This repository contains a bash script to automate the deployment and configuration of Thales CipherTrust Manager and Amazon Elastic Kubernetes Service (Amazon EKS) and the associated resources using CloudFormation in AWS.
The script performs the following actions:
- Creates a CloudFormation stack based on the provided template (
cloud_formation_template.yaml). - Retrieves the public and private IP addresses of the CipherTrust Manager from the CloudFormation stack.
- Updates the Kubernetes deployment file with the retrieved private IP address.
- Downloads and configures the
ksctlbinaries. - Changes the default password for the CipherTrust Manager admin user to a user supplied password.
- Activates the trial license on CipherTrust manager.
- Creates required resources for CRDP, including user sets, access policies and protection policies, on the CipherTrust manager.
- Generates and applies Kubernetes configurations, secrets, and resources.
- Prints the access URLs for the CRDP Demo App and the CipherTrust Manager.
Before running the script, ensure you have the following:
- AWS CLI configured with the appropriate permissions. For required IAM permissions, see
workshop_user_iam_policy.json. - Kubernetes CLI (
kubectl) installed and configured. jqcommand-line JSON processor installed.gitCLI installed.
-
Clone this repository:
git clone https://github.com/sanyambassi/aws-thales-crdp-workshop.git cd aws-thales-crdp-workshop -
Ensure
cloud_formation_template.yaml,k8-deployment.yamland other files are present in the working directory. -
Make the script executable:
chmod +x launchWorkshop.sh
-
Run the script:
./launchWorkshop.sh
The script prompts the user to enter a name for the CloudFormation stack.
The script prompts the user to enter and confirm the password for the CipherTrust Manager admin user.
The script creates a key pair in AWS to be used for logging into the CipherTrust manager and Kubernetes nodes.
The script creates a CloudFormation stack using the provided template file (cloud_formation_template.yaml) and waits for its completion.
The script retrieves the public and private IP addresses of the CipherTrust Manager from the CloudFormation stack outputs.
The script updates the k8-deployment.yaml file with the retrieved private IP address of the CipherTrust Manager.
The script downloads and configures the ksctl binaries needed to interact with the CipherTrust Manager.
The script changes the default password for the CipherTrust Manager admin user to the password provided by the user.
The script retrieves and activates a trial license for the CipherTrust Manager.
The script creates necessary resources such as protection policies, application, character sets, etc on the CipherTrust Manager to be used with CRDP.
The script updates the Kubernetes configuration, creates a secret with the registration token, and applies the provided Kubernetes configurations and resources. This creates 2 application pods - one for mysql and another pods with a frontend webapp with Thales CRDP (Ciphertrust RESTful Data Protection) container as sidecar.
The script waits for the external IP address to be assigned to the CRDP demo app Kubernetes service and prints the access URLs for the CRDP Demo App and the CipherTrust Manager.
If you encounter any issues while running the script, check the following:
- Ensure your AWS CLI is configured correctly. Verify your configured IAM user with this command - "
aws sts get-caller-identity" - Verify that
kubectlis installed and configured. - Make sure the
jqtool is installed on your system. - Check the CloudFormation and Kubernetes logs for any errors.
If you would like to contribute to this project, please open an issue or submit a pull request with your changes.
This project is licensed under the MIT License. See the LICENSE file for details.