Preparing the Environment on

Initializing the Jump Box

Mon, 01 Jan 0001 00:00:00 +0000

The Linux instance should be connected to the AWS EC2 cluster. The following is the minimum system requirements to be configured for a Linux instance.

Software and Files Required for the Linux instance	Purpose	Link
AWS CLI	Manage AWS services	AWS Command Line Interface

Extracting the Installation Package

Mon, 01 Jan 0001 00:00:00 +0000

This section describes the steps to download and extract the installation package for the Protegrity AWS EC2 Protector.

To download the installation package:

Download the ApplicationProtector_Linux-64_x86-64_AWS.EC2.JRE-<JRE_Version>_<Version>.tgz file on the Linux instance.
Run the following command to extract the files from the ApplicationProtector_Linux-64_x86-64_AWS.EC2.JRE-<JRE_Version>_<Version>.tgz file.

tar -xvf ApplicationProtector_Linux-64_x86-64_AWS.EC2.JRE-<JRE_Version>_<Version>.tgz

The following files are extracted:
- ASG-APJAVA-RPSYNC-EC2-CFT_AWS_<Build_version>.json: AWS CloudFormation template used to launch an EC2 instance. This instance is used to run the script for fetching the ESA policy.
- ApplicationProtector-SAMPLE-APP_SRC_<Build_version>.tgz: Package containing the sample application that should be deployed on the AWS EC2 instance.
- APJAVA-RPSYNC-USERDATA-SCRIPTS_EC2_AWS_<Build_version>.tgz: Sample user data script that you can specify in the UserData property of the CloudFormation template. This script contains the bash commands to launch an EC2 instance.
- RPSyncConfig_Linux-ALL-64_x86-64_JRE-_<Build_version>.tgz: Contains the RPSync configuration file and the script for setting up the certificates between the protector and the ESA.
- ApplicationProtector_Linux-ALL-64_x86-64_JRE-_<Build_version>.tgz: AP Java installation package.

Creating a JAR for the Sample Application

Mon, 01 Jan 0001 00:00:00 +0000

This section describes the typical steps required to create a JAR file for the Sample Application.

Ensure that Maven 3.6 or later and Open JDK 1.8 are installed on the machine on which you are creating the JAR file.

To create a JAR file for the Sample Application:

Extract the installation package.

For more information about extract the installation package, refer to the section Extracting the Linux Installation Package.
Run the following command to extract the files from the ApplicationProtector-SAMPLE-APP_SRC_<Build_version>.tgz file to a directory.

Creating a Linux AMI for the Sample Application

Mon, 01 Jan 0001 00:00:00 +0000

This section describes the typical steps required to create a Linux AMI for the Sample Application. This AMI is then used to deploy the Sample Application on the EC2 Auto Scaling Group.

Important: The Sample Application is used for demonstrating how the Application Protector Java can be set up with an application, which in this case is a Spring Boot application. You can choose to create a custom AMI by integrating your custom application with the Application Protector Java libraries.

Creating Certificates and Keys for TLS Authentication

Mon, 01 Jan 0001 00:00:00 +0000

If you already have a server certificate that has been signed by a trusted third-party Certificate Authority (CA), then you do not need create a self-signed server and client certificate.

Ensure that OpenSSL is installed on the Linux instance to create the required certificates.

To create the certificates and keys:

On the Linux instance, run the following command to create a CA certificate and a private key for the certificate.

Uploading the Server Certificates to the AWS Identity and Access Management

Mon, 01 Jan 0001 00:00:00 +0000

This section describes the typical steps required to upload the server certificates that you have created in the section Creating Certificates and Keys for TLS Authentication to the AWS IAM service.

To upload the server certificate, takes a single command. On the Linux instance, run the following command to upload the server certificate to the AWS IAM service.

aws iam upload-server-certificate --server-certificate-name CertificateName --certificate-body file://path/to/server-certs --certificate-chain file://path/to/ca-certs --private-key file://path/to/server-key

For example:

aws iam upload-server-certificate --server-certificate-name CertificateName --certificate-body file://path/to/iap-wildcard.crt --certificate-chain file://path/to/iap-ca.crt --private-key file://path/to/iap-wildcard.key

The command returns the metadata of the uploaded certificate as an output. The metadata contains the Amazon Resource Name (ARN) for the certificate. You must specify this ARN in the SSLCertificate parameter of the CloudFormation template that you use to create the Auto Scaling Group.

Uploading the RPSyncConfig Package to the AWS S3 Bucket

Mon, 01 Jan 0001 00:00:00 +0000

The RPSyncConfig package contains the configuration file for configuring the Application Protector Java. It also contains the certificates required to communicate between the ESA and the protector.

To upload the RPSyncConfig package:

Navigate to the location where you have extracted the installation package for the AWS EC2 Protector.

For more information about the extracted installation package, refer to the section Extracting the Installation Package.
Upload the RPSyncConfig_Linux-ALL-64_x86-64_JRE-_<Build_version>.tgz: package to the AWS S3 bucket that you have created in the section Creating an AWS S3 Bucket.