HailBytes ASM Tutorial

Deploy HailBytes ASM on AWS

Launch a fully-configured HailBytes ASM instance on AWS in under 5 minutes using CloudFormation.

Overview

This tutorial guides you through deploying HailBytes ASM on AWS using our pre-configured CloudFormation template. The deployment includes EC2 instance, RDS PostgreSQL database, ElastiCache Redis for Celery task queue, and docker-compose orchestration for all reconnaissance services. The same template is supported in AWS GovCloud (US) for federal customers and pen-test firms working under government contracts.

Prerequisites

  • AWS Account with EC2 and RDS permissions
  • Basic understanding of AWS CloudFormation
  • SSH key pair for EC2 access
  • Domain name for SSL configuration (optional)

What You'll Get

  • EC2 instance running HailBytes ASM (t3.large recommended)
  • RDS PostgreSQL 16 database with PgBouncer connection pooling
  • ElastiCache Redis for Celery 5.4 + Celery Beat task management
  • Docker-compose with all 30+ reconnaissance tools (multi-arch ARM64/AMD64)
  • Built-in MCP server exposing 16 tools for AI-agent orchestration
  • Security group with HTTPS (443) and Admin (8000) ports
  • Elastic IP for consistent access
  • Pre-configured NGINX reverse proxy with SSL

Deploying to AWS GovCloud (US)

HailBytes ASM ships the same hardened Ubuntu 24.04 LTS Marketplace image in AWS GovCloud (US) regions. To deploy under FedRAMP-aligned workloads:

  • Subscribe in the AWS GovCloud Marketplace listing using your GovCloud account
  • Use the same CloudFormation template; specify us-gov-west-1 or us-gov-east-1 as the region
  • RDS PostgreSQL 16 and ElastiCache Redis are both available in GovCloud
  • Continuous attack surface monitoring stays inside your authorized cloud boundary
HailBytes ASM AWS deployment architecture showing VPC with ALB, Django app, Celery workers, ElastiCache Redis, RDS PostgreSQL, optional GPU instance for Ollama AI, and CloudWatch monitoring

AWS Deployment Architecture - What you'll build in this tutorial

Step 1: Access AWS CloudFormation

Log into your AWS Console and navigate to the CloudFormation service. Select a region with good performance for your location (us-east-1, us-west-2, or eu-west-1 recommended). For federal workloads, use us-gov-west-1 or us-gov-east-1 via your GovCloud account.

  1. Go to AWS Console → Services → CloudFormation
  2. Click "Create Stack" → "With new resources (standard)"
  3. Select "Template is ready"
  4. Choose "Upload a template file"

Step 2: Upload HailBytes Template

Download our CloudFormation template and upload it to AWS:

# Download template
curl -O https://hailbytes.com/templates/hailbytes-asm-cloudformation.yaml

# Or use AWS CLI
aws cloudformation create-stack \
  --stack-name hailbytes-asm-production \
  --template-url https://hailbytes.com/templates/hailbytes-asm-cloudformation.yaml \
  --parameters \
    ParameterKey=InstanceType,ParameterValue=t3.large \
    ParameterKey=DBInstanceClass,ParameterValue=db.t3.medium \
  --capabilities CAPABILITY_IAM

Upload the file in the CloudFormation console and click "Next".

Step 3: Configure Stack Parameters

Set the following parameters for your HailBytes ASM deployment:

ParameterValueDescription
StackNamehailbytes-asm-productionUnique stack identifier
InstanceTypet3.large2 vCPU, 8GB RAM (minimum)
KeyPairyour-key-nameSSH access key
AdminEmailadmin@yourcompany.comInitial admin account
DBInstanceClassdb.t3.mediumPostgreSQL database size
RedisNodeTypecache.t3.smallRedis cache for Celery
VolumeSize100EBS volume size (GB)

Step 4: Review and Deploy

Review your configuration and launch the stack. Deployment typically takes 5-8 minutes.

  1. Review all parameters
  2. Check "I acknowledge that AWS CloudFormation might create IAM resources"
  3. Click "Create Stack"
  4. Monitor the "Events" tab for deployment progress
  5. Wait for status "CREATE_COMPLETE"

Step 5: Access Your HailBytes ASM Dashboard

Once deployment completes, access your HailBytes ASM instance using the provided URLs.

# Get outputs from CloudFormation
aws cloudformation describe-stacks \
  --stack-name hailbytes-asm-production \
  --query 'Stacks[0].Outputs'

# Outputs:
# - WebURL: https://asm.yourcompany.com
# - AdminURL: https://asm.yourcompany.com:8000/admin
# - DatabaseEndpoint: hailbytes-asm-db.abc123.us-east-1.rds.amazonaws.com
# - RedisEndpoint: hailbytes-asm-redis.abc123.cache.amazonaws.com
# - DefaultUsername: admin
# - DefaultPassword: (check CloudFormation outputs or EC2 user data)

Navigate to the Web URL in your browser and log in with the default credentials. You'll be prompted to change your password on first login.

