diff --git a/cf-deploy-akto b/cf-deploy-akto index 9bf81ce..94a87ea 100755 --- a/cf-deploy-akto +++ b/cf-deploy-akto @@ -105,16 +105,16 @@ if [ ! -d "$DOCKER_CONTEXT" ]; then fi else log_step 'downloading...' - curl -L -XGET -o master.zip https://github.com/akto-api-security/infra/archive/refs/heads/feature/self_hosting.zip + curl -L -XGET -o master.zip https://github.com/akto-api-security/infra/archive/refs/heads/feature/segregation_2.zip log_step 'unpacking...' unzip master.zip - mv infra-feature-self_hosting infra + mv infra-feature-segregation_2 infra fi # NB: this is to make onprem containers to all get named the same. cd infra if ! command_present unzip; then - git checkout feature/self_hosting + git checkout feature/segregation_2 fi DOCKER_CONTEXT="$(pwd)" @@ -202,39 +202,39 @@ $MAYBE_SUDO docker-compose pull log_step "running Akto! ${WHITE}${BOLD}This can take up to 5 minutes${NORMAL}" -export AKTO_KAFKA_IP=$(curl http://169.254.169.254/latest/meta-data/local-ipv4) -echo AKTO_KAFKA_IP=$AKTO_KAFKA_IP >> .env -$MAYBE_SUDO docker-compose up +# export AKTO_KAFKA_IP=$(curl http://169.254.169.254/latest/meta-data/local-ipv4) +# echo AKTO_KAFKA_IP=$AKTO_KAFKA_IP >> .env +# $MAYBE_SUDO docker-compose up -echo "" -echo " -- ${GREEN}${BOLD}!! AKTO IS BOOTING !!${NORMAL} --" +# echo "" +# echo " -- ${GREEN}${BOLD}!! AKTO IS BOOTING !!${NORMAL} --" -WAITED=0 +# WAITED=0 -sp="/-\|" -echo -n ' ' -i=0 -while [ $WAITED -lt 100 ]; do - WAITED=$((WAITED + 1)) - sleep 0.1 - printf "\b${sp:i++%${#sp}:1}" -done +# sp="/-\|" +# echo -n ' ' +# i=0 +# while [ $WAITED -lt 100 ]; do +# WAITED=$((WAITED + 1)) +# sleep 0.1 +# printf "\b${sp:i++%${#sp}:1}" +# done -echo " -- ${GREEN}${BOLD}!! AKTO LAUNCHED !!${NORMAL} --" +# echo " -- ${GREEN}${BOLD}!! AKTO LAUNCHED !!${NORMAL} --" -# NB: empty stuff to fully wipe out previous line completely -printf "\r%s%s%s%s%s%s%s%s" "$MAGENTA" 'Check out your ' "$BOLD" 'BROWSER' "${NORMAL}${MAGENTA}" ' for some awesomeness!!!' "$NORMAL" ' ' -echo +# # NB: empty stuff to fully wipe out previous line completely +# printf "\r%s%s%s%s%s%s%s%s" "$MAGENTA" 'Check out your ' "$BOLD" 'BROWSER' "${NORMAL}${MAGENTA}" ' for some awesomeness!!!' "$NORMAL" ' ' +# echo -echo "" -echo " ${CYAN}Navigate to${NORMAL}: ${WHITE}${BOLD}http://localhost:8080/login${NORMAL} or ${WHITE}${BOLD}[publically_accessible_ip]:8080/login${NORMAL}" -echo "" +# echo "" +# echo " ${CYAN}Navigate to${NORMAL}: ${WHITE}${BOLD}http://localhost:8080/login${NORMAL} or ${WHITE}${BOLD}[publically_accessible_ip]:8080/login${NORMAL}" +# echo "" -echo "Akto was installed in ~/akto. It will run in the background until you manually stop it. If Akto stops you can restart it without losing your data. " +# echo "Akto was installed in ~/akto. It will run in the background until you manually stop it. If Akto stops you can restart it without losing your data. " -if command_present open; then - open 'http://localhost:8080/login' -fi +# if command_present open; then +# open 'http://localhost:8080/login' +# fi diff --git a/cf-deploy-akto-start b/cf-deploy-akto-start new file mode 100644 index 0000000..8b3f85c --- /dev/null +++ b/cf-deploy-akto-start @@ -0,0 +1,65 @@ +#!