Installing the Protector
This section provides an overview of the steps required to install the Protegrity AWS EC2 Protector by deploying the CloudFormation template.
To deploy the CloudFormation template:
Log in to the AWS environment.
Navigate to Services.
A list of AWS services appears.
Navigate to CloudFormation > Stacks.
The Stacks screen appears.
Click Create Stack.
A drop-down list appears that prompts you to create a stack with new resources or existing resources.
Select the option With new resources (standard).
The Create stack screen appears.
In the Specify template section, click Choose file.
Navigate to the location where you have extracted the CloudFormation template ASG-APJAVA-RPSYNC-EC2-CFT_AWS_<Build_version>.json, select the template, and then click Open.
The Specify stack details screen appears.
In the Stack Name field, type a name for the stack that you want to create.
Enter the following stack parameters.
| Parameters | Description |
|---|---|
| Stack name | Name of the CloudFormation stack. |
| AmiId | ID of the AMI that you want to use to launch the EC2 instance. By default, the ID of the Amazon Linux 2 AMI is specified. You can use a different AMI. Important: Red Hat Linux and Amazon Linux instances are supported, because the user data scripts in the CloudFormation template use yum as the package manager. If you want to use a different distribution of Linux, then ensure that you modify the UserData section in the CloudFormation template to use another package manager that is compatible with the specific distribution. |
| Instance Type | Type of the AWS EC2 instance that you want to launch using the CloudFormation template. For example, t3.medium. |
| Instance Profile | Name of the Instance Profile to be attached to the EC2 instance that you want to create using the CloudFormation template. The Instance Profile must have read access to AWS S3. |
| VpcId | The virtual private cloud in which you want to launch your EC2 instance. |
| SubnetId | The subnet in which you want to launch your EC2 instance. |
| SecurityGroups | The security group in your Virtual Private Cloud (VPC) in which you want to launch your EC2 instance. |
| Key Pair Name | Name of the EC2 Key Pair that enables you to access the EC2 instance using SSH. |
| Desired instance count | Desired number of nodes in the AutoScaling Group. |
| Certificate for SSL termination | ARN of the SSL certificate ARN to terminate the SSL on Load balancer. This is the same server certificate that you have uploaded in the section Uploading the Server Certificates to the AWS Identity and Access Management. |
| BucketPath | Path in S3 bucket where the RPSyncConfig package is uploaded and the log file will be uploaded. |
| StartCommand | Command used to start the application that is integrated with the Application Protector Java. You also need to redirect the output logs to the /opt/protegrity/$applog file, as shown in the following snippet.[application startup command]»/opt/protegrity/$applog The $applog variable refers to the ip-<EC2 IP address>-appLog file, which stores the application logs. If you are using the Sample Application that is provided by Protegrity, then ensure that you leave this field as blank. |
| ESA host/ip | IP address of the ESA from where you want to fetch the policy. |
| ESA admin User | Name of the ESA user that is used to login to the ESA for fetching the policy. |
| ESA admin Password | Password of the ESA user that is used to login to the ESA for fetching the policy. |
- Click Next.
The Configure stack options screen appears.
- Click Next.
The Review and create screen appears.
- Verify all the parameters, and then click Submit.
The Events tab for the selected stack appears. It displays the status of the stack that you have created. The default status is CREATE_IN_PROGRESS.
Click the Refresh icon to check whether the status is refreshed.
After the stack is created, the status changes to CREATE_COMPLETE.
In addition, a directory /log/ is created in the AWS S3 bucket. This directory contains the user data logs, which are a result of executing the user data scripts in the CloudFormation template. The logs are generated in the /log/ directory in both success and failure scenarios.
You can use the logs in the AWS S3 bucket to troubleshoot any issue. If the logs are not available, then you can connect to the EC2 instance to troubleshoot the issue.
If the EC2 instance is created and the /log/ directory is not created in the AWS S3 bucket, then you can troubleshoot the issue by performing the following steps.
Connect to the EC2 instance using the key pair that you have created.
Navigate to the /opt/protegrity directory to access the user data logs.
The user data logs are included in the $(StackName)-UserDataLog file. StackName is the name of the stack that you have provided in the CloudFormation template parameters while launching the EC2 instance.
- Navigate to the /var/lib/cloud/instance/scripts/part-001 directory to view the user data script.
You can view the contents of the script or execute the script using root user permissions for troubleshooting the issue.
Feedback
Was this page helpful?