AWS ECS/EKS/Fargate
Install and attach K2's Node.js Language Agent with your Node.js application hosted on AWS ECS/EKS/Fargate for Runtime Self Application Protection.
Steps to protect Node.js Web Application
There are following options you can select at your convenience for protecting your application workloads
Option 1: (Recommended)
This assumes you are using Amazon EFS Volumes
Perform Amazon EFS Volumes setup as mentioned here .
Mount the created ‘k2-volume-1-10-16-PRODUCTION’ EFS volume at /opt/k2-ic inside your application container using AWS ECS task definition like below
{ "containerDefinitions": [ { "memory": 128, "portMappings": [ { "hostPort": 80, "containerPort": 80, "protocol": "tcp" } ], "essential": true, "mountPoints": [ { "containerPath": "/opt/k2-ic", "sourceVolume": "k2-volume-1-10-16-PRODUCTION" } ], "name": "application-container", "image": "nginx" } ], "volumes": [ { "name": "k2-volume-1-10-16-PRODUCTION", "efsVolumeConfiguration": { "fileSystemId": "fs-1324abcd", "transitEncryption": "ENABLED" } } ], "family": "test-application" }For Node JS applications, make sure you have Node (version 8.2 and later) installed.
The K2-NodeAgent can be statically attached to your application in the following ways:
Explicitly running the application with K2-NodeAgent:
node --require /opt/k2-ic/k2-njs-agent/ <main-module>
OR
Add the following code as the first line of your app's main module:
require('/opt/k2-ic/k2-njs-agent/k2');
To verify if the given application is protected by K2 Prevent-Web, refer to the "Protected processes" subsection of the "Applications" page and locate the application based on name and node IP. The host namespace PID(in case of a host application) and container namespace PID(in case of a containerised application) can also be used to locate the protected application.
You can check your application in Protected processes View under applications on K2 Portal.
Alternatively go to Applications | K2 Portal
Option 2:
This method is ideal for a scenario when you don’t want to use extra AWS service like EFS in your ECS/Fargate cluster and hence this method requires you to bake-in K2’s Language Collector into your application image via your CI/CD system.
For this, please download corresponding Language collector with the following command :
sudo wget -O k2-njs-agent.tar 'k2io.net/centralmanager/api/v1/help/installers/1.10.16/download/1047/300798214849606118866495933316568994702/vm-all.zip?agent_name=node&groupName=PRODUCTION&agentDeploymentEnvironment=PRODUCTION&pullPolicyRequired=true'Untar contents using the following command:
sudo tar xf k2-njs-agent.tarOnce done, place the extracted contents inside your application’s image at /opt/k2-ic location.
For Node JS applications, make sure you have Node (version 8.2 and later) installed.
With this modified image of your application, create a pod & attach the K2-NodeAgent using the following ways:
Explicitly running the application with K2-NodeAgent:
node --require /opt/k2-ic/k2-njs-agent/ <main-module>
OR
Add the following code as the first line of your app's main module:
require('/opt/k2-ic/k2-njs-agent/k2');
To verify if the given application is protected by K2 Prevent-Web, refer to the "Protected processes" subsection of the "Applications" page and locate the application based on name and node IP. The host namespace PID(in case of a host application) and container namespace PID(in case of a containerised application) can also be used to locate the protected application.
You can check your application in Protected processes View under applications on K2 Portal.
Alternatively go to Applications | K2 Portal
Last updated
Was this helpful?