/usr/bin/env bash + +# NB: local trial script has to be self-contained +# See https://sipb.mit.edu/doc/safe-shell/ +set -euf -o pipefail + +export MAYBE_SUDO="" +pwd + +echo "starting....." + +if [ -t 1 ]; then + export NORMAL="$(tput sgr0)" + export RED="$(tput setaf 1)" + export GREEN="$(tput setaf 2)" + export MAGENTA="$(tput setaf 5)" + export CYAN="$(tput setaf 6)" + export WHITE="$(tput setaf 7)" + export BOLD="$(tput bold)" +else + export NORMAL="" + export RED="" + export GREEN="" + export MAGENTA="" + export CYAN="" + export WHITE="" + export BOLD="" +fi + +cd ~/akto/infra + +$MAYBE_SUDO docker-compose up + +echo "" +echo " -- ${GREEN}${BOLD}!! AKTO IS BOOTING !!${NORMAL} --" + +WAITED=0 + +sp="/-\|" +echo -n ' ' +i=0 +while [ $WAITED -lt 100 ]; do + WAITED=$((WAITED + 1)) + sleep 0.1 + printf "\b${sp:i++%${#sp}:1}" +done + + +echo " -- ${GREEN}${BOLD}!! AKTO LAUNCHED !!${NORMAL} --" + + +# NB: empty stuff to fully wipe out previous line completely +printf "\r%s%s%s%s%s%s%s%s" "$MAGENTA" 'Check out your ' "$BOLD" 'BROWSER' "${NORMAL}${MAGENTA}" ' for some awesomeness!!!' "$NORMAL" ' ' +echo + +echo "" +echo " ${CYAN}Navigate to${NORMAL}: ${WHITE}${BOLD}http://localhost:8080/login${NORMAL} or ${WHITE}${BOLD}[publically_accessible_ip]:8080/login${NORMAL}" +echo "" + +echo "Akto was installed in ~/akto. It will run in the background until you manually stop it. If Akto stops you can restart it without losing your data. " + +# if command_present open; then +# open 'http://localhost:8080/login' +# fi + diff --git a/docker-compose-dashboard.yml b/docker-compose-dashboard.yml new file mode 100644 index 0000000..be5ea41 --- /dev/null +++ b/docker-compose-dashboard.yml @@ -0,0 +1,9 @@ +version: '3.3' + +services: + akto-api-security-dashboard: + image: aktosecurity/akto-api-security-dashboard:latest + env_file: ./docker-dashboard.env + restart: always + ports: + - "8080:8080" \ No newline at end of file diff --git a/docker-compose-mongo.yml b/docker-compose-mongo.yml new file mode 100644 index 0000000..38dec35 --- /dev/null +++ b/docker-compose-mongo.yml @@ -0,0 +1,11 @@ +version: '3.3' + +services: + mongo: + container_name: mongo + image: mongo + restart: on-failure:10 + volumes: + - ./data:/data/db + ports: + - "27017:27017" \ No newline at end of file diff --git a/docker-compose-runtime.yml b/docker-compose-runtime.yml new file mode 100644 index 0000000..22edc80 --- /dev/null +++ b/docker-compose-runtime.yml @@ -0,0 +1,74 @@ +version: '2.1' + +services: + zoo1: + image: confluentinc/cp-zookeeper:6.2.1 + restart: on-failure:10 + hostname: zoo1 + user: "0" + volumes: + - ./data-zoo-data:/var/lib/zookeeper/data + - ./data-zoo-logs:/var/lib/zookeeper/log + - ./data-zoo-secrets:/etc/zookeeper/secrets + container_name: zoo1 + ports: + - "2181:2181" + environment: + ZOOKEEPER_CLIENT_PORT: 2181 + ZOOKEEPER_SERVER_ID: 1 + ZOOKEEPER_SERVERS: zoo1:2888:3888 + + kafka1: + image: confluentinc/cp-kafka:6.2.1 + restart: on-failure:10 + hostname: kafka1 + user: "0" + ports: + - "9092:9092" + - "19092:19092" + - "29092:29092" + - "9999:9999" + environment: + KAFKA_ADVERTISED_LISTENERS: LISTENER_DOCKER_EXTERNAL_DIFFHOST://${AKTO_KAFKA_IP}:9092, LISTENER_DOCKER_INTERNAL://kafka1:19092,LISTENER_DOCKER_EXTERNAL_LOCALHOST://localhost:29092 + KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: LISTENER_DOCKER_EXTERNAL_DIFFHOST:PLAINTEXT, LISTENER_DOCKER_INTERNAL:PLAINTEXT,LISTENER_DOCKER_EXTERNAL_LOCALHOST:PLAINTEXT + KAFKA_INTER_BROKER_LISTENER_NAME: LISTENER_DOCKER_INTERNAL + KAFKA_ZOOKEEPER_CONNECT: "zoo1:2181" + KAFKA_BROKER_ID: 1 + KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1 + KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: 1 + KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 1 + KAFKA_CREATE_TOPICS: "akto.api.logs:3:3" + KAFKA_LOG_RETENTION_CHECK_INTERVAL_MS: 60000 + KAFKA_LOG_RETENTION_HOURS: 5 + KAFKA_LOG_SEGMENT_BYTES: 104857600 + KAFKA_LOG_CLEANER_ENABLE: "true" + KAFKA_CLEANUP_POLICY: "delete" + KAFKA_LOG_RETENTION_BYTES: 10737418240 + volumes: + - ./data-kafka-data:/var/lib/kafka/data + - ./data-kafka-secrets:/etc/kafka/secrets + depends_on: + - zoo1 + + akto-api-security-runtime: + image: aktosecurity/akto-api-security-runtime:latest + env_file: ./docker-runtime.env + mem_limit: 8g + restart: always + depends_on: + - kafka1 + + akto-api-security-mirror-api-logging: + image: aktosecurity/mirror-api-logging:local + env_file: ./docker-runtime.env + mem_limit: 4g + restart: always + depends_on: + - kafka1 + network_mode: host + + akto-hello-world: + image: hotavneesh/hello-world-server:latest + restart: always + ports: + - "8000:8000" diff --git a/docker-compose.yml b/docker-compose.yml index b9a2248..3fb9f3b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,10 +1,15 @@ -version: '3.3' +version: '2.1' services: zoo1: image: confluentinc/cp-zookeeper:6.2.1 restart: on-failure:10 hostname: zoo1 + user: "0" + volumes: + - ./data-zoo-data:/var/lib/zookeeper/data + - ./data-zoo-logs:/var/lib/zookeeper/log + - ./data-zoo-secrets:/etc/zookeeper/secrets container_name: zoo1 ports: - "2181:2181" @@ -17,7 +22,7 @@ services: image: confluentinc/cp-kafka:6.2.1 restart: on-failure:10 hostname: kafka1 - user: "appuser:appuser" + user: "0" ports: - "9092:9092" - "19092:19092" @@ -33,6 +38,15 @@ services: KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: 1 KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 1 KAFKA_CREATE_TOPICS: "akto.api.logs:3:3" + KAFKA_LOG_RETENTION_CHECK_INTERVAL_MS: 60000 + KAFKA_LOG_RETENTION_HOURS: 5 + KAFKA_LOG_SEGMENT_BYTES: 104857600 + KAFKA_LOG_CLEANER_ENABLE: "true" + KAFKA_CLEANUP_POLICY: "delete" + KAFKA_LOG_RETENTION_BYTES: 10737418240 + volumes: + - ./data-kafka-data:/var/lib/kafka/data + - ./data-kafka-secrets:/etc/kafka/secrets depends_on: - zoo1 @@ -49,6 +63,7 @@ services: image: aktosecurity/akto-api-security-dashboard:latest env_file: ./docker.env restart: always + mem_limit: 4g ports: - "8080:8080" depends_on: @@ -58,16 +73,16 @@ services: image: aktosecurity/akto-api-security-runtime:latest env_file: ./docker.env restart: always + mem_limit: 4g depends_on: - kafka1 - mongo akto-api-security-mirror-api-logging: - image: aktosecurity/mirror-api-logging:local + image: aktosecurity/mirror-api-logging:latest env_file: ./docker.env restart: always + mem_limit: 4g depends_on: - kafka1 network_mode: host - - diff --git a/docker-dashboard.env b/docker-dashboard.env new file mode 