Configure Acunetix 360 for Amazon Web Services

Acunetix 360 On premise can be configured to run scanner engines on Amazon Web Services (AWS) S3. When you launch a new scan, Acunetix 360 will create a new scanner engine instance on AWS as needed (up to 2 scans are affected on each engine instance) and terminate it automatically once the scan is completed.

AWS Configuration

First, you need to install and configure the scanner engine on an EC2 instance, and then create a machine image (AMI) to use it as a base instance.

Each stage of this process is outlined below:

  1. Select a Region
  2. Create S3 Buckets
  3. Create IAM Users
  4. Create an AMI for Scanner Engine
  5. Configure the Acunetix 360 Web Application

Select a Region

Acunetix 360 uses AWS for storage needs and EC2 for launching new instances. EC2 and S3 resources need to be in the same AWS region. For that reason, you should choose an AWS region which is near to the assets that need to be scanned and create all the EC2/S3 resources in that region.

How to Select a Region

For information on how to select a region, see Amazon EMR documentation, Choose an AWS Region.

Create S3 Buckets

Acunetix 360 needs two different buckets to store scan data.

How to Create S3 Buckets
  1. Open the AWS console and navigate to the S3 service.
  2. Create 2 buckets for screenshots and raw scan data. For example, you can use bucket names like this:
  • exampleinc.a360.scandata (for raw scan data)
  • exampleinc.a360.scanscreenshots (for screenshots)

Create IAM Users

Open to AWS console and navigate to the IAM service.

How to Create an Access Policy for the Web Application
  1. Open the AWS console and navigate to the IAM service.
  2. Click Policies.
  3. Click Create Policy.
  4. Click the JSON tab.
  5. Copy the following JSON and paste it into the JSON tab:

{

        "Version": "2012-10-17",

    "Statement": [

        {

            "Action": [

                "s3:*"

            ],

            "Effect": "Allow",

            "Resource": [

                "arn:aws:s3:::ENTER_SCAN_DATA_BUCKET_NAME/*",

                "arn:aws:s3:::ENTER_SCREENSHOTS_BUCKET_NAME/*"

            ]

        },

        {

            "Action": [

                "ec2:CreateTags",

                "ec2:DeleteTags",

                "ec2:DescribeInstances",

                "ec2:RunInstances",

                "ec2:TerminateInstances"

            ],

            "Effect": "Allow",

            "Resource": [

                "*"

            ]

        }

    ]

}

  1. Change the bucket names to reflect the names of your S3 buckets.
  2. Click Review Policy.
  3. Enter a policy name (e.g. 'A360WebAppPolicy').
  4. Click Create Policy.
How to Create an Access Policy for the Scanner Engine
  1. Click Policies.
  2. Click Create Policy.
  3. Click the JSON tab.
  4. Copy the following JSON and paste it into the JSON tab:

{

        "Version": "2012-10-17",

    "Statement": [

        {

            "Action": [

                "s3:DeleteObject",

                "s3:PutObject"

            ],

            "Effect": "Allow",

            "Resource": [

                "arn:aws:s3:::ENTER_SCAN_DATA_BUCKET_NAME/*",

                "arn:aws:s3:::ENTER_SCREENSHOTS_BUCKET_NAME/*"

            ]

        },

        {

            "Action": [

                "s3:ListBucket"

            ],

            "Effect": "Allow",

            "Resource": [

                "arn:aws:s3:::ENTER_SCAN_DATA_BUCKET_NAME"

            ]

        },

        {

            "Action": [

                "s3:GetObject"

            ],

            "Effect": "Allow",

            "Resource": [

                "arn:aws:s3:::ENTER_SCAN_DATA_BUCKET_NAME/*"

            ]

        }

    ]

}

  1. Change the bucket names to reflect the names of your S3 buckets.
  2. Click Review Policy.
  3. Enter a policy name for the scanner engine (e.g.. 'A360EnginePolicy').
  4. Click Create Policy.
How to Create a User for the Web Application
  1. Click Users.
  2. Click Add User.
  3. Enter a user name (e.g. 'A360WebApp').
  4. In the Access Type field, select Programmatic access, and click Next:Permissions.

