Guide
Start typing to search…
  1. App & API Protector Hybrid
  2. Deploy a hybrid solution for consistent web applications security in all environments
  3. App & API Protector Hybrid on Amazon Web Services

Upgrades

Upgrade Protector in AWS-based deployment

Amazon Web Services (AWS) Marketplace always provides the latest version of the App & API Protector Hybrid Reverse Proxy AMI. Earlier versions are not retained. To upgrade your deployment, launch new EC2 instances from the latest AMI and replace the existing Protector instances in your load balancing configuration.

Follow the steps below whenever a new Protector software version is released:

Step 1. Launch new Protector EC2 instances from the latest AMI

Upgrades are performed by launching new Protector EC2 instances from the latest AMI available in AWS Marketplace. See Launch Protector EC2 instances for instructions.

Ensure the new instances can reach AWS Secrets Manager to retrieve the provisioning token. Token is required for registering the new EC2 instances with Akamai services. You don’t need a new token for upgrades, you can use your existing one.

Step 2. Validate the new Protector EC2 instances’ status in your Connection Configuration

Verify that all deployed instances are successfully registered in the App & API Protector Hybrid Connection Configuration dashboard. To do that, go to Akamai Control Center > ☰ > WEB & DATA CENTER SECURITY > App & API Protector Hybrid > Connection Configurations. Select a configuration and check if the instance ID matches the one launched on AWS. Its health status should be Good.

🚧

You can proceed to the next steps to register the new Protector EC2 instances in the target group only after you successfully register the instances with Akamai services and confirm that their instance status in the Connection Configuration is Good.

Step 3. Register the new Protector EC2 instances in the target group.

  1. In the Amazon EC2 Console, under Load Balancing, open Target Groups.
  2. Select the target group previously used by the Protector instances.
  3. Choose Targets > Edit.
  4. Select the newly launched Protector EC2 instances.
  5. Choose Include as pending below, then Save. Confirm that the new Protector EC2 instances appear in the target group and health checks begin running (the health status should include the number of instances you’ve registered).

Step 4. Remove the previous EC2 instances

After the new instances become healthy, deregister the previous Protector EC2 instances.

Step 5. Upgrade your Security Configuration to a new version that is compatible with the new Protector engine

After all new Protector EC2 instances are running the new Protector version, you can upgrade your Security Configuration in Akamai Control Center to a new version compatible with the new Protector version. This step is required to access features introduced in the new software version.

🚧

The option to upgrade your Security Configuration is available only when all EC2 instances run the same Protector version. The Upgrade button is not visible in your Connection Configuration or Security Configuration new version modal until this condition is met.

Step 6: Verify the deployment

  1. Confirm that the Network Load Balancer routes traffic to the Protector target group.
  2. Verify that requests are successfully forwarded to the origin application through the Application Load Balancer.
  3. Confirm that the new instances appear as healthy in the target group.

Your environment now runs the latest Protector version provided through the AWS Marketplace AMI.

Learn how to monitor Protector instances

Updated about 2 hours ago