search

AWS ECS/EKS/Fargate

Install and attach K2's Node.js Language Agent with your Node.js application hosted on AWS ECS/EKS/Fargate for Runtime Self Application Protection.

circle-info

We assume here you are able to successfully install our K2 agents in your infrastructure.

hashtag
Steps to protect Node.js Web Application

There are following options you can select at your convenience for protecting your application workloads

hashtag
Option 1: (Recommended)

  • This assumes you are using Amazon EFS Volumes

    • Perform Amazon EFS Volumes setup as mentioned here .

    • Mount the created ‘k2-volume-1-10-16-PRODUCTION’ EFS volume at /opt/k2-ic inside your application container using AWS ECS task definition like below

      												
{
 "containerDefinitions": [
   {
     "memory": 128,
     "portMappings": [
       {
         "hostPort": 80,
         "containerPort": 80,
         "protocol": "tcp"
       }
     ],
     "essential": true,
     "mountPoints": [
       {
         "containerPath": "/opt/k2-ic",
         "sourceVolume": "k2-volume-1-10-16-PRODUCTION"
       }
     ],
     "name": "application-container",
     "image": "nginx"
   }
 ],
 "volumes": [
   {
     "name": "k2-volume-1-10-16-PRODUCTION",
     "efsVolumeConfiguration": {
       "fileSystemId": "fs-1324abcd",
       "transitEncryption": "ENABLED"
     }
   }
 ],
 "family": "test-application"
}

    • For Node JS applications, make sure you have Node (version 8.2 and later) installed.

    • The K2-NodeAgent can be statically attached to your application in the following ways:

      • Explicitly running the application with K2-NodeAgent:

        node --require /opt/k2-ic/k2-njs-agent/ <main-module>

      OR

      • Add the following code as the first line of your app's main module:

        require('/opt/k2-ic/k2-njs-agent/k2');

    • To verify if the given application is protected by K2 Prevent-Web, refer to the "Protected processes" subsection of the "Applications" page and locate the application based on name and node IP. The host namespace PID(in case of a host application) and container namespace PID(in case of a containerised application) can also be used to locate the protected application.

    • You can check your application in Protected processes View under applications on K2 Portal.

      Alternatively go to Applications | K2 Portalarrow-up-right

hashtag
Option 2:

  • This method is ideal for a scenario when you don’t want to use extra AWS service like EFS in your ECS/Fargate cluster and hence this method requires you to bake-in K2’s Language Collector into your application image via your CI/CD system.

    • For this, please download corresponding Language collector with the following command :

    • Untar contents using the following command:

    • Once done, place the extracted contents inside your application’s image at /opt/k2-ic location.

    • For Node JS applications, make sure you have Node (version 8.2 and later) installed.

    • With this modified image of your application, create a pod & attach the K2-NodeAgent using the following ways:

      • Explicitly running the application with K2-NodeAgent:

      OR

      • Add the following code as the first line of your app's main module:

    • To verify if the given application is protected by K2 Prevent-Web, refer to the "Protected processes" subsection of the "Applications" page and locate the application based on name and node IP. The host namespace PID(in case of a host application) and container namespace PID(in case of a containerised application) can also be used to locate the protected application.

    • You can check your application in Protected processes View under applications on K2 Portal.

      Alternatively go to Applications | K2 Portalarrow-up-right

PreviousKubernetesNextRuby

Last updated

Was this helpful?