  1. In the Set permissions section, click Attach existing policies directly.

  1. Select the previously created web app policy and click Next: Tags 
  2. Add Tags as needed and click Next: Review
  3. Review the details of the new user, and click Create user.
  4. Save the access and security key, as you'll need them later.
How to Create a User for Scanner Engine
  1. Click Users.
  2. Click Add User.
  3. Enter a user name (e.g. A360Engine).
  4. In the Access Type field, select Programmatic access, and click Next: Permissions.
  5. Click Attach existing policies directly.
  6. Select the previously created scanner engine policy and click Next: Tags 
  7. Add Tags as needed and click Next: Review.
  8. Review the details of the new user, and click Create user.
  9. Save access and security key to use it later.

Create an AMI for the Scanner Engine

There are three steps to this process:

  1. Launching an Instance for the Scanner Engine
  2. Configuring the Scanner Engine Instance
  3. Creating a Scanner Engine Image

Launching an Instance for the Scanner Engine

First, you need to launch an instance for a Scanner Engine.

How to Launch an Instance for a Scanner Engine
  1. Go to EC2 service.
  2. From the sidebar, click Instances.
  3. Click Launch Instance.
  1. Select Ubuntu Server 18.04 LTS for the environment (or a supported OS), and click Select.
  1. Choose an instance type (m5.large is recommended).

  1. Click the Configure Instance tab.
  2. From the Auto-assign Public IP dropdown, select Enable. This is needed for SSH connections.

  1. Click Next: Add Storage and set the Disk Size (Min 30 GB recommended).
  2. Click Next: Add Tags.
  3. Click Next: Configure Security Group.
  4. Click Review and Launch.

Configuring the Scanner Engine Instance

Next, you need to install the Acunetix Scanner Engine to the target EC2 instance.

How to Configure a Scanner Engine Instance
  1. Navigate to the EC2 service.
  2. From the sidebar, click Instances.
  3. Right-click the previously launched scanner engine instance, and click Connect.

  1. Connect to your instance with the provided SSH information.
  2. On the AWS machine, ensure you can connect to your Acunetix 360 On Premise Web Application from this instance. This can be done using curl as follows:
  1. You can view and configure the Acunetix 360 Scanner Engine installation from the Acunetix 360 web application. From the sidebar, click Engines, then Manage Engines. The Engines page is displayed.
  2. Click Configure New Engine. The Configure New Engine page is displayed.

  1. Click the Download Acunetix 360 Scanner Engine link to download the Acunetix Scanner Engine installation applicable for your OS:
  • If installing on Ubuntu or Kali Linux, download acunetix360-engine-*deb (the one used in this example)
  • If installing on Suse or CentOS, download acunetix360Engine-*rpm
  1. Your Engine Token and Engine License Key are also displayed. Both will be required during the Acunetix engine installation (so keep this page open until the end of this process). You can use the Copy to Clipboard buttons to copy the Engine Token and the Engine License Key.
  2. Upload the Acunetix 360 Scanner Engine to the new AWS machine instance where the Acunetix 360 Scanner Engine will be installed.
  3. From the already open ssh terminal, run the following commands:
  • If installing on Ubuntu or Kali Linux, use: sudo dpkg -i acunetix360-engine-*deb 
  • If installing on Suse or CentOS, use: sudo rpm -i acunetix360Engine-*rpm

  1. Enter the following required information during the installation:
  • Engine name – This allows you to distinguish this Engine from other Engines you might need to install
  • Engine API token – This can be retrieved from the Configure New Engine page in Acunetix 360 Online
  • Web URL –  The address you use to access the Acunetix 360 Web interface. (e.g. https://www.acunetix360.com). Do not include a trailing forward slash (/) at the end of the address.
  • License Key – The license key sent by Acunetix for the Acunetix 360 Engine (can be also copied from the Configure New Engine page)
  • Company – Your company name
  • Name – Your first name and surname
  • Phone Number – Your phone number
  • Email – Your email address
  • Country code – Your country code
  1. The Acunetix 360 Engine installation process will continue.
  2. Once the engine installation is finished, go back to the Acunetix 360 UI. From the sidebar, click Engines, then Manage Engines, to confirm that the newly installed Acunetix 360 engine has been correctly configured.

