PingIntelligence

Deploying the PingIntelligence policy for AWS

Using the PingIntelligence Amazon Web Services (AWS) policy tool, deploy the PingIntelligence policy in AWS @Lambda in the North Virginia (US-East-1) region.

About this task

The Lambda function pushes the PingIntelligence policy to the Amazon CloudFront in the local AWS instances. ThePingIntelligence Lamba policy communicates with PingIntelligence ASE to pass request and response metadata and check whether the client request should be blocked or passed to the AWS gateway.

At present, the policy must be initially deployed in North Virginia (US-East-1) region.

To deploy the PingIntelligence policy:

Steps

  1. Run the following command:

    /opt/pingidentity/pi/aws/bin$ deploy.sh -ca

    When the deploy.sh script is run without ca option, the policy is deployed using the self-signed certificate, which is included in the PingIntelligence policy. By the running the policy tool, the following two policies are deployed:

    • Request Lambda

    • Response Lambda

    Result:

    Deploying PI AWS Policy with CA-signed certificate
    
    1) Create IAM Role named PI-Role - status... done
    2) Create a policy named LambdaEdgeExecution-PI - status... done
    3) Attach LambdaEdgeExecution-PI Policy to Role PI-Role... done
    4) Generating policy... done
    5) Deploying PI-ASE-Request Lambda... done
    6) Fetching PI-ASE-Request Lambda version... done
    7) Deploying PI-ASE-Response Lambda... done
    8) Fetching PI-ASE-Response Lamda version... done
    9) Deploying PI-ASE-Request Lamda CloudFront... done
    10) Deploying PI-ASE-Response Lambda CloudFront... done
    
    Successfully deployed PI AWS Policy.
  2. To check the status of the PingIntelligence policy deployment, run the status.sh command:

    /opt/pingidentity/pi/aws/bin$ status.sh
    Checking the PI AWS Policy deployment status
    
    1) IAM Role named PI-Role deployment - status... deployed
    2) IAM Policy named LambdaEdge-PI deployment - status... deployed
    3) PI-ASE-Request Lamda deployment - status... deployed
    4) PI-ASE-Response Lamda deployment - status... deployed
    5) PI-ASE-Request Lamda CloudFront deployment - status... deployed
    6) PI-ASE-Response Lamda CloudFront deployment - status... deployed
    
    PI AWS Policy is already installed.

Next steps

PingIntelligence API discovery is a process to discover, and report APIs from your API environment. The discovered APIs are reported in the PingIntelligence Dashboard. APIs are discovered when a global API JavaScript Object Notation (JSON) is defined in the ASE. For more information, see API discovery and configuration. You can edit the discovered API’s JSON definition in the Dashboard before adding them to ASE. For more information on editing and configuring API discovery, see Discovered APIs.