This Terraform project will deploy an AppSec Virtual Machine (Check Point Infinity Next Gateway) and an Azure WebAPP hosting the Juice Shop project for testing purposes.
- API Keys from Check Point portal, related to a Profile of Infinity Next Gateway
- Assumed Knowledge
- Terraform
- Azure CLI
- Reverse Proxy functionality
This is an specific use case to protect the PaaS Azure WebApp Services with Check Point AppSec solution to show the flexibility of deployments.
-
Clone repository, you will need all the files.
-
Modify tfvars to use your own variable values.
NOTE: The variable webapp_name must be unique, the application URL is generated from this variable.
-
Create a token on portal.checkpoint.com in the Infinity Policy app
-
When the terraform apply ends, you will have 2 new Resource Groups, one of them will contain a Web App enter to it and grab the URL to access Juice Shop.
-
In the assets you can create the same host as the one on the WebApp and select the upstream in the same value.
NOTE: create it only for HTTP, since you don't own the domain you will be not able to create a SSL Cert and can fail)
-
Modify your hosts file to translate the Web App URL into the Infinity Next Gateway machine's IP
-
Do a super cool demo
-
To tear down run "terraform destroy -auto-approve" and clean all