DIAL - Deploying Parent and Child Controllers on AWS

DIAL - Deploying Parent and Child Controllers on AWS

This guide provides step-by-step instructions for deploying the Parent and Child Controllers for DIALv2. Follow the steps carefully to ensure a successful deployment.

Step 1: Packaging the Parent Controller

1.1 Create a Private S3 Bucket

Start by creating a private S3 bucket in your AWS account. This bucket will be used to store the deployment packages.

1.2 Configure theHive Integration (Optional)

If you are using a running instance of theHive, update the master/config.yaml file with the following parameters:

hive:

  Enabled: true

  Url: <theHiveInstance>/api/case

  ApiKey: <apiKey>

  • Replace <theHiveInstance> with your theHive instance URL.

  • Replace <apiKey> with your theHive API key.

If you do not plan to use theHive, set hive.Enabled to false.

hive:

  Enabled: false

1.3 Generate an Authentication Token

Generate a random authentication token using the following command:

openssl rand 16 | sha256sum

Update the auth.X-DIALv2-Master-auth key in the master/config.yaml file with this token:

auth:

  X-DIALv2-Master-auth: <authenticationToken>

1.4 Create Deployment Packages

Use the provided Makefile to package the Lambda layer and Parent Controller:

make layer

make master_package

This will create two files in the deployment folder:

  • layer.zip

  • master.zip

1.5 Upload Packages to S3

Upload these packages to your private S3 bucket:

aws s3 cp deployment/master.zip s3://<s3-bucket-name>/master.zip

aws s3 cp deployment/layer.zip s3://<s3-bucket-name>/layer.zip

Replace <s3-bucket-name> with your S3 bucket name.

Step 2: Deploying the Parent Controller

2.1 Using AWS Console

  1. Navigate to AWS CloudFormation.

  2. Create a new stack and upload the cfn/master-deployment-stack.yaml file as the template.

  3. Update the required parameters, including the S3 bucket name where you uploaded master.zip.

  4. Create the stack.

Once deployed, retrieve the API Gateway URL from the stack's output section. Save this URL for later use when configuring the Child Controller.

2.2 Using AWS CLI (Optional)

Deploy using AWS CLI with parameter overrides:

aws cloudformation deploy --template-file master-deployment-stack.yaml --stack-name 'DIALv2-Master' --capabilities 'CAPABILITY_NAMED_IAM'

Retrieve the API Gateway URL from the stack output:

aws cloudformation describe-stacks --stack-name 'DIALv2-Master' --query "Stacks[0].Outputs[?OutputKey=='DIALv2MasterApiGatewayURL'].OutputValue" --output text

Step 3: Attaching Parent Controller to VPC (Optional)

Skip this step if you set hive.Enabled to false.

If you are using theHive and need Lambda to send data to its web dashboard, attach the Parent Controller Lambda to a VPC and subnet where theHive is running:

  1. Open AWS Lambda Console.

  2. Navigate to the Parent Controller Lambda and go to the Configurations tab.

  3. Under VPC, select Edit and attach it to:

    • The VPC where theHive is running.

    • The appropriate subnet.

Update inbound rules on theHive instance's security group to accept traffic from this subnet and port (e.g., 172.21.0.0/24:9000).

Step 4: Packaging the Child Controller

4.1 Create a Private S3 Bucket

Create another private S3 bucket for storing Child Controller packages.

4.2 Update Configuration

Edit child/config.yaml with these updates:

  • Set Notifications.DIAL.Master-URL and Notifications.DIAL.X-DIALv2-Master-auth using values from Step 2:

DIAL:

  Enabled: true 

  Master-URL: https://<apiGatewayURL>/Prod/DIALv2

  X-DIALv2-Master-auth: <authenticationToken>

  • Update Slack webhook URL under Notifications.Slack.Hook.

  • Map your AWS accounts under Static.Account-Id-Map. For example:

Static: &defaultStaticMap

  Enrichment-URL: https://ipinfo.io/ 

  Account-Id-Map: &defaultStaticAccount-Id-Map

    PROD: '123412341234'

    STAGE: '098709870987'

    PCI: '123412341234'

    PROD-UAT: '123412341234'

  • Customize severity levels under Severity, if needed.

4.3 Create Deployment Package

Package the Child Controller using Makefile:

make child_package

Upload the package to your S3 bucket:

aws s3 cp deployment/child.zip s3://<s3-bucket-name>/child.zip

Step 5: Deploying the Child Controller

5.1 Single Account/Region Deployment

  1. Open AWS CloudFormation Console.

  2. Create a new stack and upload cfn/child-deployment-stack.yaml as the template.

  3. Update parameters, including your S3 bucket name where you uploaded child.zip.

  4. Create the stack.

5.2 Multi-Account/Region Deployment (Optional)

For multi-account or region deployments:

  1. Upload child.zip to an S3 bucket in your root or delegated admin account.

  2. Use cfn/child-stack-set-cfn-template.yaml for creating a StackSet.

  3. Deploy across selected AWS accounts and regions by providing appropriate parameters.

By following these steps, you can successfully deploy both Parent and Child Controllers for DIALv2 across single or multiple AWS accounts and regions! 

You can learn more and Download DIAL in GitHub.

Upgrade Your Cybersecurity Skills EHA: Learn 150+ Practical Cyber Security Courses Online With Life Time Access - Enroll Here

Back to blog