# Install OX Runtime Sensor on AWS EC2 Install the OX Runtime Sensor as a systemd service on an AWS EC2 instance. Setting `OX_DEPLOYMENT_TYPE=ec2` enables automatic instance ID enrichment via the EC2 Instance Metadata Service (IMDSv2). ## Prerequisites * EC2 instance with Linux kernel v5.10 and later and BTF enabled (`/sys/kernel/btf/vmlinux` must exist). * Docker or containerd installed and running. * `sudo` access on the instance. * Outbound HTTPS access to `api.cloud.ox.security` * IMDSv2 reachable from the instance (default on standard EC2). * [An OX API key](/secure-runtime/ox-runtime-sensor.md). ## Step 1: Install the sensor ``` curl -s https://charts.cloud.ox.security/install.sh | \ sudo OX_API_KEY= \ OX_DEPLOYMENT_TYPE=ec2 \ OX_CLUSTER_NAME= \ OX_CLOUD_REGION= \ OX_CLOUD_ACCOUNT_ID= \ bash ``` **Example:** ``` curl -s https://charts.cloud.ox.security/install.sh | \ sudo OX_API_KEY=oxkey-abc123 \ OX_DEPLOYMENT_TYPE=ec2 \ OX_CLUSTER_NAME=prod-workers \ OX_CLOUD_REGION=us-east-1 \ OX_CLOUD_ACCOUNT_ID=123456789012 \ bash ``` The script auto-detects your container runtime, stores the API key securely in `/root/ox-runtime-sensor/env` (mode `0600`), and starts the `ox-runtime-sensor` systemd service. ## Step 2: Verify ``` curl -s https://charts.cloud.ox.security/install.sh | sudo bash -s -- --status sudo journalctl -u ox-runtime-sensor -f ``` The sensor appears in the OX UI grouped by `OX_CLUSTER_NAME`, with cloud account and region metadata on each event. The `instanceId` field is automatically populated from IMDSv2. ## [Step 3: Connect to OX Runtime Sensor](/secure-runtime/ox-runtime-sensor.md) ## Configuration reference | Variable | Required | Default | Description | | --------------------- | -------- | ------------------------------------------------- | ----------------------------------------------------------------------- | | `OX_API_KEY` | **yes** | — | API key from the OX Security dashboard | | `OX_DEPLOYMENT_TYPE` | **yes** | `local` | Must be `ec2` to enable IMDSv2 instance ID enrichment | | `OX_CLUSTER_NAME` | no | system hostname | Cluster or host-group name shown in the OX UI | | `OX_CLOUD_PROVIDER` | no | `aws` when `OX_DEPLOYMENT_TYPE=ec2` | Cloud provider. Defaults to `aws` automatically for EC2 deployments | | `OX_CLOUD_REGION` | no | — | AWS region (for example, `us-east-1`). Injected into every event | | `OX_CLOUD_ACCOUNT_ID` | no | — | AWS account ID (for example, `123456789012`). Injected into every event | | `OX_API_ENDPOINT` | no | `https://api.cloud.ox.security/api/agent-service` | OX backend endpoint (do not change unless instructed) | ### Uninstall ``` curl -s https://charts.cloud.ox.security/install.sh | sudo bash -s -- --uninstall ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.ox.security/secure-runtime/ox-runtime-sensor/install-ox-runtime-sensor-on-aws-ec2.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.