✨ Add Image CIS arm64/ubuntu (#65)

* arm64/ubuntu Signed-off-by: Manuel Weber <[email protected]> * add: arm64/ubuntu cis Signed-off-by: Manuel Weber <[email protected]> --------- Signed-off-by: Manuel Weber <[email protected]>
mondoohq · Jun 4, 2024 · 11aede1 · 11aede1
1 parent 64bfcbf
commit 11aede1
Show file tree

Hide file tree

Showing 5 changed files with 80 additions and 0 deletions.
diff --git a/aws/ec2-instances/README.md b/aws/ec2-instances/README.md
@@ -61,6 +61,8 @@ This repository contains Terraform code for provisioning AWS EC2 instances for t
 | Ubuntu 22.04 cnspec        | Latest Ubuntu 22.04 with latest cnspec                                   | `create_ubuntu2204_cnspec`      |                                                                                                                                                                       |
 | Ubuntu 22.04 CIS           | CIS Ubuntu Linux 22.04 LTS Benchmark - Level 1                           | `create_ubuntu2204_cis`         | [CIS Ubuntu Linux 22.04 LTS Benchmark - Level 1](https://aws.amazon.com/marketplace/pp/prodview-7afxz7ijttzk4?sr=0-1&ref_=beagle&applicationId=AWSMPContessa)         |
 | Ubuntu 22.04 CIS cnspec    | CIS Ubuntu Linux 22.04 LTS Benchmark - Level 1 with latest cnspec        | `create_ubuntu2204_cis_cnspec`  | [CIS Ubuntu Linux 22.04 LTS Benchmark - Level 1](https://aws.amazon.com/marketplace/pp/prodview-7afxz7ijttzk4?sr=0-1&ref_=beagle&applicationId=AWSMPContessa)         |
+| Ubuntu 22.04 CIS ARM           | CIS Ubuntu Linux 22.04 LTS Benchmark - Level 1 on ARM                          | `create_ubuntu2204_cis_arm`         | [CIS Ubuntu Linux 22.04 LTS Benchmark - Level 1 (ARM)](https://aws.amazon.com/marketplace/pp/prodview-r547agtl65wsu?sr=0-1&ref_=beagle&applicationId=AWS-EC2-Console)         |
+| Ubuntu 22.04 CIS ARM cnspec    | CIS Ubuntu Linux 22.04 LTS Benchmark - Level 1 with latest cnspec on ARM       | `create_ubuntu2204_cis_cnspec_arm`  | [CIS Ubuntu Linux 22.04 LTS Benchmark - Level 1 (ARM)](https://aws.amazon.com/marketplace/pp/prodview-r547agtl65wsu?sr=0-1&ref_=beagle&applicationId=AWS-EC2-Console)         |
 | Rocky 9                    | Latest Rocky 9 image                                                     | `create_rocky9`                 |                                                                                                                                                                       |
 | Rocky 9 cnspec             | Latest Rocky 9 image with latest cnspec                                  | `create_rocky9_cnspec`          |                                                                                                                                                                       |
 | Rocky 9 CIS                | CIS Rocky Linux 9 Benchmark - Level 1                                    | `create_rocky9_cis`             | [CIS Rocky Linux 9 Benchmark - Level 1](https://aws.amazon.com/marketplace/pp/prodview-4dof2bylegr46?sr=0-39&ref_=beagle&applicationId=AWSMPContessa)                 |

diff --git a/aws/ec2-instances/amis.tf b/aws/ec2-instances/amis.tf
@@ -249,6 +249,27 @@ data "aws_ami" "ubuntu2204_cis" {
   owners = ["679593333241"]
 }
 
+data "aws_ami" "ubuntu2204_cis_arm64" {
+  most_recent = true
+
+  filter {
+    name   = "name"
+    values = ["CIS Ubuntu Linux 22.04*ARM*"]
+  }
+
+  filter {
+    name   = "architecture"
+    values = ["arm64"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+
+  owners = ["679593333241"]
+}
+
 data "aws_ami" "debian10" {
   most_recent = true
 

diff --git a/aws/ec2-instances/main.tf b/aws/ec2-instances/main.tf
@@ -761,6 +761,37 @@ module "ubuntu2204_cis_cnspec" {
   user_data_replace_on_change = true
 }
 
+// Ubuntu 22.04 CIS arm64
+module "ubuntu2204_cis_arm" {
+  source  = "terraform-aws-modules/ec2-instance/aws"
+  version = "~> 5.2.1"
+
+  create                      = var.create_ubuntu2204_cis_arm
+  name                        = "${var.prefix}-ubuntu2204-cis-arm-${random_id.instance_id.id}"
+  ami                         = data.aws_ami.ubuntu2204_cis_arm64.id
+  instance_type               = var.linux_instance_type
+  vpc_security_group_ids      = [module.linux_sg.security_group_id]
+  subnet_id                   = module.vpc.public_subnets[0]
+  key_name                    = var.aws_key_pair_name
+  associate_public_ip_address = true
+}
+
+module "ubuntu2204_cis_cnspec_arm" {
+  source  = "terraform-aws-modules/ec2-instance/aws"
+  version = "~> 5.2.1"
+
+  create                      = var.create_ubuntu2204_cis_cnspec_arm
+  name                        = "${var.prefix}-ubuntu2204-cis-cnspec-arm-${random_id.instance_id.id}"
+  ami                         = data.aws_ami.ubuntu2204_cis_arm64.id
+  instance_type               = var.linux_instance_type_arm64
+  vpc_security_group_ids      = [module.linux_sg.security_group_id]
+  subnet_id                   = module.vpc.public_subnets[0]
+  key_name                    = var.aws_key_pair_name
+  associate_public_ip_address = true
+  user_data                   = base64encode(local.linux_user_data)
+  user_data_replace_on_change = true
+}
+
 // SuSe Enterprise 15
 
 module "suse15" {

diff --git a/aws/ec2-instances/outputs.tf b/aws/ec2-instances/outputs.tf
@@ -126,6 +126,19 @@ output "ubuntu2204_cis" {
 output "ubuntu2204_cis_cnspec" {
   value = module.ubuntu2204_cis_cnspec.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} ubuntu@${module.ubuntu2204_cis_cnspec.public_ip}"
 }
+
+
+## ubuntu2204 arm
+output "ubuntu2204_cis_arm" {
+  value = module.ubuntu2204_cis_arm.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} ubuntu@${module.ubuntu2204_cis_arm.public_ip}"
+}
+
+output "ubuntu2204_cis_cnspec_arm" {
+  value = module.ubuntu2204_cis_cnspec_arm.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} ubuntu@${module.ubuntu2204_cis_cnspec_arm.public_ip}"
+}
+
+
+
 # debian10
 output "debian10_cis_cnspec" {
   value = module.debian10_cis_cnspec.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} admin@${module.debian10_cis_cnspec.public_ip}"

diff --git a/aws/ec2-instances/variables.tf b/aws/ec2-instances/variables.tf
@@ -75,6 +75,10 @@ variable "linux_instance_type" {
   default = "t2.micro"
 }
 
+variable "linux_instance_type_arm64" {
+  default = "t4g.medium"
+}
+
 variable "windows_instance_type" {
   default = "t2.micro"
 }
@@ -119,6 +123,15 @@ variable "create_ubuntu2204_cis_cnspec" {
   default = false
 }
 
+variable "create_ubuntu2204_cis_arm" {
+  default = false
+}
+
+variable "create_ubuntu2204_cis_cnspec_arm" {
+  default = false
+}
+
+
 variable "create_ubuntu2004" {
   default = false
 }