Jamf Blog
AWS and Jamf JNUC 2022
September 28, 2022 by JNUC sponsor AWS

Use Amazon EC2 Mac and Jamf to Automate and Secure Your Apple Dev Pipelines

In partnership with Jamf, the leader in Apple device management, AWS has developed integration between the Amazon EC2 Mac instances and Jamf Pro to simplify managing, securing, and configuring EC2 Mac instances. In this blog post, we show the reader show how to configure their AWS and Jamf accounts to automatically enroll EC2 Mac into Jamf Pro instances when they are launched. This session included a step-by-step explanation of how to take advantage of this new feature.

Why EC2 Mac and Jamf?

Amazon EC2 Mac instances allow you to run on-demand macOS workloads in the cloud to extend AWS's flexibility, scalability and cost benefits to all Apple developers. Amazon EC2 Mac allows organizations to secure and manage their Macs used in their Mac development pipeline. Moving to EC2 Mac can provide increased security, scalability and delivery speeds while reducing the total cost of ownership of Mac assets. With the recent general availability of Amazon EC1 M1 Mac instances, they have become even more powerful.

With the ability to effectively manage EC2 Mac instance configuration with Jamf Pro, customers can secure, inventory and manage EC2 Mac with the same platform managing all their enterprise Apple devices. Automatic EC2 Mac enrollment into Jamf Pro allows IT to use the Jamf binary application to inventory and control devices with proven methods. It also enables end users to use Jamf Self Service to set up EC2 Mac to meet their needs in accordance with their organization’s policies.

Wipro, a leading global AWS Services partner, was looking for an innovative way to help their customers manage their Apple devices. Wipro, AWS and Jamf collaborated on a solution to manage their customers' Apple CI/CD pipelines.

How does it work?

Jamf provides an agent that runs on the EC2 Mac instance, which communicates with the Jamf servers to coordinate the management of the device. The agent must enroll with Jamf in order for the Jamf service to be aware of the instance. Following the launch of the EC2 Mac instance, the enrollment script must be executed on the instance itself. There are several approaches to doing this, such as an SSH session, EC2 User Data Script or an EC2 macOS Init script. This blog post will use an Amazon EventBridge event to execute the enrollment script via the AWS SSM Agent whenever a new EC2 Mac instance is launched. The benefit of this approach over using the EC2 instance metadata or an EC2 macOS Init script is that it will automatically enroll all EC2 Mac instances created in the account without requiring the user who creates the instances to configure a custom AMI or other configurations.

This simplifies the management and ensures the EC2 Mac instances will be enrolled without the need for user intervention. From an end-user perspective, they simply create the instance as they normally would through the console, CLI or CloudFormation, and the AWS Account will coordinate the enrollment of the instance. However, for more advanced AWS users, creating a custom AMI with the scripts in the EC2 macOS Init scripts would also provide similar automated enrollment.

This step-by-step session ran attendees through:

  • Account setup
  • Instance deployment
  • Connecting to the instance
  • Managing the instance with Jamf Pro

It also covered more granular steps such as:

  • EC2 Mac extension attributes
  • Enabling remote desktop access
  • Determining execution frequency
  • Changing the Ec2-user password
  • Testing GUI access

These instructions demonstrated how you can automate the enrollment of your EC2 Mac instances into Jamf, allowing you to manage your EC2 Mac instances with Jamf. This means a single management system for both physical and virtual Apple Mac devices.

About Wipro

Celebrating over 75 years of innovation, Wipro is a purpose-driven, global technology services and consulting firm with 240,000+ experts in 66 countries, helping enterprises across 26 industry segments thrive in the digital world. Wipro Workspace Services for Apple helps companies integrate and secure close to a million Apple iPhone®, iPad®, Apple TV® and Mac® devices with existing infrastructure. Wipro Workspace Services for Apple automate deployment and management with modern best practices and augment support with Wipro and AppleCare, all translating into improvements in productivity and total cost of ownership.

Cloud is the start of the digital journey. When moving to the cloud, look for an innovation-led partner with a global presence and a recognized trusted partner. Wipro has proven experience and many AWS success stories.

Wipro is also an AWS Level 1 MSSP provider. The AWS Level 1 MSSP Competency provides a faster and easier experience for customers to select the right MSSP to help them achieve their goals for business risk and cloud strategy confidence.

View entire presentation

Access the complete step-by-step, including github repositories, scripts, and more by registering for JNUC.

JNUC sponsor AWS
Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.