Deploy WebGoat to ECS Fargate
Build and push WebGoat
Now we will build WebGoat, a purposely vulnerable web application, using the Dockerfile we copied into the modernization-workshop root directory, tag it and push it to ECR. Note that the docker build step can take 10 minutes or more.
cd ~/environment/modernization-workshop
docker build -t modernization-workshop .
docker tag modernization-workshop:latest $(aws ecr describe-repositories --repository-name modernization-workshop --query=repositories[0].repositoryUri --output=text):latest
eval $(aws ecr get-login --no-include-email)
docker push $(aws ecr describe-repositories --repository-name modernization-workshop --query=repositories[0].repositoryUri --output=text):latest
If you watch the screen you should see the docker image build process animating the terminal
If successful, you should see the message as below.
Deploy WebGoat to Fargate Service
Now we are going to deploy a new stack with WebGoat, a purposely vulnerable web application, instrumented with Contrast Security.
Create the new stack.
cd ~/environment/modernization-workshop/modules/40_contrast_security
aws cloudformation create-stack --stack-name WorkshopECS --template-body file://webgoat-ecs-fargate.yaml --parameters file://ecs-parameters.json --capabilities CAPABILITY_NAMED_IAM
until [[ `aws cloudformation describe-stacks --stack-name "WorkshopECS" --query "Stacks[0].[StackStatus]" --output text` == "CREATE_COMPLETE" ]]; do echo "The stack is NOT in a state of CREATE_COMPLETE at `date`"; sleep 30; done && echo "The Stack is built at `date` - Please proceed"
This step takes approximately 3 minutes and if successfully, you should see the message as below.
To test, run the following query and copy the URL you obtain from the output into the address bar of a web browser. You should see something similar to the image below.
echo http://$(aws elbv2 describe-load-balancers --names="Modernization-Workshop-LB" --query="LoadBalancers[0].DNSName" --output=text)/WebGoat