100644 index 0000000..d799845 --- /dev/null +++ b/docker-dashboard.env @@ -0,0 +1,10 @@ +# AKTO_MONGO_CONN=mongodb://mongo:27017/admini +AKTO_CONFIG_NAME=staging +AKTO_KAFKA_TOPIC_NAME=akto.api.logs +# AKTO_KAFKA_BROKER_URL=kafka1:19092 +AKTO_KAFKA_BROKER_MAL=localhost:29092 +AKTO_KAFKA_GROUP_ID_CONFIG=asdf +AKTO_KAFKA_MAX_POLL_RECORDS_CONFIG=100 +AKTO_ACCOUNT_NAME=Helios +AKTO_TRAFFIC_BATCH_SIZE=100 +AKTO_TRAFFIC_BATCH_TIME_SECS=10 \ No newline at end of file diff --git a/docker-runtime.env b/docker-runtime.env new file mode 100644 index 0000000..37f8387 --- /dev/null +++ b/docker-runtime.env @@ -0,0 +1,12 @@ +# AKTO_MONGO_CONN=mongodb://mongo:27017/admini +AKTO_CONFIG_NAME=staging +AKTO_KAFKA_TOPIC_NAME=akto.api.logs +AKTO_KAFKA_BROKER_URL=kafka1:19092 +AKTO_KAFKA_BROKER_MAL=localhost:29092 +AKTO_KAFKA_GROUP_ID_CONFIG=asdf +AKTO_KAFKA_MAX_POLL_RECORDS_CONFIG=100 +AKTO_ACCOUNT_NAME=Helios +AKTO_TRAFFIC_BATCH_SIZE=100 +AKTO_TRAFFIC_BATCH_TIME_SECS=10 +USE_HOSTNAME=true + diff --git a/templates/akto-vpn-nlb-template.json b/templates/akto-vpn-nlb-template.json index bfc168d..6331c63 100644 --- a/templates/akto-vpn-nlb-template.json +++ b/templates/akto-vpn-nlb-template.json @@ -72,13 +72,13 @@ } }, "Resources": { - "AktoSecurityGroup": { + "AktoMongoSecurityGroup":{ "Type": "AWS::EC2::SecurityGroup", "Properties": { "VpcId": { "Ref": "VPC" }, - "GroupDescription": "Enable the ports Akto requires (22, 8080, 4789, 9092)", + "GroupDescription": "Enable the ports Mongo requires (22, 27017)", "SecurityGroupIngress": [ { "IpProtocol": "tcp", @@ -90,8 +90,110 @@ }, { "IpProtocol": "tcp", - "FromPort": 8080, - "ToPort": 8080, + "FromPort": 27017, + "ToPort": 27017, + "CidrIp": { + "Ref": "VpcCIDR" + } + } + ], + "SecurityGroupEgress": [ + + ] + }, + "Metadata": { + "AWS::CloudFormation::Designer": { + "id": "01a51caa-b901-42f9-bd49-62222c5367a1" + } + } + }, + + "AktoMongoInstance": { + "Type": "AWS::EC2::Instance", + "Properties": { + "InstanceType": { + "Ref": "AktoInstanceType" + }, + "ImageId": { + "Ref": "LatestAmiId" + }, + "Tags": [ + { + "Key": "Name", + "Value": "Akto Mongo instance" + } + ], + "BlockDeviceMappings": [ + { + "DeviceName": "/dev/xvda", + "Ebs": { + "VolumeType": "gp2", + "DeleteOnTermination": "true", + "VolumeSize": "50" + } + } + ], + "KeyName": { + "Ref": "KeyPair" + }, + "NetworkInterfaces": [ + { + "SubnetId": {"Ref": "SubnetId"}, + "AssociatePublicIpAddress": { + "Ref": "AssociatePublicIpAddress" + }, + "DeviceIndex": "0", + "GroupSet": [{ "Ref" : "AktoMongoSecurityGroup" }] + } + ], + "UserData": { "Fn::Base64": { "Fn::Join": ["\n", [ + "#!/bin/bash -xe", + "touch /tmp/hello.txt", + "touch ~/hello.txt", + "sudo yum update -y", + "sudo yum install -y python python-setuptools", + "sudo yum install -y docker", + "sudo dockerd&", + "sudo mkdir -p /opt/aws/bin", + "sudo wget https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz", + "sudo python -m easy_install --script-dir /opt/aws/bin aws-cfn-bootstrap-latest.tar.gz", + "export COMPOSE_FILE=docker-compose-mongo.yml", + "curl -fsSL 'https://raw.githubusercontent.com/akto-api-security/infra/feature/segregation/cf-deploy-akto' > cf-deploy-akto", + "sudo chmod 700 cf-deploy-akto", + "./cf-deploy-akto < <(echo 'test')", + "curl -fsSL 'https://raw.githubusercontent.com/akto-api-security/infra/feature/segregation/cf-deploy-akto-start' > cf-deploy-akto-start", + "sudo chmod 700 cf-deploy-akto-start", + "./cf-deploy-akto-start < <(echo 'test')", + + {"Fn::Join": ["", + ["sudo /opt/aws/bin/cfn-signal -s true", + " --stack ", { "Ref" : "AWS::StackName" }, + " --resource AktoMongoInstance", + " --region ", { "Ref" : "AWS::Region" }]]} + ]] + }} + }, + "Metadata": { + "AWS::CloudFormation::Designer": { + "id": "c3cbe581-37f1-40cb-a4fa-ab8c7f318cd0" + } + } + }, + + + + "AktoSecurityGroup": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "VpcId": { + "Ref": "VPC" + }, + "GroupDescription": "Enable the ports Akto requires (22, 4789, 9092)", + "SecurityGroupIngress": [ + { + "IpProtocol": "tcp", + "FromPort": 22, + "ToPort": 22, "CidrIp": { "Ref": "VpcCIDR" } @@ -125,6 +227,7 @@ }, "AktoInstance": { "Type": "AWS::EC2::Instance", + "DependsOn": ["AktoMongoInstance", "AktoNLB"], "Properties": { "InstanceType": { "Ref": "AktoInstanceType" @@ -135,7 +238,7 @@ "Tags": [ { "Key": "Name", - "Value": "Akto instance" + "Value": "Akto Runtime instance" } ], "BlockDeviceMappings": [ @@ -161,20 +264,144 @@ "GroupSet": [{ "Ref" : "AktoSecurityGroup" }] } ], + "UserData": { "Fn::Base64": { "Fn::Join": ["\n", [ + "#!/bin/bash -xe", + { "Fn::Sub": "export AKTO_MONGO_CONN='${AktoMongoInstance.PrivateIp}'" }, + { "Fn::Sub": "export AKTO_KAFKA_IP='${AktoNLB.DNSName}'" }, + "touch /tmp/hello.txt", + "touch ~/hello.txt", + "sudo yum update -y", + "sudo yum install -y python python-setuptools", + "sudo yum install -y docker", + "sudo dockerd&", + "sudo mkdir -p /opt/aws/bin", + "export COMPOSE_FILE=docker-compose-runtime.yml", + "sudo wget https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz", + "sudo python -m easy_install --script-dir /opt/aws/bin aws-cfn-bootstrap-latest.tar.gz", + "curl -fsSL 'https://raw.githubusercontent.com/akto-api-security/infra/feature/segregation/cf-deploy-akto' > cf-deploy-akto", + "sudo chmod 700 cf-deploy-akto", + "./cf-deploy-akto < <(echo 'test')", + "sudo echo >> ~/akto/infra/docker-runtime.env", + "sudo echo AKTO_MONGO_CONN=mongodb://$AKTO_MONGO_CONN:27017/admini >> ~/akto/infra/docker-runtime.env", + "sudo echo AKTO_KAFKA_IP=$AKTO_KAFKA_IP:9092 >> ~/akto/infra/.env", + "curl -fsSL 'https://raw.githubusercontent.com/akto-api-security/infra/feature/segregation/cf-deploy-akto-start' > cf-deploy-akto-start", + "sudo chmod 700 cf-deploy-akto-start", + "./cf-deploy-akto-start < <(echo 'test')", + + {"Fn::Join": ["", + ["sudo /opt/aws/bin/cfn-signal -s true", + " --stack ", { "Ref" : "AWS::StackName" }, + " --resource AktoInstance", + " --region ", { "Ref" : "AWS::Region" }]]} + ]] + }} + }, + "Metadata": { + "AWS::CloudFormation::Designer": { + "id": "c3cbe581-37f1-40cb-a4fa-ab8c7f318cd0" + } + } + }, + + + + "AktoDashboardSecurityGroup": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "VpcId": { + "Ref": "VPC" + }, + "GroupDescription": "Enable the ports Akto requires (22, 8080)", + "SecurityGroupIngress": [ + { + "IpProtocol": "tcp", + "FromPort": 22, + "ToPort": 22, + "CidrIp": { + "Ref": "VpcCIDR" + } + }, + { + "IpProtocol": "tcp", + "FromPort": 