Our customers can bake aqua enforcer in an AMI image and then instantiate images of AMI to get the deployment at scale for new VM images. These can be used to templatize different types of server configurations.  This should work for autoscaling environments for horizontal scaling (e.g. webservers) too.


  1. Deploy Aqua VM enforcer. Ensure that its configured to connect with Gateway and console and its events are showing up the Aqua console.
  2. Follow these steps to eliminate instance specific context on the instance before creating the AMI:
    1. net stop slkd
    2. net stop containermonitor
    3. DEL /F /Q "C:\Program Files\AquaSec\data\*"
  3. Create a snapshot (AMI image)
  4. Instantiate AMI and validate that the aqua services slkd and containermonitor are running
    1. Post instantiation, Aqua enforcer will automatically connect to the correct console via gateway
    2. Ensure that there are no firewall restrictions for the subnets/VPCs where AMI is being instantiated for the enforcer -> Gateway communication