Preparation

This section guides you through preparing your system for the installation of Access Decision Service (ADS).

Setup the Axiomatics AWS CLI account

First, you need to setup your AWS account as Access Decision Service (ADS) is downloaded through the AWS CLI. If not already installed:

1. Follow the instructions in the AWS CLI Installation GuideOpens in a new tab.
2. Configure your AWS CLI account with the provided Access key ID and Secret access key using aws configure, as detailed hereOpens in a new tab.

Download the installation files

Once your AWS CLI account is ready, you can proceed with downloading the necessary installation files.

ADS is a Java application that comes preconfigured for easier deployment and can be deployed in one of the following ways:

• JAR Download a .jar file containing all the preconfigured files for the JAR deployment.

• Kubernetes Download a .zip distribution file containing a preconfigured installation.

According to your deployment, execute the following command in your terminal:

JAR

aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/access-decision-service/26.1.1/access-decision-service-26.1.1.jar access-decision-service-26.1.1.jar

This command will save the .jar file to your computer.

Kubernetes

aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/access-decision-service/26.1.1-0/access-decision-service-26.1.1-0.zip access-decision-service-26.1.1-0.zip

Extract the ADS distribution .zip file to the folder from where you want to run ADS.

Verify the image signature

ADS K8s images are signed using Sigstore Cosign. This allows you to verify the integrity and authenticity of the downloaded artifacts. Follow the steps below to do so:

1. Download and install Cosign from the official Github repoOpens in a new tab.

2. Request from Axiomatics Customer SupportOpens in a new tab the public key (*.pub).

3. Log in to the Amazon ECR registry provided by Axiomatics.

   aws ecr get-login-password --region eu-central-1 | docker login --username AWS --password-stdin 748131003707.dkr.ecr.eu-central-1.amazonaws.com

4. Verify the image signature.

   Important

   Replace the placeholders <public_key_filename> and <hash> before running the command.

   cosign verify --key <public_key_filename>.pub \
   748131003707.dkr.ecr.eu-central-1.amazonaws.com/axiomatics/access-decision-service/@sha256:<hash>

5. The system performs the verification and displays output similar to the following:

   Verification for ...@sha256:... --
   The following checks were performed on each of these signatures:
     - The cosign claims were validated
     - Verified OK

   Verification output example