Page created: 12 May 2021 |
Page updated: 1 Nov 2021
Using the PingIntelligence AWS policy tool, deploy the PingIntelligence policy in AWS @Lambda in the North Virginia (US-East-1) region. The Lambda function pushes the PingIntelligence policy to the Amazon CloudFront in the local AWS instances. The PingIntelligence Lamba policy communicates with PingIntelligence ASE to pass request and response metadata and check whether the client request should be blocked or passed to the AWS gateway.
Note: At present, the policy must be initially deployed in North Virginia (US-East-1) region.
To deploy the PingIntelligence policy, run the following command:
/opt/pingidentity/pi/aws/bin$ deploy.sh -ca Deploying PI AWS Policy with CA-signed certificate 1) Create IAM Role named PI-Role - status... done 2) Create a policy named LambdaEdgeExecution-PI - status... done 3) Attach LambdaEdgeExecution-PI Policy to Role PI-Role... done 4) Generating policy... done 5) Deploying PI-ASE-Request Lambda... done 6) Fetching PI-ASE-Request Lambda version... done 7) Deploying PI-ASE-Response Lambda... done 8) Fetching PI-ASE-Response Lamda version... done 9) Deploying PI-ASE-Request Lamda CloudFront... done 10) Deploying PI-ASE-Response Lambda CloudFront... done Successfully deployed PI AWS Policy.
deploy.sh script is run without
ca option, the
policy is deployed using the self-signed certificate which is included in the
PingIntelligence policy. By the running the policy tool, the following two policies are
- Request Lambda
- Response Lambda
Check the status of deployment: To check the status of the PingIntelligence policy deployment, run the
/opt/pingidentity/pi/aws/bin$ status.sh Checking the PI AWS Policy deployment status 1) IAM Role named PI-Role deployment - status... deployed 2) IAM Policy named LambdaEdge-PI deployment - status... deployed 3) PI-ASE-Request Lamda deployment - status... deployed 4) PI-ASE-Response Lamda deployment - status... deployed 5) PI-ASE-Request Lamda CloudFront deployment - status... deployed 6) PI-ASE-Response Lamda CloudFront deployment - status... deployed PI AWS Policy is already installed.