R
R
RapidFort User Documentation
Search…
Welcome to RapidFort
RapidFort Support
RapidFort SaaS
RapidFort SaaS Solution
RapidFort On-Premises
RapidFort On-Premises Solution
RapidFort AWS Prerequisites
RapidFort Helm Chart AWS Deployment
RapidFort Standalone AWS Commercial Console Deployment
RapidFort Standalone AWS GovCloud Console Deployment
Using RapidFort
RapidFort Command Line Interface Tools
RapidFort User Interface
RapidFort Service Accounts
Getting Started Guides
Getting Started: Stub and Harden a Docker Image
Getting Started: Stub and Harden a Docker Image with Docker-Compose
Getting Started: Stub and Harden a Docker Image with Kubernetes
Getting Started: Stub and Harden a Docker Image with GitLab
Getting Started: Stub and Harden a Docker Image with Bitbucket
Getting Started: Scan a Docker Image
How To Guides
Add the SYS_PTRACE Linux Kernel Capability
Verify that Profiling Information is Propagated to RapidFort
Download Reports
RapidFort GitLab CI/CD Integration
Using RapidFort with Helm Charts
Scanning with RapidFort
Overview
Registry Configuration
Scanning Images
Scanning Container Registries
Scanning Amazon Elastic Container Registry (ECR) Images
Advanced Features
Workload Tags
Hardening Features
Hardening Profiles
Powered By GitBook
RapidFort Standalone AWS GovCloud Console Deployment
Deploy a standalone RapidFort EC2 instance from the AWS GovCloud Console

Minimum Requirements

  • Amazon EC2 instance
    • Type: c5.4xlarge (16 vCPU and 32 GB memory) or better
    • Storage: 4 TB or more
  • S3 Bucket for RapidFort data
  • IAM EC2 Role and Policy OR IAM User with Read/Write/List permissions for the S3 bucket
  • EC2 security group with inbound and outbound access to port 443
  • VPC and subnet with outbound access to the following:
    • public.ecr.aws (RapidFort Software Updates)
    • email-smtp.<aws_region>.amazonaws.com (Email)
  • RapidFort Amazon Machine Image (AMI)
    • Please contact RapidFort Support ([email protected]) and provide the following:
      • AWS Account ID
      • AWS Region
    • RapidFort will share the AMI with your AWS Account

Deployment

Step 1: AWS Prerequisites

Step 1.1: Create an S3 Bucket and set up IAM

Before deploying RapidFort, you will need to create an S3 bucket and an IAM EC2 role or IAM user with Read/List/Write permissions for the S3 bucket.

Step 1.2: Create an EC2 Security Group

Create an EC2 security group with inbound and outbound access to port 443 (e.g. rapidfort-port-443).

2. Launch a RapidFort EC2 Instance

Step 2.1: Choose an Amazon Machine Image (AMI)

Contact RapidFort for the AMI ID. RapidFort will share the AMI with you. Search for and select the AMI in Private Images.

Step 2.2: Choose an Instance Type

Select instance type c5.4xlarge.

