Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Step 1: Deploy the network analyzer and Lambda function in your AWS environment

Because API Protect does not send any of your request data to Data Theorem, our network analyzer needs to be deployed in your environment.

...

Deploy CloudFormation Stack

From the

Step 2: Configure CloudFront Trigger

Overview

Our CloudFront integration mirrors “Origin request” traffic to an instance of our Network Analyzer deployed in your environment. Your data never leaves your environment, only request metadata generated by the Analyzer is sent to Data Theorem.

Installation

From the Active Protection page on the Data Theorem portal, select “AWS Cloufront vTap”

...

Name The Integration

...

Deploy the CloudFormation Stack

This will open a new browser window and prompt you to login to your AWS account.

...

Update Your CloudFront Distribution

Once the Analyzer and the Lambda are deployed in your environment, your Cloudfront distribution needs to trigger the Lambda to mirror the traffic to the Analyzer.

In your AWS account, select the CloudFront distribution you wish to protect and click “Edit”.

In the “Function Associations” section make the following changes

Set “Origin request” to “Lambda@Edge”

Set “Function ARN / Name” to the function arn value returned from Step 1

Check “Include body”

Success!

Once you update your CloudFront Distribution you may return to the Data Theorem portal. It can take several minutes for CloudFront to update all edge deployments. Once they are updated, your APIs are protected and should be visible in the console.

...