Guide

App & API Protector Hybrid on Amazon Web Services

App & API Protector Hybrid is a security solution that combines a CDN-hosted management dashboard with a deployable software engine (called Protector) that runs in your AWS environment. The dashboard is delivered via Akamai’s edge network and provides centralized access control, configuration management, and monitoring. The engine is packaged as an Amazon Machine Image (AMI) that you can provision directly in your AWS account.

Availability model

App & API Protector Hybrid is offered in a Bring-Your-Own-License (BYOL) model. This means you deploy App & API Protector AMI from AWS Marketplace, but you activate the software using a license key purchased directly from Akamai. No on-demand billing is currently available through AWS.

Setup and deployment flow on AWS

Before provisioning App & API Protector Hybrid AMI, you must create a Connection Configuration in Akamai Control Center. This configuration generates a deployment token, which is required during installation to connect your AWS instance to the dashboard.

The deployment flow is:

  1. Manage user access in Akamai Control Center. Make sure that you assign relevant roles and permissions before deployment. These permissions are required for creating configurations and managing deployment.
  2. Create a Connection Configuration in Akamai Control Center and generate a deployment token. You can optionally create a Security Configuration in this step to enable protections.
  3. Deploy App & API Protector Hybrid AMI from AWS Marketplace into your AWS environment. Use the provided AMI to provision App & API Protector Hybrid in your AWS account. During deployment, you will enter the token generated in the previous step.
  4. Create and activate a Security Configuration to enable protections. By default, all protections in a Security Configuration are set to Alert mode. Modify these settings as required to meet your security or operational needs.
  5. Monitor and manage your deployment through the App & API Protector Hybrid Connection Configurations page.

Before you begin

Before provisioning the App & API Protector Hybrid AMI, ensure that you have the following:

  • AWS account access. You must have an active AWS account with permissions to deploy virtual machine images from AWS Marketplace.
  • Valid App & API Protector Hybrid license key.
  • Access to Akamai Control Center and relevant roles assigned. These will enable you to create a Connection Configuration and get the token to authorize and authenticate the connection between Protector and Akamai services. You can also create a Security Configuration, though this step can be completed later.
  • Domain and certificate availability. If you plan to terminate TLS at the reverse proxy, have your TLS certificates and domain configuration ready. Read more about TLS and mTLS support
  • Outbound encryption support. If your company’s security policy requires encryption from the reverse proxy to the backend targets, verify that the services support encrypted communication.
  • Target hostname/IP. IP address or hostname where traffic is sent on its way to the origin application. It may be the application load balancer (ALB) or the origin application itself.

Next steps

Manage prerequisites and user access in Akamai Control Center

Updated 1 day ago