AWS ECS/EKS/Fargate

Install and attach K2's Ruby Language Agent with your Ruby application hosted on AWS ECS/EKS/Fargate for Runtime Self Application Protection.

Prerequisites

  • Make sure you have created an account on K2 Portal(SaaS or On-Premises).

  • Make sure you have installed K2 Agents as per your environment.

Please follow our step-by-step Protect Ruby Application guide to complete the above two prerequisites. Ignore if done already.

Protect Ruby Application

Steps to protect Ruby Application

There are following options you can select at your convenience for protecting your application workloads

Option 1: (Recommended)

  • This assumes you are using Amazon EFS Volumes

    • Perform Amazon EFS Volumes setup as mentioned here .

    • Mount the created ‘k2-volume-1-10-16-PRODUCTION’ EFS volume at /opt/k2-ic inside your application container using AWS ECS task definition like below

      												
{
 "containerDefinitions": [
   {
     "memory": 128,
     "portMappings": [
       {
         "hostPort": 80,
         "containerPort": 80,
         "protocol": "tcp"
       }
     ],
     "essential": true,
     "mountPoints": [
       {
         "containerPath": "/opt/k2-ic",
         "sourceVolume": "k2-volume-1-10-16-PRODUCTION"
       }
     ],
     "name": "application-container",
     "image": "nginx"
   }
 ],
 "volumes": [
   {
     "name": "k2-volume-1-10-16-PRODUCTION",
     "efsVolumeConfiguration": {
       "fileSystemId": "fs-1324abcd",
       "transitEncryption": "ENABLED"
     }
   }
 ],
 "family": "test-application"
}

  • For Ruby on Rails applications, make sure you have Ruby version 2.6, Rails version 6.0 and Puma version 4.3.5 installed.

  • For any containerized Ruby web application (Docker/K8s), the host path "/opt/k2-ic" is to be mounted at "/opt/k2-ic" inside the container with option 'z'.

  • The K2-Ruby agent can be attached to your application by running the following commands:Install the gem file as

    gem install /opt/k2-ic/k2-ruby-agent.gem

    Append below line to 'Gemfile' of Ruby application.

    gem 'k2agent'

  • For Sinatra application, add the below require statement in app main module after sinatra require statement.

    require 'k2agent'

  • Create a properties file named 'k2-ruby-agent.properties' in application root directory with following property. (Mandatory for Passenger and Unicorn Server)

    APP_PORT=<application-port-number>

  • Start the Ruby application. Fire a few Http requests on the application to attach K2 Ruby agent

  • To verify if the given application is protected by K2 Prevent-Web, refer to the "Protected processes" subsection of the "Applications" page and locate the application based on name and node IP. The host namespace PID(in case of a host application) and container namespace PID(in case of a containerised application) can also be used to locate the protected application.

  • You can check your application in Protected processes View under applications on K2 Portal.

    Alternatively go to Applications | K2 Portal

Option 2:

  • This method is ideal for a scenario when you don’t want to use extra AWS service like EFS in your ECS/Fargate cluster and hence this method requires you to bake-in K2’s Language Collector into your application image via your CI/CD system.

    • For this, please download corresponding Language collector with the following command :

      sudo wget -O k2-ruby-agent.gem 'k2io.net/centralmanager/api/v1/help/installers/1.10.16/download/1047/300798214849606118866495933316568994702/vm-all.zip?agent_name=ruby&groupName=PRODUCTION&agentDeploymentEnvironment=PRODUCTION&pullPolicyRequired=true'

    • Once done, place the downloaded contents inside your application’s image at /opt/k2-ic location.

  • For Ruby on Rails applications, make sure you have Ruby version 2.6, Rails version 6.0 and Puma version 4.3.5 installed.

  • For any containerized Ruby web application (Docker/K8s), the host path "/opt/k2-ic" is to be mounted at "/opt/k2-ic" inside the container with option 'z'.

  • The K2-Ruby agent can be attached to your application by running the following commands:Install the gem file as

    gem install /opt/k2-ic/k2-ruby-agent.gem

    Append below line to 'Gemfile' of Ruby application.

    gem 'k2agent'

  • For Sinatra application, add the below require statement in app main module after sinatra require statement.

    require 'k2agent'

  • Create a properties file named 'k2-ruby-agent.properties' in application root directory with following property. (Mandatory for Passenger and Unicorn Server)

    APP_PORT=<application-port-number>

  • Start the Ruby application. Fire a few Http requests on the application to attach K2 Ruby agent

  • To verify if the given application is protected by K2 Prevent-Web, refer to the "Protected processes" subsection of the "Applications" page and locate the application based on name and node IP. The host namespace PID(in case of a host application) and container namespace PID(in case of a containerised application) can also be used to locate the protected application.

  • You can check your application in Protected processes View under applications on K2 Portal.

    Alternatively go to Applications | K2 Portal

PreviousKubernetesNextPHP

Last updated

Was this helpful?