• Wallarm account in the EU Cloud or US Cloud
• Username and password of the user with the Deploy role added to your company's Wallarm account. To add a new user, please follow the instructions
• AWS account and user with the admin permissions
• Accepted Terms for the WordPress Certified by Bitnami and Automattic and Wallarm Node (AI‑based NG-WAF instance) by Wallarm products on AWS Marketplace
• Installed terraform CLI tools version 0.12.18 or later
• Installed jq CLI tools
• Installed git CLI tools
• Installed aws CLI tools

1. Download Terraform code example.
2. Prepare Terraform environment and variables.
3. Deploy described stack.
4. Test Wallarm node operation.

Terraform code used in this example can be cloned from the open GitHub repository using the following command:

git clone -b stable/3.6 --single-branch https://github.com/wallarm/terraform-example.git

To clone the example code for the lower node version, please replace 3.6 with the relevant value in the branch name.

Configuration files are located in the terraform folder of the repository:

• variables.tf is used to define necessary Terraform variables which describe the managed environment
• main.tf holds the Terraform code which performed the actual AWS provisioning

1. Set environment variables with credentials for the Wallarm user with the Deploy role:

   export TF_VAR_deploy_username='DEPLOY_USERNAME'
   export TF_VAR_deploy_password='DEPLOY_PASSWORD'
   

   • DEPLOY_USERNAME is the email of the user with the Deploy role
   • DEPLOY_PASSWORD is the password of the user with the Deploy role

2. Set environment variables with your AWS access keys:

   export AWS_ACCESS_KEY_ID='YOUR_ACCESS_KEY_ID'
   export AWS_SECRET_ACCESS_KEY='YOUR_SECRET_ACCESS_KEY'
   

   • YOUR_ACCESS_KEY_ID is your access key ID
   • YOUR_SECRET_ACCESS_KEY is your secret access key

3. (Optional) Specify your public SSH key in the key_pair variable in the variables.tf file, if you plan to access the employed EC2 instances using SSH.

4. (Optional) Specify the api.wallarm.com API endpoint in the wallarm_api_domain variable in the variables.tf file, if you use the EU Cloud. If you use the US Cloud, please leave an existing value.

5. (Optional) Set AWS region data in the variables listed below in the variables.tf file. The provided example is configured for AWS region us-west-1 (North California).

   • aws_region (you can find the list of AWS regions here)
   • az_a
   • az_b
   • wallarm_node_ami_id with the used AWS EC2 Wallarm filtering node image ID got by the command below. Please replace REGION_CODE by aws-region value:

   aws ec2 describe-images --filters "Name=name,Values=*wallarm-node-3-6*" --region REGION_CODE | jq -r '.Images[] | "\(.ImageId)"'
   

   • wordpress_ami_id with the used AWS EC2 Wordpress image ID got by the command below. Please replace REGION_CODE by aws-region value:

   aws ec2 describe-images --filters "Name=name,Values=*bitnami-wordpress-5.3.2-3-linux-ubuntu-16.04*" --region REGION_CODE | jq -r '.Images[] | "\(.ImageId)"'
   

1. Go to the terraform folder of the cloned repository:

   cd terraform-example/terraform
   

2. Deploy the whole stack using the following commands:

   terraform init
   terraform plan
   terraform apply
   

After a successful run, Terraform will print out a DNS name of the deployed NLB instance. For example:

Apply complete! Resources: 4 added, 2 changed, 4 destroyed.

Outputs:

waf_nlb_dns_name = [
  "tf-wallarm-demo-asg-nlb-7b32738728e6ea44.elb.us-east-1.amazonaws.com",
]

The DNS name can be used to access the freshly installed Wordpress service with Wallarm cluster deployed in front of it.

The Wallarm cluster is configured with a self-signed SSL certificate so it should be possible to access the same DNS name using HTTPS protocol but the browser will show a security warning.

You can simulate a web attack by adding /?id='or+1=1--a-<script>prompt(1)</script>' to the web request - the request should be blocked by Wallarm with response code 403:

A few minutes after simulating a web attack it should be possible to see two blocked attacks - SQLI and XSS - in Wallarm Console → Events:

Wallarm node deployment settings are performed in the wallarm_launch_config object of the main.tf file. To change settings to your own, please use directive description available by the link.

To remove the demonstration environment, please use the terraform destroy command.

Please try to run terraform apply one more time. This should solve the problem.

You can get a remote access to the server using user admin and proper SSH private key.

1. Get a remote access to the server using user admin and proper SSH private key.

2. Review cloud-init logs:

   • /var/log/cloud-init.log
   • /var/log/cloud-init-output.log

3. Review running processes using the command ps -ef.

4. Check the NGINX configuration for correctness using command nginx -t.

5. Review NGINX error logs in the file /var/log/nginx/error.log.