8080, + "ToPort": 8080, + "CidrIp": { + "Ref": "VpcCIDR" + } + } + ], + "SecurityGroupEgress": [ + + ] + }, + "Metadata": { + "AWS::CloudFormation::Designer": { + "id": "01a51caa-b901-42f9-bd49-62222c5367a1" + } + } + }, + "AktoDashboardInstance": { + "Type": "AWS::EC2::Instance", + "DependsOn": ["AktoMongoInstance", "AktoNLB"], + "Properties": { + "InstanceType": { + "Ref": "AktoInstanceType" + }, + "ImageId": { + "Ref": "LatestAmiId" + }, + "Tags": [ + { + "Key": "Name", + "Value": "Akto instance" + } + ], + "BlockDeviceMappings": [ + { + "DeviceName": "/dev/xvda", + "Ebs": { + "VolumeType": "gp2", + "DeleteOnTermination": "true", + "VolumeSize": "50" + } + } + ], + "KeyName": { + "Ref": "KeyPair" + }, + "NetworkInterfaces": [ + { + "SubnetId": {"Ref": "SubnetId"}, + "AssociatePublicIpAddress": { + "Ref": "AssociatePublicIpAddress" + }, + "DeviceIndex": "0", + "GroupSet": [{ "Ref" : "AktoDashboardSecurityGroup" }] + } + ], "UserData": { "Fn::Base64": { "Fn::Join": ["\n", [ "#!/bin/bash -xe", "touch /tmp/hello.txt", "touch ~/hello.txt", + { "Fn::Sub": "export AKTO_MONGO_CONN='${AktoMongoInstance.PrivateIp}'" }, + { "Fn::Sub": "export AKTO_KAFKA_BROKER_URL='${AktoNLB.DNSName}'" }, "sudo yum update -y", "sudo yum install -y python python-setuptools", "sudo yum install -y docker", "sudo dockerd&", "sudo mkdir -p /opt/aws/bin", + "export COMPOSE_FILE=docker-compose-dashboard.yml", "sudo wget https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz", "sudo python -m easy_install --script-dir /opt/aws/bin aws-cfn-bootstrap-latest.tar.gz", - "curl -fsSL 'https://raw.githubusercontent.com/akto-api-security/infra/feature/self_hosting/cf-deploy-akto' > cf-deploy-akto", + "curl -fsSL 'https://raw.githubusercontent.com/akto-api-security/infra/feature/segregation/cf-deploy-akto' > cf-deploy-akto", "sudo chmod 700 cf-deploy-akto", "./cf-deploy-akto < <(echo 'test')", + "sudo echo >> ~/akto/infra/docker-dashboard.env", + "sudo echo AKTO_MONGO_CONN=mongodb://$AKTO_MONGO_CONN:27017/admini >> ~/akto/infra/docker-dashboard.env", + "sudo echo AKTO_KAFKA_BROKER_URL=$AKTO_KAFKA_BROKER_URL:9092 >> ~/akto/infra/docker-dashboard.env", + "curl -fsSL 'https://raw.githubusercontent.com/akto-api-security/infra/feature/segregation/cf-deploy-akto-start' > cf-deploy-akto-start", + "sudo chmod 700 cf-deploy-akto-start", + "./cf-deploy-akto-start < <(echo 'test')", {"Fn::Join": ["", ["sudo /opt/aws/bin/cfn-signal -s true", @@ -208,7 +435,7 @@ "HealthCheckEnabled" : "true", "HealthCheckIntervalSeconds" : 10, "HealthCheckPath" : "/metrics", - "HealthCheckPort" : "8080", + "HealthCheckPort" : "8000", "HealthCheckProtocol" : "HTTP", "HealthCheckTimeoutSeconds" : 6, "HealthyThresholdCount" : 2, @@ -252,7 +479,7 @@ "TargetType" : "instance", "VpcId" : {"Ref":"VPC"}, "Targets" : [{ - "Id" : { "Ref":"AktoInstance"} + "Id" : { "Ref":"AktoDashboardInstance"} }], "Name" : "AktoDashboardTargetGroup" } @@ -280,7 +507,7 @@ "HealthCheckEnabled" : "true", "HealthCheckIntervalSeconds" : 10, "HealthCheckPath" : "/metrics", - "HealthCheckPort" : "8080", + "HealthCheckPort" : "8000", "HealthCheckProtocol" : "HTTP", "HealthCheckTimeoutSeconds" : 6, "HealthyThresholdCount" : 2,