Install testing module in your Cloud
Last updated
Was this helpful?
Last updated
Was this helpful?
Was this helpful?
API Security testing involves sending malicious API requests to your (staging) server. By default, these malicious testing requests are sent from the Testing module installed within Akto Cloud.
There could be multiple reasons why you'd want to install testing module within your Cloud.
Whitelisting Akto's IP in Security Group or WAF isn't an option
The staging server isn't reachable from public domain
The WAF would block most requests (or block Akto's IP)
The API domain isn't resolvable from public domain
The API is completely internal
Login to Akto dashboard at app.akto.io
Go to Quick Start > Hybrid Saas > Click on “Connect” button
Copy the JWT token (marked in red) [ Also referred as Database Abstractor Token
later]
You can now use a Helm-chart to install Akto Security Testing module in your cloud or install manually
To install using Terraform, use the Terraform script here.
Please make sure you install it in a private subnet from your application VPC.
This private subnet should also have network connectivity (typically via NAT).
For Database Abstractor Service Token
input in the terraform script specify the JWT token copied in the earlier step.
Once the terraform script has finished running, you should be able to see a new autoscaling group created with 1 Akto Testing EC2 instance running.
If you don't need auto-scaling, skip this section.
Otherwise, if auto-scaling needs to be enabled to allow parallel test runs via multiple k8s pods, we need to install few dependencies via helm charts.
Install kube-prometheus-stack
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update prometheus-community
helm install prometheus prometheus-community/kube-prometheus-stack \
--namespace <your-namespace> \
--create-namespace
Install keda
helm repo add kedacore https://kedacore.github.io/charts
helm repo update kedacore
helm install keda kedacore/keda \
--namespace <your-namespace> \
--create-namespace
Upgrade keda
to set watchNamespace
This restricts keda to watch/control only specific namespace(s)
Its fine if you get this error - Error: UPGRADE FAILED: no RoleBinding with the name "keda-operator" found
As a fix, re-run the helm upgrade command mentioned below, as the first run would create the keda-operator
deployment in k8s.
helm upgrade keda kedacore/keda \
--namespace <your-namespace> \
--set watchNamespace=<your-namespace>
While installing / upgrading Akto's helm chart (covered in later sections) additionally set the following flag
--set testing.autoScaling.enabled=true
Add akto helm repository.
helm repo add akto https://akto-api-security.github.io/helm-charts/
Note: If you've already added akto helm repository, update the helm repository using:
helm repo update akto
Using the dashboard abstractor token saved in the above steps, deploy the helm chart below.
helm install akto-mini-testing akto/akto-mini-testing -n <your-namespace> --set testing.aktoApiSecurityTesting.env.databaseAbstractorToken="<your-database-abstractor-token>"
Note: If you want to modify the helm chart according to your needs, you can clone the same from mini-testing-helm-chart
Create a new instance with the following requirements
Platform
Amazon Linux 2023
Spec
2 vCPU
4GB RAM
20GB Hard disk
Don’t use burstable instances
Network
Private subnet
connectivity to internet (typically via NAT)
connectivity to your staging service
Security groups
Inbound - Open only port 22 for SSH
Outbound - Open all
SSH into this new instance in your Cloud
Run sudo su -
Install docker and docker-compose.
Paste the following in docker-compose-testing.yml
file. Use token from step(3) for DATABASE_ABSTRACTOR_SERVICE_TOKEN value
version: '3.8'
services:
akto-api-security-testing:
image: public.ecr.aws/aktosecurity/akto-api-security-mini-testing:latest
environment:
RUNTIME_MODE: hybrid
DATABASE_ABSTRACTOR_SERVICE_TOKEN: <Paste_token_here>
PUPPETEER_REPLAY_SERVICE_URL: "http://akto-puppeteer-replay:3000"
restart: always
akto-api-security-puppeteer-replay:
image: public.ecr.aws/aktosecurity/akto-puppeteer-replay:latest
ports:
- "3000:3000"
environment:
NODE_ENV: production
restart: always
watchtower:
image: containrrr/watchtower
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
WATCHTOWER_CLEANUP: true
WATCHTOWER_POLL_INTERVAL: 1800
labels:
com.centurylinklabs.watchtower.enable: "false"
Run docker-compose -f docker-compose-testing.yml up -d
Run systemctl enable /usr/lib/systemd/system/docker.service
to ensure Docker starts up in case of instance restarts
There are multiple ways to request support from Akto. We are 24X7 available on the following:
In-app intercom
support. Message us with your query on intercom in Akto dashboard and someone will reply.
Join our discord channel for community support.
Contact [email protected]
for email support.
Contact us here.