Deploy WebGoat to ECS Fargate

Build and push WebGoat

Now we will build WebGoat, a purposely vulnerable web application, using the Dockerfile we copied into the modernization-workshop root directory, tag it and push it to ECR. Note that the docker build step can take 10 minutes or more.

cd ~/environment/modernization-workshop
docker build -t modernization-workshop .

docker tag modernization-workshop:latest $(aws ecr describe-repositories --repository-name modernization-workshop --query=repositories[0].repositoryUri --output=text):latest


eval $(aws ecr get-login --no-include-email)
docker push $(aws ecr describe-repositories --repository-name modernization-workshop --query=repositories[0].repositoryUri --output=text):latest

If you watch the screen you should see the docker image build process animating the terminal

If successful, you should see the message as below.

Deploy WebGoat to Fargate Service

Now we are going to deploy a new stack with WebGoat, a purposely vulnerable web application, instrumented with Contrast Security.

Create the new stack.

cd ~/environment/modernization-workshop/modules/40_contrast_security
aws cloudformation create-stack --stack-name WorkshopECS --template-body file://webgoat-ecs-fargate.yaml --parameters file://ecs-parameters.json --capabilities CAPABILITY_NAMED_IAM

until [[ `aws cloudformation describe-stacks --stack-name "WorkshopECS" --query "Stacks[0].[StackStatus]" --output text` == "CREATE_COMPLETE" ]]; do  echo "The stack is NOT in a state of CREATE_COMPLETE at `date`";   sleep 30; done && echo "The Stack is built at `date` - Please proceed"

This step takes approximately 3 minutes and if successfully, you should see the message as below.

To test, run the following query and copy the URL you obtain from the output into the address bar of a web browser. You should see something similar to the image below.

echo http://$(aws elbv2 describe-load-balancers --names="Modernization-Workshop-LB" --query="LoadBalancers[0].DNSName" --output=text)/WebGoat

WebGoat UI