1. Support Center
  2. Documentation
  3. Enterprise Edition
  4. Getting started
  5. Deploying to the cloud
  6. AWS

Deploying Burp Suite Enterprise Edition on AWS

Deploying Burp Suite Enterprise Edition on AWS involves the following steps:

You perform almost all of these steps using CloudFormation templates, which are provided in the release notes for Burp Suite Enterprise Edition. The main CloudFormation template creates almost all of the required AWS infrastructure. This includes:

The template also creates the following temporary resources so that it can deploy the application to the EKS cluster for you:

Note

You will be charged for the few minutes that these temporary resources are used during the deployment process. However, once the deployment is complete, they will no longer be used and there will be no further charge for them.

There is also a separate template for setting up the required IAM roles. This template is provided separately because in some organizations, the user performing the actual deployment may not have the appropriate permissions to set up the IAM roles themselves.

Set up the IAM roles

To simplify the process, the provided IAM CloudFormation template will create the required roles for you if you do not have suitable ones in your AWS environment. If you have some of the roles already, you can modify the template to add only the ones that you are missing. Alternatively, you can add the missing ones manually.

Note

If you would prefer to create the roles manually, you can inspect the template to see which roles are required. In this case, you need to make a note of the Amazon Resource Names (ARNs) that correspond to each role; you will need these later when deploying Burp Suite Enterprise Edition.

To create your IAM roles using the CloudFormation template:

  1. Go to the release notes for the version of Burp Suite Enterprise Edition that you want to deploy. Copy the URI for the IAM CloudFormation template.
  2. Log in to your AWS console and go to "Services" > "CloudFormation" to open the CloudFormation console.
  3. Click "Create Stack" > "With New Resources".
  4. In the "Amazon S3 URL" field, enter the template URI that you copied from the release notes. Click "Next".
  5. In the "Stack Name" field, enter a name to help you identify the stack later, for example, burp-suite-enterprise-iam.
  6. Click "Next" and then click "Next" again.
  7. Select both of the following checkboxes:
    • I acknowledge that CloudFormation might create IAM resources
    • I acknowledge that AWS CloudFormation might require the following capability: CAPABILITY_AUTO_EXPAND
  8. Click "Create Stack". A new stack will appear in the list with the status CREATE_IN_PROGRESS.
  9. Wait for a few minutes while the stack is created. Eventually, the status will change to CREATE_COMPLETE.

Set up your database

When running Burp Suite Enterprise Edition on the cloud, you need to use an external database. You can use any of our supported database types. For beta testing, we recommend using Amazon's Relational Database Service (RDS).

  1. Create an RDS instance.
  2. Follow the instructions for setting up an external database. Make a note of the JDBC URL format; you will need to enter this later when deploying Burp Suite Enterprise Edition.
  3. Later, you will allocate two IP address ranges to the nodes in the EKS cluster. Check that the ranges that you want to use are able to access your database. This may involve setting up security groups and routing. By default, the cluster will use the following ranges:
    10.0.0.128/26
    10.0.0.192/26
    If you prefer, when deploying the application, you can set different ranges for the cluster using the CloudFormation template. If you do change the defaults, remember to update your database settings accordingly.

Generate an AWS access key

Before beginning the main deployment, you need to generate an AWS access key for the user who will perform the deployment process. This access key is required:

In future, we plan to create IAM roles that will remove the need to use an access key for these tasks. For the time being, we recommend using a dedicated key specifically for Burp Suite Enterprise Edition.

Create the main stack

You are now ready to create the stack and deploy the application using the main CloudFormation template.

  1. Go to the release notes for the version of Burp Suite Enterprise Edition that you want to deploy. Copy the URI for the main CloudFormation template.
  2. Log in to your AWS console and go to "Services" > "CloudFormation" to open the CloudFormation console.
  3. Click "Create Stack" > "With New Resources".
  4. In the "Amazon S3 URL" field, enter the template URI that you copied from the release notes. Click "Next".
  5. In the "Stack Names" field, enter a name to help you identify the stack later, for example, burp-suite-enterprise.
  6. In the "AWS Credentials" section, enter the details of the AWS access key that you created earlier.
  7. Under "Network Configuration", perform the following steps:
    • Check that you are happy with the IP address range for the new VPC that will be created. The default range is 10.0.0.0/24. Be aware that the ranges that you allocate to the EKS cluster later will need to be subnets of this range.
    • Enter two availability zones within your development region to use for the EKS cluster. Alternatively, you can leave these fields blank and the template will pick two availability zones for you.
    • Check that you are happy with the small IP address range for the public subnet. By default, this is 10.0.0.0/28.
    • Check that you are happy with the two IP address ranges that will be allocated to the nodes in the EKS cluster. The following ranges are used by default:
      10.0.0.128/26
      10.0.0.192/26
      If you change these, make sure that the new ranges you enter are subnets of the range you allocated to the VPC earlier. We recommend allocating at least half of a class C network to each subnet.
  8. Under "Database Configuration", enter the JDBC URL and credentials for your external database.
  9. Under "Admin User", enter the login credentials and email address that you want to use for the admin user. These are the credentials that you will use to log in and perform the initial setup of Burp Suite Enterprise Edition once it has been deployed.
  10. Click "Next" and then click "Next" again.
  11. Select both of the following checkboxes:
    • I acknowledge that CloudFormation might create IAM resources
    • I acknowledge that AWS CloudFormation might require the following capability: CAPABILITY_AUTO_EXPAND
  12. Click "Create Stack". A new stack will appear in the list with the status CREATE_IN_PROGRESS.
  13. Wait while the stack is created. This usually takes about 25-30 minutes. Eventually, the status will change to CREATE_COMPLETE.

Fetch the DNS name for launching the application

Now that the application is deployed, you need to fetch the associated DNS name so that you can launch Burp Suite Enterprise Edition.

  1. From your AWS console, go to "Services" > "EC2" to open the EC2 console.
  2. Click "Load Balancers".
  3. In the filter bar at the top of the page, enter Name : <your-stack-name>. This is the name that you specified earlier when creating the stack, for example:
    Name : burp-suite-enterprise
    Note that you need to include the spaces before and after the colon.
  4. Press the enter key to apply the filter. Only one result should be returned. Select this entry.
  5. From the "Description" tab, copy the "DNS name".
  6. The application is already accessible via your AWS environment. Set up the appropriate routing and visit the DNS name in your browser. You should be taken to the Burp Suite Enterprise Edition login page.

Note

Your deployment of Burp Suite Enterprise Edition will not be accessible from the public internet.

You can now log in using the admin username and password that you set using the CloudFormation template. You will be prompted to activate your license and perform the initial configuration for Burp Suite Enterprise Edition. The remainder of this process is the same as for an on-premise installation.