Understanding the Architecture

HailBytes ASM uses a containerized architecture managed by docker-compose:

Architecture Components

ComponentPurposeTechnology
Web ApplicationDjango web interfaceDjango 4.2 (ASGI: Gunicorn + Uvicorn) + React
DatabaseData persistenceRDS PostgreSQL 16 + PgBouncer
Celery WorkersAsync task processing & scheduled scansCelery 5.4 + Celery Beat
Message BrokerTask queue managementElastiCache Redis
MCP ServerAI-agent orchestration (16 tools)Built-in; Claude / Cursor / Windsurf compatible
Recon Tools30+ scanning enginessubfinder, httpx, nuclei, etc. (multi-arch ARM64/AMD64)
Reverse ProxySSL termination & routingNGINX with Let's Encrypt
# SSH into your instance to view running containers
ssh -i your-key.pem ec2-user@

# View docker-compose services
cd /opt/hailbytes-asm
docker-compose ps

# Expected output:
NAME                         STATUS              PORTS
hailbytes-asm-web-1          Up 5 minutes
hailbytes-asm-celery-1       Up 5 minutes
hailbytes-asm-celery-beat-1  Up 5 minutes
hailbytes-asm-redis-1        Up 5 minutes
hailbytes-asm-proxy-1        Up 5 minutes        0.0.0.0:8082->8082/tcp, 0.0.0.0:443->443/tcp

Post-Deployment Configuration

Complete these steps to secure and optimize your deployment:

Security Checklist

  • ✓ Change default admin password immediately
  • ✓ Configure SSL certificate via Let's Encrypt or ACM
  • ✓ Restrict security group to your IP addresses
  • ✓ Enable CloudWatch logs for monitoring
  • ✓ Set up automated backups via AWS Backup
  • ✓ Configure Route 53 DNS for your domain
  • ✓ Enable RDS encryption at rest
  • ✓ Configure OpenAI or local Ollama (NVIDIA CUDA / AMD ROCm) for AI-powered analysis (optional)
  • ✓ Connect AI agents (Claude Desktop / Code, Cursor, Windsurf) to the built-in MCP server (optional)

Configure SSL with Let's Encrypt

Set up free SSL certificates for your HailBytes ASM instance:

# SSH into EC2 instance
ssh -i your-key.pem ec2-user@

# Update domain in NGINX configuration
sudo nano /opt/hailbytes-asm/docker/proxy/config/hailbytes_asm.conf

# Update server_name directive
server_name asm.yourcompany.com;

# Install certbot
sudo yum install -y certbot python3-certbot-nginx

# Generate certificate
sudo certbot --nginx -d asm.yourcompany.com

# Follow prompts to complete setup
# Certbot will automatically configure NGINX and set up auto-renewal

Ensure your domain's DNS A record points to your Elastic IP before running certbot.

Troubleshooting

Common Issues

Stack Creation Failed:

  • Check CloudFormation Events tab for error details
  • Verify you have sufficient EC2 instance limits in your region
  • Ensure IAM permissions for CloudFormation, EC2, RDS, and ElastiCache
  • Confirm your selected AZs support the chosen instance types

Cannot Access Web Dashboard:

  • Verify security group allows inbound traffic on port 8082 and 443
  • Check EC2 instance status is "running"
  • Review docker-compose logs: docker-compose logs -f web
  • Ensure RDS database is available and accessible

Scans Not Running:

  • Check Celery worker status: docker-compose logs celery
  • Verify Redis connection: redis-cli -h <redis-endpoint> ping
  • Ensure EC2 instance has internet access for downloading tools
  • Check disk space: df -h

Cost Estimation

Monthly AWS costs for typical HailBytes ASM deployment:

ResourceConfigurationEst. Monthly Cost
EC2 Instancet3.large (2 vCPU, 8GB)$60
RDS PostgreSQLdb.t3.medium (50GB storage)$50
ElastiCache Rediscache.t3.small$25
EBS Storage100GB GP3$8
Elastic IP1 static IP$0
Data Transfer~200GB/month$18
Total~$161/month

Next Steps

Run Your First Scan

Learn how to configure and execute your first reconnaissance scan.

View Tutorial →

Configure AI Analysis

Enable GPT-powered vulnerability analysis and automated reports.

View Tutorial →

Need Help?

If you encounter issues during deployment, our support team is here to help.

Contact Support

Get the Free HailBytes ASM Getting Started Guide

A 7-part email series covering everything from your first deployment to advanced configuration and real-world workflows. One email per day, no spam.