Illumio has provided two deployment methods, either as a container using the included Dockerfile, or as a .zip file. These instructions are intended for a Unix-type system, such as Linux or macOS.
These instructions require that git, Docker, and the AWS CLI be installed locally.
- Clone the illumio-guard-duty-shield repository and navigate to the directory
git clone https://github.com/illumiolabs/illumio-guard-duty-shield.git
cd ./illumio-guard-duty-shield- Build the docker image
docker build -t illumio-guard-duty-shield:latest -f src/Docker/Dockerfile .- Create a new ECR repo and push the image. Substitute your accountID and region where required
aws ecr create-repository --region <region> --repository-name illumio-guard-duty-shield --image-scanning-configuration scanOnPush=true
docker tag illumio-guard-duty-shield:latest <accountID>.dkr.ecr.<region>.amazonaws.com/illumio-guard-duty-shield:latest
aws ecr get-login-password --region <region> | docker login --username AWS --password-stdin <accountID>.dkr.ecr.<region>.amazonaws.com
docker push <accountID>.dkr.ecr.<region>.amazonaws.com/illumio-guard-duty-shield:latest- You can automate the final steps by using the included CloudFormation template
to complete the following steps:
- Edit the src/Docker/illumio-Guard-Duty-Shield-Docker.yaml file with your relevant variables and then use CloudFormation to create the Illumio Guard Duty Shield Lambda function
aws cloudformation deploy --template-file src/Docker/illumio-Guard-Duty-Shield-Docker.yaml --stack-name illumio-guard-duty-shield --capabilities CAPABILITY_NAMED_IAM
- Otherwise, you may log in to AWS and continue with the AWS Web UI
- Navigate to the AWS Lambda service and click the orange Create function button in the top right corner
- Select Container image to deploy a container-based Lambda function
- Provide a Function Name, such as
Illumio-Guard-Duty-Shield - Enter the Container image URI you pushed earlier
<accountID>.dkr.ecr.<region>.amazonaws.com/illumio-guard-duty-shield:latest- Click Create Function at the bottom right
- You will be directed to the Illumio-Guard-Duty-Shield's Function overview page
- Select the Configuration tab towards the bottom of the page, and then Environment variables
- Create the following Environmental variables by clicking Edit and Add environment variable
- ILLUMIO_SERVER - The Illumio PCE hostname (ex. illumiopce.company.com)
- ILO_API_KEY_ID - The API key id
- ILO_API_KEY_SECRET - The API key secret
- ILO_API_VERSION - Version of Illumio API
- ILO_ORG_ID - Illumio PCE Org ID to be utilized for this deployment
- ILO_PORT - Illumio PCE port
- THREAT_LIST_KEY - Numerical href id of the IP list to be updated. It is found in the URL as seen in this image
- Once you have added values for each of these variables, click the orange Save button at the bottom right
- We will need to create a CloudWatch Rule for this, so navigate to the AWS CloudWatch service
- On the left side of the screen click Rules under Events
- Click Create rule and under Event Source select GuardDuty as the Sevice Name
- Click Add target to the right, and select Illumio-Guard-Duty-Shield as the Lambda Function
- Click Configure details at the bottom right of the page and
- Provide a Rule Name, such as
IllumioGuardDutyRuleand click Create rule - If you return to the Illumio-Guard-Duty-Shield Lambda function we created earlier, you will see an EventBridge (CloudWatch Events) has been added to the triggers.
These instructions require that git and pip3 are installed locally.
- Clone the illumio-guard-duty-shield repository and navigate to the app subdirectory
git clone https://github.com/illumiolabs/illumio-guard-duty-shield.git
cd ./illumio-guard-duty-shield/src/app- Install the requests package to a subdirectory with pip
pip3 install requests --target ./package- Navigate to the package subdirectory, create a .zip file in the zip folder containing the package folder contents, then add the lambda_function.py to the .zip file, and return to the root directory.
cd ./package
zip -r ../src/zip/illumio-guard-duty-shield.zip .
cd ../src/app/
zip -g ../zip/illumio-guard-duty-shield.zip lambda_function.py- You can automate the final steps by using the included CloudFormation template
and an S3 bucket to complete the following steps:
- If necessary, create an S3 bucket
aws s3api create-bucket --bucket <globally unique bucket name> --region <region> --create-bucket-configuration LocationConstraint=<region>
- Upload the zip file to your S3 bucket
aws s3 cp src/zip/illumio-guard-duty-shield.zip s3://<globally unique bucket name>/
- Edit the src/zip/illumio-Guard-Duty-Shield.yaml file with your relevant variables and then use CloudFormation to create the Illumio Guard Duty Shield Lambda function
aws cloudformation deploy --template-file src/zip/illumio-Guard-Duty-Shield.yaml --stack-name illumio-guard-duty-shield --capabilities CAPABILITY_NAMED_IAM
- Otherwise, you may log in to AWS and continue with the AWS Web UI
- Navigate to the AWS Lambda service and click the orange Create function button in the top right corner
- Select Author from scratch to deploy from a .zip file
- Provide a Function Name, such as
Illumio-Guard-Duty-Shield - Click Create Function at the bottom right
- Within "Code source" panel click Upload from and select Upload a .zip file
- Click Upload and choose the illumio-guard-duty-shield.zip file created in the src/zip folder
- Next, click the Configuration tab, and then Environment variables
- Create the following Environmental variables by clicking Edit and Add environment variable
- ILLUMIO_SERVER - The Illumio PCE hostname (ex. illumiopce.company.com)
- ILO_API_KEY_ID - The API key id
- ILO_API_KEY_SECRET - The API key secret
- ILO_API_VERSION - Version of Illumio API
- ILO_ORG_ID - Illumio PCE Org ID to be utilized for this deployment
- ILO_PORT - Illumio PCE port
- THREAT_LIST_KEY - Numerical href id of the IP list to be updated. It is found in the URL as seen in this image
- Once you have added values for each of these variables, click the orange Save button at the bottom right