Deploy PingIntelligence Policy for AWS - PingIntelligence for APIs

Deploy PingIntelligence Policy for AWS - PingIntelligence for APIs - 5.1

PingIntelligence

bundle

pingintelligence-51

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 5.1

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-51

pingintelligence

private

ContentType_ce

Page created: 1 Nov 2021 |

Page updated: 3 May 2022

| 2 min read

Product PingIntelligence for APIs 5.1 Capability API Security Advanced API Cybersecurity Linux On-Premises Operating System Hosting Environment Installation User task Configuration Integration

Using the PingIntelligence AWS policy tool, deploy the PingIntelligence policy in AWS @Lambda in the North Virginia (US-East-1) region. The Lambda function pushes the PingIntelligence policy to the Amazon CloudFront in the local AWS instances. The PingIntelligence Lamba policy communicates with PingIntelligence ASE to pass request and response metadata and check whether the client request should be blocked or passed to the AWS gateway.

Note: At present, the policy must be initially deployed in North Virginia (US-East-1) region.

To deploy the PingIntelligence policy, run the following command:

/opt/pingidentity/pi/aws/bin$ deploy.sh -ca

Deploying PI AWS Policy with CA-signed certificate

1) Create IAM Role named PI-Role - status... done
2) Create a policy named LambdaEdgeExecution-PI - status... done
3) Attach LambdaEdgeExecution-PI Policy to Role PI-Role... done
4) Generating policy... done
5) Deploying PI-ASE-Request Lambda... done
6) Fetching PI-ASE-Request Lambda version... done
7) Deploying PI-ASE-Response Lambda... done
8) Fetching PI-ASE-Response Lamda version... done
9) Deploying PI-ASE-Request Lamda CloudFront... done
10) Deploying PI-ASE-Response Lambda CloudFront... done

Successfully deployed PI AWS Policy.

When the deploy.sh script is run without ca option, the policy is deployed using the self-signed certificate which is included in the PingIntelligence policy. By the running the policy tool, the following two policies are deployed:

Request Lambda
Response Lambda

Check the status of deployment: To check the status of the PingIntelligence policy deployment, run the status.sh command:

/opt/pingidentity/pi/aws/bin$ status.sh
Checking the PI AWS Policy deployment status

1) IAM Role named PI-Role deployment - status... deployed
2) IAM Policy named LambdaEdge-PI deployment - status... deployed
3) PI-ASE-Request Lamda deployment - status... deployed
4) PI-ASE-Response Lamda deployment - status... deployed
5) PI-ASE-Request Lamda CloudFront deployment - status... deployed
6) PI-ASE-Response Lamda CloudFront deployment - status... deployed

PI AWS Policy is already installed.

API discovery

PingIntelligence API discovery is a process to discover, and report APIs from your API environment. The discovered APIs are reported in PingIntelligence Dashboard. APIs are discovered when a global API JSON is defined in the ASE. For more information, see API discovery and configuration . You can edit the discovered API's JSON definition in Dashboard before adding them to ASE. For more information on editing and configuring API discovery, see Discovered APIs.