Step 2.3: Configure Instance Details

Network/Subnet: Select the VPC and subnet.
RapidFort requires outbound access to the following:
  • public.ecr.aws (RapidFort Software Updates)
  • email-smtp.<aws_region>.amazonaws.com (Email)
Furthermore, the environment where you will deploy and test your stub images (for example, Kubernetes or AWS Fargate) must have access to the RapidFort EC2 instance.
Auto-assign Public IP: If your EC2 instance should have a private IP address only, select Disable.
Please note that RapidFort does not require a public IP address. However, if a public IP address is assigned to the EC2 instance, then the public IP address will take precedence over the private IP address.
IAM role: Select the role that you created for RapidFort (e.g. rapidfort-role).
User data: Copy and paste the following text to User Data.
User Data Template - IAM Role
RF_APP_HOST=
RF_APP_ADMIN=<admin_email_address>
RF_APP_ADMIN_PASSWD=<admin_password>
RF_ROLE_ARN=<rapidfort_role_arn>
RF_S3_BUCKET=<rapidfort_s3_bucket_name>
User Data Template - IAM User
RF_APP_HOST=
RF_APP_ADMIN=<admin_email_address>
RF_APP_ADMIN_PASSWD=<admin_password>
AWS_ACCESS_KEY_ID=<rapidfort_access_key_id>
AWS_SECRET_ACCESS_KEY=<rapidfort_secret_access_key>
RF_S3_BUCKET=<rapidfort_s3_bucket_name>
Update the following User Data variables:
  • RF_APP_HOST
    • Dynamic IP Address: Set RF_APP_HOST to an empty string.
      • RF_APP_HOST=
    • Static IP Address: Set RF_APP_HOST to the static IP address.
      • RF_APP_HOST=<static_ip_address>
    • Load Balancer: If you plan to use RapidFort with a load balancer, set RF_APP_HOST to the hostname. Please note that your load balancer is not required to already be up and running when you initially deploy the RapidFort instance.
      • RF_APP_HOST=<hostname>
  • RF_APP_ADMIN
    • Specify your email address. A confirmation email will be sent to this email address.
  • RF_APP_ADMIN_PASSWD
    • Specify a password. You can change your password after the RapidFort instance has been deployed.
  • RF_ROLE_ARN
    • If you are using an IAM role, then specify the role ARN for the RapidFort role that you created earlier.
  • AWS_ACCESS_KEY_ID
    • If you are using an IAM user, then specify the access key ID for the RapidFort user that you created earlier.
  • AWS_SECRET_ACCESS_KEY
    • If you are using an IAM user, then specify the secret access key for the RapidFort user that you created earlier.
  • RF_S3_BUCKET
    • Specify the name (not the ARN) of the S3 bucket that you created for RapidFort.
      For example, if your S3 bucket ARN is arn:aws-us-gov:s3::::rapidfort-s3, then the name is rapidfort-s3. Set RF_S3_BUCKET=rapidfort-s3.
Make sure that you update all User Data variables or else the deployment will fail.
User Data Examples
These examples will show the appropriate User Data for launching a RapidFort instance with the following parameters:
Dynamic IP Address: To launch a RapidFort instance with a dynamic IP address, specify the following User Data:
Example User Data
RF_APP_HOST=
RF_APP_ADMIN=[email protected]
RF_APP_ADMIN_PASSWD=[email protected]!
RF_ROLE_ARN=arn:aws-us-gov:iam::123456789010:role/rapidfort-role
RF_S3_BUCKET=rapidfort-s3
Static IP Address: To launch a RapidFort instance with a static IP address (192.0.2.0), specify the following User Data:
Example User Data
RF_APP_HOST=192.0.2.0
RF_APP_ADMIN=[email protected]
RF_APP_ADMIN_PASSWD=[email protected]!
RF_ROLE_ARN=arn:aws-us-gov:iam::123456789010:role/rapidfort-role
RF_S3_BUCKET=rapidfort-s3
Load Balancer: To launch a RapidFort instance that will use a load balancer (rapidfort.example.com), specify the following User Data:
Example User Data
RF_APP_HOST=rapidfort.example.com
RF_APP_ADMIN=[email protected]
RF_APP_ADMIN_PASSWD=[email protected]!
RF_ROLE_ARN=arn:aws-us-gov:iam::123456789010:role/rapidfort-role
RF_S3_BUCKET=rapidfort-s3

Step 2.4: Add Storage

We recommend adding at least 4 TB of storage.

Step 2.5: Add Tags

No special actions are required. Continue to the next step.

Step 2.6: Configure Security Group

Select the security group that you created for RapidFort (e.g. rapidfort-port-443).

Step 2.7: Review Instance Launch

Review the instance launch details and verify the following:
  • The VPC and subnet allow outbound access to:
    • public.ecr.aws (RapidFort Software Updates)
    • email-smtp.<aws_region>.amazonaws.com (Email)
  • The security group allows inbound and outbound access to port 443
  • The instance type is c5.4xlarge
  • At least 4 TB of storage has been added
  • If you are using a static IP address or load balancer, then RF_APP_HOST is set to this value in the User Data
  • If the EC2 instance should not have a public IP address, then the Auto-assign Public IP option is disabled
  • The environment where you will deploy and test your stub images (e.g. Kubernetes or AWS Fargate) has access to the RapidFort EC2 instance
Launch the EC2 instance.
Make a note of the hostname or IP address of the EC2 instance (rapidfort_host) since this is required for installing the RapidFort command line interface (CLI) tools and accessing the RapidFort dashboard.
​

Post-Deployment

Verify Connectivity

When the RapidFort EC2 instance is up and running, run the following command to verify that the instance is reachable:
timeout 15 nc -vz <rapidfort_host> 443
If the RapidFort EC2 instance is not reachable, verify the following:
  • The VPC and subnet allow access to the system on which connectivity is being verified (e.g. GitLab)
  • The security group allows inbound and outbound access to port 443

Review User Data

From the AWS Console, select Instance Settings -> Edit user data. Inspect the Current user data and verify that all variables have been updated.

Confirmation Email

You should receive a RapidFort confirmation email after approximately 15 minutes.
Click the magic link to visit the RapidFort dashboard and update your password. You can also open a web browser and navigate to https://<rapidfort_host>/login.
If you do not receive a confirmation email, please review the EC2 instance details and verify the following:
  • The VPC and subnet allow outbound access to email-smtp.<aws_region>.amazonaws.com
  • The User Data RF_APP_ADMIN variable specifies the correct email address
Note that you can log into the RapidFort dashboard using the email address and password specified in the User Data (RF_APP_ADMIN and RF_APP_ADMIN_PASSWD).

Install the RapidFort Command Line Interface Tools

Run the following command to install the RapidFort Command Line Interface tools:
curl https://<rapidfort_host>/cli/ | bash
RapidFort On-Premises - Previous
RapidFort Standalone AWS Commercial Console Deployment
Next - Using RapidFort
RapidFort Command Line Interface Tools
Last modified 2mo ago
Copy link
Outline
Minimum Requirements
Deployment
Step 1: AWS Prerequisites
2. Launch a RapidFort EC2 Instance
Post-Deployment
Verify Connectivity
Review User Data
Confirmation Email
Install the RapidFort Command Line Interface Tools