AWS AMI Deployment Guide

Introduction

The ThreatX WAF Sensor AMI can be used to quickly and easily add application security to applications deployed in AWS VPCs. The AMI can be found by launching an instance and searching for “ThreatX WAF” when choosing an AMI.

This AMI will…​

  • Keeps the ThreatX container image up to when new ec2 instances are launched from the AMI

  • Manages the life cycle of containerized WAF instances

  • Configured with User-Data

image001-1024x745
Figure 1. Selecting the ThreatX AMI in the AWS Marketplace

Installation

Minimum Requirements

CPU

2 cores
RAM

1 GB
Disk

20 GB
An instance type of t3.micro or larger is recommended.

Configuration

In the simplest deployment, the AMI can be launched with the following User-Data information:

cloud-config
  #cloud-config
  write_files:
      - path: /etc/txconf
        content: |
           CUSTOMER=<customer_name>
           API_KEY=<customer_sensor_key>
           RESOLVER=local
           SENSOR_TAGS=tag1,tag2
SENSOR_TAGS accepts a comma-separated list of strings

Troubleshooting

Login to the ec2 instance

Login as core user
$ ssh -i sshkey.pem core@<instance_url>
See the AMI version
$ echo $TXWAF_AMI_VERSION

Check Logs

Check for problems in the txwaf service
$ journalctl -u txwaf
Check for problems in the docker container
$ docker logs txwaf
Check for problems in the kernel
$ dmesg

Enter the txwaf container

Get a shell into the ThreatX WAF container
$ docker exec -it txwaf bash