Overview

App and API Protection works by leveraging the Datadog Node.js library to monitor and secure your Node.js service. The library integrates seamlessly with your existing application without requiring code changes.

For detailed compatibility information, including supported Node.js versions, frameworks, and deployment environments, see Node.js Compatibility Requirements.

This guide explains how to set up App and API Protection (AAP) for Node.js applications. The setup involves:

1. Installing the Datadog Agent
2. Enabling App and API Protection monitoring
3. Running your Node.js application with the Datadog Agent
4. Verifying the setup

Prerequisites

• AWS Fargate environment
• Node.js application containerized with Docker
• AWS CLI configured with appropriate permissions
• Your Datadog API key
• Datadog Node.js tracing library (see version requirements)

1. Installing the Datadog Agent

Install the Datadog Agent in your Fargate task definition:

{
  "containerDefinitions": [
    {
      "name": "datadog-agent",
      "image": "public.ecr.aws/datadog/agent:latest",
      "environment": [
        {
          "name": "DD_API_KEY",
          "value": "<YOUR_API_KEY>"
        },
        {
          "name": "DD_APM_ENABLED",
          "value": "true"
        },
        {
          "name": "DD_APM_NON_LOCAL_TRAFFIC",
          "value": "true"
        }
      ]
    }
  ]
}

2. Enabling App and API Protection monitoring

Automatically enabling App and API Protection through Remote Configuration

You can enable remote configuration on your services dashboard. Simply check the box for the service you want to enable App and API Protection for under "Activate on your APM services".

Manually enabling App and API Protection monitoring

Ensure your Dockerfile includes the Datadog Node.js library:

FROM node:18-alpine

# Install the Datadog Node.js library
RUN npm install dd-trace

# Copy your application files
COPY package*.json ./
COPY . .
RUN npm install

# Start the application with the Datadog tracer
CMD ["node", "--require", "dd-trace/init", "app.js"]

{
  "containerDefinitions": [
    {
      "name": "your-nodejs-app",
      "image": "your-nodejs-app-image",
      "environment": [
        {
          "name": "DD_APPSEC_ENABLED",
          "value": "true"
        },
        {
          "name": "DD_SERVICE",
          "value": "<YOUR_SERVICE_NAME>"
        },
        {
          "name": "DD_ENV",
          "value": "<YOUR_ENVIRONMENT>"
        }
      ]
    }
  ]
}

{
  "containerDefinitions": [
    {
      "name": "your-nodejs-app",
      "image": "your-nodejs-app-image",
      "environment": [
        {
          "name": "DD_APPSEC_ENABLED",
          "value": "true"
        },
        {
          "name": "DD_APM_TRACING_ENABLED",
          "value": "false"
        },
        {
          "name": "DD_SERVICE",
          "value": "<YOUR_SERVICE_NAME>"
        },
        {
          "name": "DD_ENV",
          "value": "<YOUR_ENVIRONMENT>"
        }
      ]
    }
  ]
}

3. Run your application

Deploy your Fargate task with the updated configuration:

aws ecs register-task-definition --cli-input-json file://task-definition.json
aws ecs run-task --cluster your-cluster --task-definition your-task-definition

4. Verify setup

To verify that App and API Protection is working correctly:

1. Send some traffic to your application
2. Check the Application Signals Explorer in Datadog
3. Look for security signals and vulnerabilities

Troubleshooting

If you encounter issues while setting up App and API Protection for your Node.js application, see the Node.js App and API Protection troubleshooting guide.

Further Reading

추가 유용한 문서, 링크 및 기사:

How App and API Protection WorksDOCUMENTATION OOTB App and API Protection RulesDOCUMENTATION Troubleshooting App and API ProtectionDOCUMENTATION