AWS AMI Deployment Guide

The ThreatX WAF Sensor AMI can be used to quickly and easily add application security to applications deployed in AWS VPCs. The AMI can be found by launching an instance and searching for “ThreatX WAF” when choosing an AMI.

image001-1024x745
AMI Attributes

  • Based on the latest (at the time of publishing) CentOS AMI

  • Pulls the latest version of the txWAF Sensor container from Docker Hub at instance launch and on service restart

  • Restarts the txWAF docker container if it stops

  • Can be orchestrated via User-Data

Launching the AMI

Minimum Requirements
CPU

2 cores
RAM

1 GB
Disk

20 GB
An instance type of t3.micro or larger is recommended.

Configuration

In the simplest deployment, the AMI can be launched with the following User-Data information:

#cloud-config

write_files:
 - path: /etc/txconf
   content: |
     CUSTOMER=<customer_name>
     API_KEY=<customer_sensor_key>
     RESOLVER=local
     SENSOR_TAGS=tag1,tag2  (1)
1 You can set the SENSOR_TAGS variable to a comma delimited list of tags that can help you filter the sensors within the ThreatX Dashboard UI or API.

Troubleshooting

Login as core user
$ ssh -i sshkey.pem core@200.1.1.1
Get root access.
$ sudo su
See the AMI version
$ echo $TXWAF_AMI_VERSION
Follow the CentOS system log
$ journalctl -f
See the ThreatX WAF docker container
$ docker ps
Get a shell into the ThreatX WAF container
$ docker exec -it txwaf bash