Agent Installation on Linux - AWS Application Discovery Service

Agent Installation on Linux

Complete the following procedure on Linux. Be sure that your Migration Hub home region has been set before you begin this procedure.


If you are using a non-current Linux version, see Requirements on Older Linux Platforms.

To install AWS Application Discovery Agent in your data center

  1. Log in to your Linux-based server or VM and create a new directory to contain your agent components.

  2. Switch to the new directory and download the installation script from either the command line or the console.

    1. To download from the command line, run the following command.

      curl -o ./aws-discovery-agent.tar.gz
    2. To download from the Migration Hub console, do the following:

      1. Open the console and go to the Discovery Tools page.

      2. In the Discovery Agent box, choose Download agent, then choose Linux in the resultant list box. Your download begins immediately.

  3. Verify the cryptographic signature of the installation package with the following three commands:

    curl -o ./agent.sig
    curl -o ./discovery.gpg
    gpg --no-default-keyring --keyring ./discovery.gpg --verify agent.sig aws-discovery-agent.tar.gz

    The agent public key (discovery.gpg) fingerprint is 7638 F24C 6717 F97C 4F1B 3BC0 5133 255E 4DF4 2DA2.

  4. Extract from the tarball as shown following.

    tar -xzf aws-discovery-agent.tar.gz
  5. Run the command to install the agent in your home region. In this example, we use the string Your_Home_Regionto show where to insert your home region.

    sudo bash install -r Your_Home_Region -k <aws key id> -s <aws key secret>

    Agents automatically download and apply updates as they become available. We recommend using this default configuration. However, if you don't want agents to download and apply updates automatically, include the -u false parameter when running the installation script.

  6. If outbound connections from your network are restricted, you'll need to update your firewall settings. Agents require access to arsenal over TCP port 443. They don't require any inbound ports to be open.

    • For example, if your home region is eu-central-1, you'd use

    • Or substitute your home region as needed for all other regions except us-west-2.

    • If us-west-2 is your home region, use


    Agents also work with transparent web proxies. However, if you need to configure a non-transparent proxy, proceed to the next step.

  7. Optional: To Configure a Non-Transparent Proxy:

    1. Find the configuration file as described in Agent Troubleshooting on Linux and edit the file by adding the required configuration data as follows:

      "proxyHost" : "<>", "proxyPort" : <1234>, "proxyUser" : "<myusername>", "proxyPassword" : "<mypassword>",
    2. Save the edited configuration file ensuring that you still have valid json (taking care with the quotes and the commas). If your proxy doesn't require authentication, then leave out proxyUser and proxyPassword. While most proxies use HTTP, if your proxy uses HTTPS, specify the following in the configuration file:

      "proxyScheme" : "https"
    3. Restart the agent.


      If you encounter problems, add the following to the configuration file:

      "enableAWSSDKLogging" : true

      Then, restart the agent again, let it run for at least 15 minutes, and contact AWS Support. They will help you troubleshoot and may ask you to send them the generated log files which can be found as described in Agent Troubleshooting on Linux.

Requirements on Older Linux Platforms

Some older Linux platforms such as SUSE 10, CentOS 5, and RHEL 5 are either at end of life or only minimally supported. These platforms can suffer from out-of-date cipher suites that prevent the agent installation script from downloading installation packages. They might also have a limited ability to find and download the platform libraries required by the agent from deprecated Linux repositories.

32-bit libc

One of the dependencies needed for the Application Discovery agent is 32-bit libc. This library must be installed on 64-bit systems that run the agent. If the installation script exits because it fails to find a suitable repository or otherwise fails to install 32-bit libc, you must manually find and install 32-bit libc before you can complete agent installation. Because 32-bit libc is a core Linux library, you must take great care in identifying a package that is compatible with your system. We recommend contacting AWS Support for assistance. After 32-bit libc is installed, run the installation script with the -p false parameter to skip the automated search of Linux repositories for prerequisites.


The Application Discovery agent requires curl for secure communications with the AWS server. Some old versions of curl are not able to communicate securely with a modern web service. To use the version of curl included with the Application Discovery agent for all operations, run the installation script with the -c true parameter.

Certificate Authority Bundle

Older Linux systems might have an out-of-date Certificate Authority (CA) bundle, which is critical to secure internet communication. To use the CA bundle included with the Application Discovery agent for all operations, run the installation script with the -b true parameter.

These three installation script options can be used in any combination. In the following example command, all three have been passed to the installation script:

sudo bash install -r Your_Home_Region -k <aws key id> -s <aws key secret> -p false -c true -b true


Manage the Discovery Agent Process on Linux

You can manage the behavior of the Discovery Agent at the system level using the systemd, Upstart, or System V init tools. The following tabs outline the commands for the supported tasks in each of the respective tools.

Management Commands for the Application Discovery Agent
Task Command
Verify that an agent is running

sudo systemctl status aws-discovery-daemon.service

Start an agent

sudo systemctl start aws-discovery-daemon.service

Stop an agent

sudo systemctl stop aws-discovery-daemon.service

Restart an agent

sudo systemctl restart aws-discovery-daemon.service

Uninstall an agent

yum remove aws-discovery-agent

Management Commands for the Application Discovery Agent
Task Command
Verify that an agent is running

sudo initctl status aws-discovery-daemon

Start an agent

sudo initctl start aws-discovery-daemon

Stop an agent

sudo initctl stop aws-discovery-daemon

Restart an agent

sudo initctl restart aws-discovery-daemon

Uninstall an agent

apt-get remove aws-discovery-agent

System V init
Management Commands for the Application Discovery Agent
Task Command
Verify that an agent is running

sudo /etc/init.d/aws-discovery-daemon status

Start an agent

sudo /etc/init.d/aws-discovery-daemon start

Stop an agent

sudo /etc/init.d/aws-discovery-daemon stop

Restart an agent

sudo /etc/init.d/aws-discovery-daemon restart

Uninstall an agent

zypper remove aws-discovery-agent

Agent Troubleshooting on Linux

If you encounter problems while installing or using the Application Discovery Agent on Linux, consult the following guidance about logging and configuration. When helping to troubleshoot potential issues with the agent or its connection to the Application Discovery Service, AWS Support often requests these files.

  • Log files

    Agent log files can be found under the following directory.


    Log files are named to indicate whether they are generated by the main daemon, the automatic upgrader, or installer.


  • Configuration files

    Agent configuration files can be found under the following directory.

  • For instructions on how to remove older versions of the Discovery Agent, see Prerequisites for Agent Installation.