Production ready deployment on AWS
CDK script to deploy Hyperswitch Card Vault on AWS
Last updated
CDK script to deploy Hyperswitch Card Vault on AWS
Last updated
This section covers the steps for deploying the Hyperswitch card vault as an individual component
If you're looking for a production grade deployment of the card vault to be used along with the Hyperswitch application, refer to the the full-stack deployment guide of Hyperswitch which includes the card locker as well.
Pre-requisites
git
installed on your local machine
node version 18
An AWS user account with admin access (you can create an account here if you do not have one)
Create a new user in your AWS account from IAM -> Users
(as shown below)
While setting permissions, provide admin access to the user
For this step you would need the following from your AWS account
Preferred AWS region
Access key ID
Secret Access Key
Session Token (if you MFA set up)
You can create or manage your access keys from IAM > Users
inside your AWS Console. For more information, click here
Once you have the keys run the below command
Run the below commands in the same terminal session
Once the script is run you will have to provide the following as inputs
Provide the master-key when prompted (command to generate the master-key will be displayed on the terminal; also note down the two custodian keys to start the locker)
Provide the Locker DB password of your choice when prompted
If you want to deploy the card vault in an existing VPC of yours, provide the VPC ID when prompted.
Note: The VPC should have at least one private subnet with egress to deploy the card vault
If you don't have one or want to set up a new VPC leave the input blank and proceed
At this point your locker setup on the AWS account is complete. Please following the setups below to unlock the locker to make it read for use.
Run the following command to generate the key for the jump-server
Run the following command to update the permissions for your jump server key
Run the following command to SSH access your Card Vault instance through a jump server
Use the custodian keys to activate the locker (You can find the cURLs here) These cURLs are also displayed at the end of the script.
The locker_public key and the tenant_private key to use the locker with your application (Hyperswitch or otherwise) would be generated and available in the Parameter Store. Use the commands provided to fetch them.
On successful deployment of the Card Vault you will receive the following
Make sure to save the keys and passwords you provide while running the script
To start using it with Hyperswitch update the following environment variables while deploying. You can use it with any other tenant application using the respective card vault URL and JWE keys.
Output | What it is used for |
---|---|
Jump Locker SSH Key
This is used to Jump Locker SSH key to access the jump server
Jump Locker Public IP
The IP Address of the the Jump Server where you can activate the Card Vault
Locker IP
The URL of the Card Vault service
Locker Public Key
The public key of the card vault that needs to be used to JWE encrypt the requests to the card vault
Tenant Private Key
The private key of the tenant application that needs to be used to JWE decrypt the response from the card vault