From a04d0b1ece0a4260c397f55014d1a864e23945d1 Mon Sep 17 00:00:00 2001
From: mahanth <22050509+gnmahanth@users.noreply.github.com>
Date: Mon, 16 Sep 2024 20:47:57 +0530
Subject: [PATCH] update instuctions to run cloud scanner on ec2 (#2306)

(cherry picked from commit 6ebbb1f336d15f1c669644476b2831a10b8e360c)
---
 docs/docs/cloudscanner/aws.md | 47 ++++++++++++++++++++++++++++++++++-
 1 file changed, 46 insertions(+), 1 deletion(-)

diff --git a/docs/docs/cloudscanner/aws.md b/docs/docs/cloudscanner/aws.md
index 9998964e07..605e846db6 100644
--- a/docs/docs/cloudscanner/aws.md
+++ b/docs/docs/cloudscanner/aws.md
@@ -294,4 +294,49 @@ For maximum coverage, you can use both Cloud Scanner and local Sensor Agent comp
         --namespace deepfence \
         --create-namespace \
         --version CLOUD_SCANNER_HELM_CHART_VERSION
-    ```
\ No newline at end of file
+    ```
+
+## Cloud Scanner on EC2 instance using IAM Roles
+
+:::info
+
+**Pre-requisite:**
+- Install docker and docker compose on the EC2 instance([refer docker documentation for installation instructions](https://docs.docker.com/engine/install/))
+- If a existing EC2 instance is used, check if docker and docker compose plugins are installed on the EC2 instance
+:::
+
+### Single Account Cloud Scanner on EC2 instance using IAM Roles
+1. Create the IAM role and instance profile for deepfence cloud scanner using the cloudformation script [deepfence-cloud-scanner-single-account-iam-role](https://us-east-1.console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://deepfence-public.s3.amazonaws.com/cloud-scanner/self-hosted/ec2/single-account-ec2-iam-role/deepfence-cloud-scanner-single-account-iam-role.template)
+2. Note the instance profile from the cloudformation stack output
+3. Modify the EC2 instance, add the instance profile created by cloudformation script
+4. Create a directory **deepfence-cloud-scanner** and download docker-compose.yaml from the url
+    ```
+    https://raw.githubusercontent.com/deepfence/cloud-scanner/main/docker-compose.yaml 
+    ```
+    ```bash
+    mkdir deepfence-cloud-scanner && cd deepfence-cloud-scanner
+    wget https://raw.githubusercontent.com/deepfence/cloud-scanner/main/docker-compose.yaml 
+    ```
+5. Update the account details and console details in the docker-compose.yaml
+6. Start the cloud scanner using docker compose 
+    ```
+    docker compose up -d
+    ```
+
+### Organization Account Cloud Scanner on EC2 instance using IAM Roles
+1. Create the IAM role and instance profile for deepfence cloud scanner using the cloudformation script [deepfence-cloud-scanner-organization-stackset-iam-role](https://us-east-1.console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://deepfence-public.s3.amazonaws.com/cloud-scanner/self-hosted/ec2/organization-ec2-iam-role/deepfence-cloud-scanner-organization-stackset-iam-role.template)
+2. Note the instance profile from the cloudformation stack output
+3. Modify the EC2 instance, add the instance profile created by cloudformation script
+4. Create a directory **deepfence-cloud-scanner** and download docker-compose.yaml from the url
+    ```
+    https://raw.githubusercontent.com/deepfence/cloud-scanner/main/docker-compose.yaml 
+    ```
+    ```bash
+    mkdir deepfence-cloud-scanner && cd deepfence-cloud-scanner
+    wget https://raw.githubusercontent.com/deepfence/cloud-scanner/main/docker-compose.yaml 
+    ```
+5. Update the organization account details and console details in the docker-compose.yaml
+6. Start the cloud scanner using docker compose 
+    ```
+    docker compose up -d
+    ```