System Requirements

Overview of the system requirements.

This section provides an overview of the software and hardware requirements needed for deploying the Protegrity AWS EC2 Protector.

Software Requirements

Ensure that the following prerequisites are met for deploying the Protegrity AWS EC2 Protector package ApplicationProtector_Linux-64_x86-64_AWS.EC2.JRE-<JRE_Version>_<Version>.tgz.

ESA prerequisites

  • Policy: Ensure that you have defined the security policy in the ESA. For more information about defining a security policy, refer to the section Policy Management.

  • Datastore: Attach the policy to a datastore in the ESA or to a range of allowed servers that are added to a datastore.

    The IP address range of the allowed servers must be the same as that of the EC2 instance on which the CloudFormation template is deployed.

For more information about datastores, refer to the section Data Stores.

  • Trusted Application: Created a Trusted Application with the name as com.protegrity.sample.apjavarest.APJavaSpringApp and username as ptyitusr.

    For more information about setting up a Trusted Application, refer to the section Trusted Applications.

  • User application: For example, Banking application, which contains the customer data that you want to protect using the Application Protector Java.

  • Non-admin ESA user: Create a non-admin ESA user that will be used by the CloudFormation Template to retrieve the security policy and the certificates from the ESA. Ensure that the user is assigned the Export Certificates and the Appliance CLI Viewer roles.

    For more information about assigning roles, refer to the section Managing Roles.

Linux Instance Configuration

The following prerequisites are required for installing the Sample Application:

  • Linux instance - This instance can be used to communicate with the AWS EC2 Auto Scaling Group. This instance can be on-premise or on AWS.

  • EC2 Linux instance - This instance is used to create the AMI by integrating the Sample Application with the Application Protector Java.

    You can choose to create a custom AMI by integrating your own application with the Application Protector Java.

    Important: Ensure that the EC2 instance is created using a valid volume type. For example, GP3.

Sample Application Configuration

  • Install Maven version 3.9.6, or later, on the EC2 Linux instance on which you are creating the JAR file for the Sample Application.

    For more information about installing Maven, refer to the Apache Maven documentation.

  • Install OpenJDK 1.8 on the EC2 Linux instance on which you are creating the JAR file for the Sample Application..

    For more information about installing OpenJDK, refer to the OpenJDK documentation.

  • If you are using a custom image for the EC2 instance, then install the cloud-init library to initialize the instance.

    For more information about the cloud-init library, refer to the cloud-init documentation.

Cloud or AWS prerequisites

You need access to an AWS account. You also need access to the following AWS resources.

  • AWS S3 buckets for uploading the logs.

  • Permissions to create a bucket in AWS S3.

  • Permission to deploy and manage CloudFormation Templates.

  • Instance Profile - This IAM role is attached to both EC2 instances that are launched using the CloudFormation template. This role requires that the EC2 instance must have read and write access to AWS S3.

    For more information adding an IAM role to the instance profile, refer to the add-role-to-instance-profile command in the AWS CLI Command Reference documentation.

  • IAM User - The IAM User needs to upload the server certificates to the AWS Identity and Access Management (IAM). This is required if you are using TLS authentication between the client application and the AWS Load Balancer. This user requires the UploadServerCertificate permission.

    For more information about creating an IAM user, refer to Creating an IAM User in Your AWS Account in the AWS documentation. Contact your system administrator for creating the IAM users.

    For more information about the UploadServerCertificate permissions, refer to the section UploadServerCertificate in the AWS documentation.

    In this reference implementation, the server certificates have been uploaded to the IAM service. However, you can also choose to upload the certificates to the AWS Certificate Manager.

    For more information about uploading certificates to the IAM, refer to the section Managing Server Certificates in IAM.

    For more information about uploading certificates to the AWS Certificate Manager, refer to the AWS Certificate Manager User Guide.

Hardware Requirements

The following table lists the minimum hardware configurations.

Hardware ComponentsConfiguration
CPUDepends on the application.
Disk SpaceUnder 400 MB - including LogForwarder, RPSync, and AP Java.
RAMFor more information about memory usage, refer to AP Java.
EC2 instanceDepends on the CPU and memory usage.
The minimum instance type required for running the Protegrity AWS EC2 Protector is t2.micro instance type.

Last modified : February 25, 2026