Standalone EC2 deployment - AWS Commercial Cloud & AWS GovCloud

Requirements:

Amazon EC2 instance   

Type: c5.4xlarge (16 vCPU and 32 GB memory) or better

Storage: 4 TB or more

S3 Bucket for RapidFort data  

IAM EC2 Role and Policy OR IAM User with Read/Write/List permissions for the S3 bucket

EC2 security group, VPC, and subnet with:

1. 1. Inbound access to port 443
   2. Outbound access to *
      • RapidFort needs outbound access to the following:
        • public.ecr.aws (For RapidFort software updates)
        • api.rapidfort.com (For RapidFort vulnerabilities database updates)
        • email-smtp .<aws_region>.amazonaws.com (email)

RapidFort Amazon Machine Image (AMI)

To obtain an AMI, contact RapidFort Support and provide the following to obtain an AMI ID:

                  AWS Account ID
                  AWS Region

Deployment:

1. Create an S3 Bucket and set up IAM with Read/List/Write permissions for the S3 bucket
2. Create an EC2 Security Group

Create an EC2 security group (e.g. rapidfort-port-443) with inbound access to port 443 and outbound access to * .

3.     Launch a RapidFort EC2 Instance

Choose an Amazon Machine Image (AMI)

Search with the AMI ID provided by RapidFort tech support, in your AWS account; select the AMI in Private Images.

Choose an Instance Type

Select instance type c5.4xlarge.

Configure Instance Details

Network/Subnet: Select the VPC and subnet.

 

 

Furthermore, the environment where you will deploy and test your stub images (for example, Kubernetes or AWS Fargate) must have access to the RapidFort EC2 instance.

Auto-assign Public IP: If your EC2 instance should have a private IP address only, select Disable.

IAM role: Select the role you created for RapidFort (e.g. rapidfort-role).

User data: Copy and paste the following text to User Data.

User Data Template - IAM Role

RF_APP_HOST=

RF_APP_ADMIN=<admin_email_address>

RF_APP_ADMIN_PASSWD=<admin_password>

RF_ROLE_ARN=<rapidfort_role_arn>

RF_S3_BUCKET=<rapidfort_s3_bucket_name>

RF_STORAGE_TYPE=s3

 

User Data Template - IAM USER

RF_APP_HOST=

RF_APP_ADMIN=<admin_email_address>

RF_APP_ADMIN_PASSWD=<admin_password>

AWS_ACCESS_KEY_ID=<rapidfort_access_key_id>

AWS_SECRET_ACCESS_KEY=<rapidfort_secret_access_key>

RF_S3_BUCKET=<rapidfort_s3_bucket_name>

RF_STORAGE_TYPE=s3

Update the following User Data variables:

RF_APP_HOST

Dynamic IP Address: Set RF_APP_HOST to an empty string.

RF_APP_HOST=

Static IP Address: Set RF_APP_HOST to the static IP address.

RF_APP_HOST=<static_ip_address>

Load Balancer: If you plan to use RapidFort with a load balancer, set RF_APP_HOST to the hostname. Please note that your load balancer is not required to be up and running when you initially deploy the RapidFort instance.

RF_APP_HOST=<hostname>

RF_APP_ADMIN

Specify your email address. A confirmation email will be sent to this email address.

RF_APP_ADMIN_PASSWD

Specify a password. You can change your password after the RapidFort instance has been deployed.

RF_ROLE_ARN

If you are using an IAM role, then specify the role ARN for the RapidFort role that you created earlier.

AWS_ACCESS_KEY_ID

If you are using an IAM user, then specify the access key ID for the RapidFort user that you created earlier.

AWS_SECRET_ACCESS_KEY

If you are using an IAM user, then specify the secret access key for the RapidFort user that you created earlier.

RF_S3_BUCKET

Specify the name (not the ARN) of the S3 bucket you created for RapidFort.
For example, if your S3 bucket ARN is 

arn:aws:s3::::rapidfort-s3, then the bucket name is rapidfort-s3. Set RF_S3_BUCKET=rapidfort-s3.

 

 

User Data Examples

These examples will show the appropriate User Data for launching a RapidFort instance with the following parameters:

• Email Address: admin@example.com
• Password: P@ssw0rd!
• RapidFort Role ARN: arn:aws:iam::012345678910:role/rapidfort-role

• RapidFort S3 Bucket Name: rapidfort-s3

Dynamic IP Address: To launch a RapidFort instance with a dynamic IP address, specify the following User Data:

Example User Data

RF_APP_HOST=

RF_APP_ADMIN=admin@example.com

RF_APP_ADMIN_PASSWD=P@ssw0rd!

RF_ROLE_ARN=arn:aws:iam::012345678910:role/rapidfort-role 

RF_S3_BUCKET=rapidfort-s3

 

Static IP Address: To launch a RapidFort instance with a static IP address (192.0.2.0), specify the following User Data:

Example User Data

RF_APP_HOST=192.0.2.0

RF_APP_ADMIN=admin@example.com

RF_APP_ADMIN_PASSWD=P@ssw0rd!

RF_ROLE_ARN=arn:aws:iam::012345678910:role/rapidfort-role 

RF_S3_BUCKET=rapidfort-s3

 

Load Balancer: To launch a RapidFort instance that will use a load balancer (rapidfort.example.com), specify the following User Data:

Example User Data

RF_APP_HOST=rapidfort.example.com

RF_APP_ADMIN=admin@example.com

RF_APP_ADMIN_PASSWD=P@ssw0rd!

RF_ROLE_ARN=arn:aws:iam::012345678910:role/rapidfort-role 

RF_S3_BUCKET=rapidfort-s3

Add Storage

We recommend adding at least 4 TB of storage.

Add Tags

No special actions are required. Continue to the next step.

Configure Security Group

Select the security group you created for RapidFort (e.g. rapidfort-port-443).

Review Instance Launch

• Review the instance launch details and verify the following:
• The security group, VPC, and subnet allow
  • Inbound access to port 443
  • Outbound access to *
• The instance type is c5.4xlarge
• At least 4 TB of storage has been added
• If you are using a static IP address or load balancer, then RF_APP_HOST is set to this value in the User Data
• If the EC2 instance should not have a public IP address, then the Auto-assign Public IP option is disabled
• The environment where you will deploy and test your stub images (e.g. Kubernetes or AWS Fargate) has access to the RapidFort EC2 instance

Launch the EC2 instance.