Skip to content

Deploying the SenseOn Universal Sensor on AWS EC2

This guide walks you through deploying the SenseOn Universal Sensor on an EC2 instance in AWS, enabling visibility into host activity, Docker containers, and Kubernetes workloads (e.g., EKS).

Prerequisites

💡 Note: Installation files can be downloaded from Settings → Universal Sensor when logged into the SenseOn platform.

  • SenseOn installer package (e.g., .rpm or .deb)
  • A valid SenseOn install key file (typically named senseon_install.txt)
  • EKS cluster with associated nodes for deployment
  • AWS permissions to:
  • Launch and manage EC2 instances
  • Connect via EC2 Instance Connect or Systems Manager (SSM)
  • Manage EKS clusters and EC2 node groups
  • Access S3 buckets (optional, for file delivery)
  • Supported EC2 AMI (e.g., Amazon Linux 2, Ubuntu 20.04+)

1. Launch an EC2 Instance

If you don’t already have a nodegroup in your EKS cluster:

  1. Go to AWS Console → EC2 → Launch Instance
  2. Configure the following:
  3. AMI: Amazon Linux 2, Ubuntu, or other supported OS
  4. Instance type: t3.medium or larger
  5. Key pair: Optional (EC2 Instance Connect or SSM can be used instead)
  6. IAM role: Attach an IAM role with S3 and/or SSM permissions if needed
  7. Ensure networking (subnet, SG, route table) allows outbound internet access
  8. Launch the instance

2. Connect to the Instance

Choose one of the following:

  • EC2 Instance Connect (via AWS Console)
  • AWS Systems Manager Session Manager (ensure SSM agent + IAM role configured)
  • SSH (if a key pair was used during launch)

3. Upload the SenseOn Installer and Key File

Upload both the SenseOn install package and the install key (senseon_install.txt), and ensure the key is placed in /tmp.

Option A: Upload via EC2 Connect / SSH

Use the browser terminal or your terminal to upload files via scp (if public IP and key is configured).

Option B: Upload via S3

  1. Upload files to an S3 bucket
  2. Grant EC2 instance IAM access to that bucket
  3. On the instance, run: 
    aws s3 cp s3://<bucket-name>/senseon_install.txt /tmp/
aws s3 cp s3://<bucket-name>/senseon-see_X.XX.XX_x64.rpm <path_to_copy_to>

4. Install the Universal Sensor

Switch to the /tmp directory and install the sensor:

cd /tmp
chmod +x senseon-see_X.XX.XX_x64.rpm
sudo rpm -U <path_to_package>/senseon-see_X.XX.XX_x64.rpm

💡 Replace the filename above with the version you downloaded (e.g., senseon-see_4.12.00_x64.rpm).

5. Verify in the SenseOn Portal

  1. Log in to the SenseOn web portal
  2. Go to Digital Estate
  3. Look for the new EC2 host

Additional Notes

  • The Universal Sensor is to be installed on the host OS to observe containers and pods correctly
  • In EKS or ECS environments, deploy the sensor directly on EC2 nodes—not inside a pod/container
  • Ensure outbound access to SenseOn cloud endpoints if the host is in a private network
  • Use systemctl status senseon-seed.service to check agent status

Troubleshooting

403 Forbidden from S3

  • The EC2 instance must assume an IAM role with permissions to access the relevant bucket, such as AmazonS3ReadOnlyAccess

Agent Not Reporting

  • Ensure /tmp/senseon_install.txt exists before installing and not mistakenly placed in another directory.
  • Check that the SenseOn service is running: 
    sudo systemctl status senseon-seed.service
  • Reboot the SenseOn service or the instance itself if the above are unsuccessful.