Version: 1.3.14

AWS Setup

Follow this process to install an AWS VM with Cortex Certifai Pro running on it. Cortex Certifai Pro is a single-user server version of Certifai, available from the AWS Marketplace.

Prerequisites

AWS Marketplace Setup

In the AWS Marketplace follow the steps to setup an instance of Cortex Certifai Pro.

  1. Go to the AWS Marketplace, search for, and select Cortex Certifai or click here.

  2. At the top right of the Cortex Certifai information page click CONTINUE TO SUBSCRIBE.

    AWS Marketplace 1

  3. On the subscription terms and conditions box click ACCEPT TERMS.

    AWS Marketplace 2

  4. Read the subscription offer; then at the top right click CONTINUE TO CONFIGURATION.

    AWS Marketplace 3

  5. On the Configure software tab verify the default selections; then at the top right click CONTINUE TO LAUNCH.

    AWS Marketplace 4

  6. On the Launch Software page configure the following:

    • a. VPC Settings: Select the VPC you set up as a prerequisite.
    • b. Subnet Settings: Select the Subnet you created as a prerequisite.
    • c. Security Group Settings: Add a Security Group by clicking Create New Based on Seller Settings. This opens the required ports.
    • d. Click LAUNCH.

    AWS Marketplace 5

  7. A successful deployment message is displayed with your AMI ID and links to additional deployment information.

  1. Click the EC2 Console link to view a list of your Instances and their states.

    AWS Marketplace 6

  2. Click the box at the head of an Instance row to open the details in the panel below the list.

    AWS Marketplace 7

  3. Associate the Public IP with the VM you have just launched. Your IT team may perform this configuration if you do not have permissions. If you have elastic IP addresses allocated to your account, they may be reassigned, rather than allocating new ones.

  • a. Navigate to the Manage IP Addresses dialog by clicking Actions > Networking > Manage IP Addresses.

    AWS Marketplace 8

  • b. Click the Allocate an Elastic IP link.

    AWS Marketplace 9

  • c. On the Allocate Elastic IP address page that opens make sure that Amazon's pool of IPv4 addresses is designated and click ALLOCATE.

    AWS Marketplace 10

  • d. At the top left click Associate this Elastic IP address.

    AWS Marketplace 11

  • e. Select Resource Type: Instance.

  • f. Click in the Instance field to select from a list of existing instance IDs. Be sure to select the ID associated with your Certifai VM.

  • g. Click in the Private IP address field to select a Private IP address.

  • h. Do NOT check Allow this IP address to be reassociated.

  • i. Click Associate at the bottom right.

    AWS Marketplace 12

  • j. Close the IP address list view and the dialog with the Allocate IP Address link.

Configure AWS Storage and Access Keys

  1. After your account is setup, login to your AWS console and search for S3 in the services menu.

  2. Click CREATE BUCKET on the top right of the S3 Bucket list page.

    AWS storage 1

  3. In the Create Bucket dialog enter a unique Bucket name, and select your region. Click CREATE BUCKET. Make note of your Bucket Name; you will need to enter it in the storage configuration dialog in Certifai Console in the next section.

    AWS storage 2

  4. Your new bucket is added to a bucket list in the Amazon S3 section of the portal.

  5. At the top right of your portal click on your account name and select My Security Credentials from the menu.

    AWS access 1

  6. On the AWS IAM credentials tab under Access keys for CLI, SDK, & API access click Create access key.

    AWS access 2

  7. A message is displayed saying that your access key has been successfully created. Click Show Access Key to view the keys.

  8. Click Download Key File for future access to these keys. There is no way to return to this dialog or to view the keys once you leave this page.

    AWS access 3

  9. Make note of the Keys; you will need to enter these in the storage configuration dialog in Certifai Console in the next section.

    AWS access 4

Certifai Console storage setup

To complete the configuration and login to the Certifai Console you will need to obtain four pieces of information from the AWS Console.

From your AWS EC2 Console, you will need:

  • Public IP address of your Certifai VM: enter this into a browser to bring up your Certifai Console following provisioning
  • Instance ID: assigned during provisioning.

From the AWS storage and access key setup that you just completed, you will need the following to configure your reports storage on the Console storage configuration page:

  • AWS Bucket Name
  • AWS Access Key ID
  • AWS Secret Access Key
  1. Enter https://<Public IP address> into a browser window to open the Certifai Console login page. (Chrome is the recommended browser)

    Console login 1

  2. On the initial Certifai Console Login page enter your Instance ID and click SUBMIT..

    Console login 2

  3. The "Set Password" page is displayed. You cannot proceed without setting a new password. Enter a strong password in the New Password field. Enter the same password into the Confirm Password field. Then click SUBMIT.

    (We recommended 8 or more characters with one of each of the following: lowercase letter, uppercase letter, number, special character, no spaces)

    Console login 3

  4. You are redirected back to the login page where you must enter your new password for the "certifai" user and click SUBMIT. (NOTE: Do not change the username.)

  5. A Storage configuration page opens in Certifai Console with a warning displayed at the top. This is expected.

    • a. AWS BUCKET NAME:
    • b. AWS ACCESS KEY:
    • c. AWS SECRET KEY:
    • d. If you want to install the sample scan reports available by default with Certifai, leave Install Sample Reports checked. If you uncheck it the sample reports will not be installed.
    • e. In order to run remote scan jobs using Kubernetes, check Download Kubernetes File. When this option is checked the certifai.kubeconfig.json file is automatically download to your local drive.
    • f. Click SUBMIT

    AWS console storage config

  6. Bookmark the IP address/URL. This will be where you access Certifai Console. Each time you return you must login to view sample scan reports or your own scan job results.

To learn more about navigating through the Console click here.

To learn more about the reports that are visualized in the Certifai Console click here.

Disable the "Forgot Password" link option

For improved security Certifai Pro users may want to disable the "Forgot Password" link on the Login page. This precaution prevents other people from your organization from using your account by changing the password.

  1. Go to the Login page.
  2. Check the DISABLE FORGOT PASSWORD checkbox.
  3. Accept the verification message.
  4. Click SUBMIT.

When you return to the Login page, the "Forgot Password" link is no longer displayed.

Next steps

  1. Click the help icon at the top right to expose the right menu.

  2. Download and install the Toolkit.

  3. Run scan jobs in the AWS Cloud and view result visualizations in the remote Console.