": "*"
}
]
}
- Click Review policy.
- Enter a policy name and description.
- Click Create policy.
After creating the policy, associate it with a role that can be attached to EC2 instances.
- Select Roles.
- Click Create role.
- Select AWS service and EC2.
- Click Next: Permissions.
- Search for your newly created policy, select it and click Next: Review.
- Enter a role name, update the description if you want and click Create role.
After creating the role and policy, navigate to the EC2 service and select the instance for which you want to retrieve the 'Name' tag.
Under Actions > Instance Settings > Attach/Replace IAM Role, enter the just created IAM role and click Apply.
The next time the Lacework agent forwards data, you will see the 'Name' field populated.