Creating a Scanner Engine Image

Next, you need to create an AMI that will be used as a base image for new scans.

How to Create a Scanner Engine Image
  1. In the AWS console, open the EC2 instances page.
  2. Stop the Acunetix 360 engine instance.
  3. Once the engine instance has stopped, right click on the instance, and click Create Image.
  4. Enter a name for your image and click Create Image.

  1. From the sidebar, click AMIs. Save your AMI ID (as you will need it later in the process).

Configure the Acunetix 360 Web Application

Next, you need to configure your AWS settings in Acunetix 360.

How to Configure the Acunetix 360 Web Application
  1. Log in to Acuetix 360.
  2. From the sidebar, click Settings then Cloud Provider. The Cloud Provider page is displayed.
  3. Enable the Cloud Integration checkbox.
  4. Enter your AWS settings on that page. The Deployment Bucket Name field is not required, so you can enter a dummy value for it.

  1. Complete the following fields as indicated:
  • Web Application Access Key: This is the access key information for the WebApp user (A360WebApp in our example).
  • Web Application Secret Key: This is the access key information for the WebApp user (A360WebApp in our example).
  • Engine Access Key: This is the access key information for the Engine user (A360Engine in our example).
  • Engine Secret Key: This is the access key information for the Engine user (A360Engine in our example).
  • Deployment Bucket Name: This optional setting is not required in most situations. You can enter dummy data.
  • Region Endpoint Name: This is the Availability Zone for the Acunetix 360 engine instance. You can find it by going to the EC2 page, then clicking on the Acunetix 360 engine instance, then Availability Zone.
  • Scan Data Bucket Name: This is the name of the Scan Data Bucket (exampleinc.a360.scandata in our example).
  • Screenshot Bucket Name: This is the name of the Screenshot Data Bucket (exampleinc.a360.scanscreenshots in our example).
  • Engine Bucket Name: This is an optional setting is not required in most situations. You can enter dummy data.
  • EC2 Engine Image ID: This is the AMI ID. You can find it by going to the EC2 page, then clicking on the Acunetix 360 engine instance, then AMI ID (e.g. ami-01b9ed789f6d2de26).
  • EC2 Engine Instance Assigned Name: This is the instance name. You can find it by going to the EC2 page, then clicking on Name.
  • EC2 Engine Instance Security Group: This is the ID of the security group for the Acunetix 360 engine instance. You can find it by going to the EC2 page, then clicking on the Acunetix 360 engine instance, then Security Group, then Group ID (e.g. sg-954568ea).
  • EC2 Engine Instance Type: This is the Instance Type for the Acunetix 360 engine instance. You can find it by going to the EC2 page, then clicking on the Acunetix 360 engine instance, then Instance Type (e.g. m5.large).
  • EC2 Subnet ID: This is the ID of the Subnet for the Acunetix 360 engine instance. You can find it by going to the EC2 page, then clicking on the Acunetix 360 engine instance, then Subnet ID (e.g. subnet-2c225036).
  • EC2 Key Pair Name: This is the name of the Key pair for the Acunetix 360 engine instance. You can find it by going to the EC2 page, then clicking on the Acunetix 360 engine instance, then Key pair name.

  1. You can now run new scans on your AWS environment. When a scan is started, a new instance of the AMI is automatically created, and the scan is run on this new instance. 

 

« Back to the Acunetix Support Page