Download the PingIntelligence policy
tool to the
- Complete the following steps to untar the policy tool:
- At the command prompt, type the following command to untar the policy
tar –zxvf <filename>For example:
tar –zxvf pi-aws-4.0.tar.gz
- To verify that the tool successfully installed, type the
lscommand at the command prompt. This should list the pingidentity directory and the build
- At the command prompt, type the following command to untar the policy tool file:
|Contains the following scripts:
|Jar files and various dependencies. Do not edit the contents of this directory.
Contains the request and response Lambda functions:
|Contains the log and status files.
Configure the automated tool
aws.properties file available in the
/pingidentity/pi/aws/config/ directory. The following table
describes the variables in the
|Choose the authentication mode between
Note: If you running the PingIntelligence policy tool from your local machine, use the
keys mode. If you are running the tool
from an EC2 instance, use the
|AWS access key. This is applicable when the mode is set to
|AWS secret key. This is applicable when the mode is set to
|AWS Origin Response Lambda memory in MB. Default value is 1024 MB. The memory can be configured in multiple of 64. Minimum and maximum value are 128 and 3008 respectively. For more information, see AWS Lambda Pricing
|The CloudFront distribution ID.
|The ASE primary host IP address and port or hostname and port
|The ASE secondary host IP address and port or hostname and
port. ASE secondary host receives traffic only when the primary
ASE host is unreachable.
Note: This field cannot be left blank. In a testing environment, enter the same IP address for primary and secondary ASE host.
If both the ASE hosts are unreachable, the request is directly sent to the backend API server.
|Enable or disable SSL communication between Lambda functions
and ASE. The default value is
|Enter the ASE token generated during the prerequisite step.
Following is a sample
# Copyright 2019 Ping Identity Corporation. All Rights Reserved.
# Ping Identity reserves all rights in The program as delivered. Unauthorized use, copying,
# modification, reverse engineering, disassembling, attempt to discover any source code or
# underlying ideas or algorithms, creating other works from it, and distribution of this
# program is strictly prohibited. The program or any portion thereof may not be used or
# reproduced in any form whatsoever except as provided by a license without the written
# consent of Ping Identity. A license under Ping Identity's rights in the Program may be
# available directly from Ping Identity.
#Authentication mode access-key & secret-key / role based access. Values can be keys or role.
#AWS access key
#AWS secret key
#AWS Lambda memory in MB. It should be a multiple of 64. Minimum and maximum value are 128 and 3008 respectively.
#Cloudfront distribution ID
#ASE Primary Host <IP/Host>:<port>
#ASE Secondary Host <IP/Host>:<port>
#ASE SSL status
#ASE sideband authentication token
aws.properties file, create a role for the EC2 instance. This
role is required for the PingIntelligence policy deployment tool. Complete the
following steps to create and configure.
- Select EC2 as service and click on Next: Permissions button:
- Choose the following three Policies and provide a name for each role (for
After providing the name, click on Create role.
- In the Summary page of the role that you created in step 2, click on the Trust relationships tab and then click on Edit trust relationship button: