RapidFort Helm Chart AWS Deployment
Deploy RapidFort in your AWS Kubernetes Environment

Minimum Requirements

  • Kubernetes 1.19+
  • Helm 3.0.0+
  • Amazon Web Services (AWS) Account
    • S3 Bucket for RapidFort data
    • One of the following:
      • IAM User with Read/Write/List permissions for the S3 bucket
        • AWS Access Key ID
        • AWS Secret Access Key
      • IAM Role with Read/Write/List permissions for the S3 bucket
        • The policy attached to the role must give permissions to assume the role
  • The node on which the iso-master RapidFort microservice will be deployed should have at least 2 TB of storage
The RapidFort Helm Chart is based on the Nginx Ingress Controller and creates an ingress rule. Please refer to Nginx Ingress Controller Deployment for more information.

Deployment

This guide assumes that you have already installed and set up Kubernetes and Helm.

Step 1: AWS Prerequisites

Before deploying RapidFort, you will need to create an S3 bucket and an IAM user with Read/List/Write permissions for the S3 bucket.

Step 2: Get the RapidFort Helm Chart

git clone https://github.com/rapidfort/rapidfort.git

Step 3: Update values.yaml

For more information on available parameters, please refer to Parameters.

Step 3.1: Update secret

secret:
aws_access_key_id: ""
aws_secret_access_key: ""
aws_role_arn: ""
aws_default_region: ""
s3_bucket: ""
rf_app_admin: ""
rf_app_admin_passwd: ""
rf_app_host: ""
Update the values in the secret section.
  • AWS Access Key ID and Secret Access Key
    • aws_access_key_id: Specify the AWS Access Key ID.
    • aws_secret_access_key: Specify the AWS Secret Access Key.
    • Delete the aws_role_arn: "" placeholder.
  • AWS Role ARN
    • aws_role_arn: Specify the AWS Role ARN.
    • Delete the aws_access_key_id: "" and aws_secret_access_key: "" placeholders.
    • Make sure that the policy attached to the role gives permissions to assume the role.
  • aws_default_region: Specify the AWS region (e.g. us-east-1, us-west-2, etc) in which RapidFort will be deployed.
  • s3_bucket: Specify the name (not the ARN) of the S3 bucket that you created for RapidFort.
    • Example: AWS Commercial
      • ARN: arn:aws:s3::::rapidfort-s3
      • Name: rapidfort-s3
      • rf_s3_bucket: rapidfort-s3
    • Example: AWS GovCloud
      • ARN: arn:aws-gov:s3::::rapidfort-s3
      • Name: rapidfort-s3
      • rf_s3_bucket: rapidfort-s3
  • rf_app_admin: Specify the email address for the admin user. RapidFort will send a confirmation email when the deployment is ready.
  • rf_app_admin_passwd: Specify a temporary password for the admin user. You may change your password after logging into the RapidFort user interface.
  • rf_app_host: If you have a static IP address or hostname, then specify this. Otherwise, specify the IP address of the deployment.

Step 3.2: Update global

global:
rf_app_host: ""
  • rf_app_host: If you have a hostname or static IP address, then specify this here. Otherwise, leave this blank to assign a dynamic IP address to the RapidFort deployment.

Step 3.3: sc and ingress

sc:
enabled: false
ingress:
enabled: true
  • sc: Leave this value as-is (enabled: false).
  • ingress: If you are using an NGINX ingress controller, then set enabled: true.

Step 3.4: Update RapidFort Services

aggregator:
enabled: true
image:
repository: "public.ecr.aws/rapidfort/aggregator-exe"
tag: "1.1.0-74bca60-2910-rfhardened"
backend:
enabled: true
image:
repository: "public.ecr.aws/rapidfort/backend-exe"
tag: "1.1.0-fe79693-2910-rfhardened"
frontrow:
enabled: true
authUrl: ""
image:
repository: "public.ecr.aws/rapidfort/frontrow"
tag: "1.1.0-c8e4edb-2910-rfhardened"
# other RapidFort services...
For each RapidFort service, update the repository and tag if necessary.
  • aggregator
  • backend
  • frontrow
    • authUrl: Set this to the same value as the global rf_app_host.
  • iso-master
  • rf-scan
  • rfapi
  • rfpubsub
  • runner

Step 3.5: Update logger

logger:
enabled: false
env:
rf_s3_bucket: ""
aws_default_region: ""
If you would like to enable the logger, then update the following values:
  • enabled: true
  • rf_s3_bucket: Specify the name (not the ARN) of the S3 bucket where the logs should be saved.
    • Example: AWS Commercial
      • ARN: arn:aws:s3::::rapidfort-s3
      • Name: rapidfort-s3
      • rf_s3_bucket: rapidfort-s3
    • Example: AWS GovCloud
      • ARN: arn:aws-gov:s3::::rapidfort-s3
      • Name: rapidfort-s3
      • rf_s3_bucket: rapidfort-s3
  • aws_default_region: Specify the AWS region (e.g. us-east-1, us-west-2, us-gov-east-1, etc) in which RapidFort will be deployed.

Step 4: Deploy RapidFort

Run the following command to deploy RapidFort.
helm upgrade --install rapidfort ./ -f values.yaml -n <namespace>
For example, to deploy RapidFort in the rapidfort namespace:
helm upgrade --install rapidfort ./ -f values.yaml -n rapidfort
Make sure that the node on which the iso-master RapidFort microservice will be deployed has at least 2 TB of storage.

Next Steps

Welcome Email

If the deployment was successful, then you should receive a welcome email from RapidFort when the system is ready.
If you do not receive a welcome email, please review the deployment settings and Kubernetes logs.

Visit the RapidFort Dashboard

Click on the link in the welcome email and log into the RapidFort dashboard using the email address and password that you specified earlier (rf_app_admin and rf_app_admin_passwd). You may change your password after logging in.

Get a RapidFort License

The RapidFort dashboard will guide you through the steps for contacting RapidFort Support ([email protected]) and requesting a license.
When RapidFort Support sends a license, then log back into the RapidFort dashboard to update the license.
Congratulations! You are now ready to start optimizing and securing your applications.

Uninstall RapidFort

To uninstall RapidFort, run the following command:
helm uninstall rapidfort -n <namespace>
For example, if you deployed RapidFort in the rapidfort namespace:
helm uninstall rapidfort -n rapidfort