From 11aede15bc10f078593215cf0a7ec1ba872dfcba Mon Sep 17 00:00:00 2001 From: Manuel Weber <112621871+mm-weber@users.noreply.github.com> Date: Wed, 5 Jun 2024 00:07:38 +0200 Subject: [PATCH] :sparkles: Add Image CIS arm64/ubuntu (#65) * arm64/ubuntu Signed-off-by: Manuel Weber * add: arm64/ubuntu cis Signed-off-by: Manuel Weber --------- Signed-off-by: Manuel Weber --- aws/ec2-instances/README.md | 2 ++ aws/ec2-instances/amis.tf | 21 +++++++++++++++++++++ aws/ec2-instances/main.tf | 31 +++++++++++++++++++++++++++++++ aws/ec2-instances/outputs.tf | 13 +++++++++++++ aws/ec2-instances/variables.tf | 13 +++++++++++++ 5 files changed, 80 insertions(+) diff --git a/aws/ec2-instances/README.md b/aws/ec2-instances/README.md index 2ca7647..f31f5c9 100644 --- a/aws/ec2-instances/README.md +++ b/aws/ec2-instances/README.md @@ -61,6 +61,8 @@ This repository contains Terraform code for provisioning AWS EC2 instances for t | Ubuntu 22.04 cnspec | Latest Ubuntu 22.04 with latest cnspec | `create_ubuntu2204_cnspec` | | | Ubuntu 22.04 CIS | CIS Ubuntu Linux 22.04 LTS Benchmark - Level 1 | `create_ubuntu2204_cis` | [CIS Ubuntu Linux 22.04 LTS Benchmark - Level 1](https://aws.amazon.com/marketplace/pp/prodview-7afxz7ijttzk4?sr=0-1&ref_=beagle&applicationId=AWSMPContessa) | | Ubuntu 22.04 CIS cnspec | CIS Ubuntu Linux 22.04 LTS Benchmark - Level 1 with latest cnspec | `create_ubuntu2204_cis_cnspec` | [CIS Ubuntu Linux 22.04 LTS Benchmark - Level 1](https://aws.amazon.com/marketplace/pp/prodview-7afxz7ijttzk4?sr=0-1&ref_=beagle&applicationId=AWSMPContessa) | +| Ubuntu 22.04 CIS ARM | CIS Ubuntu Linux 22.04 LTS Benchmark - Level 1 on ARM | `create_ubuntu2204_cis_arm` | [CIS Ubuntu Linux 22.04 LTS Benchmark - Level 1 (ARM)](https://aws.amazon.com/marketplace/pp/prodview-r547agtl65wsu?sr=0-1&ref_=beagle&applicationId=AWS-EC2-Console) | +| Ubuntu 22.04 CIS ARM cnspec | CIS Ubuntu Linux 22.04 LTS Benchmark - Level 1 with latest cnspec on ARM | `create_ubuntu2204_cis_cnspec_arm` | [CIS Ubuntu Linux 22.04 LTS Benchmark - Level 1 (ARM)](https://aws.amazon.com/marketplace/pp/prodview-r547agtl65wsu?sr=0-1&ref_=beagle&applicationId=AWS-EC2-Console) | | Rocky 9 | Latest Rocky 9 image | `create_rocky9` | | | Rocky 9 cnspec | Latest Rocky 9 image with latest cnspec | `create_rocky9_cnspec` | | | Rocky 9 CIS | CIS Rocky Linux 9 Benchmark - Level 1 | `create_rocky9_cis` | [CIS Rocky Linux 9 Benchmark - Level 1](https://aws.amazon.com/marketplace/pp/prodview-4dof2bylegr46?sr=0-39&ref_=beagle&applicationId=AWSMPContessa) | diff --git a/aws/ec2-instances/amis.tf b/aws/ec2-instances/amis.tf index 12d2544..1bd46de 100644 --- a/aws/ec2-instances/amis.tf +++ b/aws/ec2-instances/amis.tf @@ -249,6 +249,27 @@ data "aws_ami" "ubuntu2204_cis" { owners = ["679593333241"] } +data "aws_ami" "ubuntu2204_cis_arm64" { + most_recent = true + + filter { + name = "name" + values = ["CIS Ubuntu Linux 22.04*ARM*"] + } + + filter { + name = "architecture" + values = ["arm64"] + } + + filter { + name = "virtualization-type" + values = ["hvm"] + } + + owners = ["679593333241"] +} + data "aws_ami" "debian10" { most_recent = true diff --git a/aws/ec2-instances/main.tf b/aws/ec2-instances/main.tf index f79a00a..07e620b 100644 --- a/aws/ec2-instances/main.tf +++ b/aws/ec2-instances/main.tf @@ -761,6 +761,37 @@ module "ubuntu2204_cis_cnspec" { user_data_replace_on_change = true } +// Ubuntu 22.04 CIS arm64 +module "ubuntu2204_cis_arm" { + source = "terraform-aws-modules/ec2-instance/aws" + version = "~> 5.2.1" + + create = var.create_ubuntu2204_cis_arm + name = "${var.prefix}-ubuntu2204-cis-arm-${random_id.instance_id.id}" + ami = data.aws_ami.ubuntu2204_cis_arm64.id + instance_type = var.linux_instance_type + vpc_security_group_ids = [module.linux_sg.security_group_id] + subnet_id = module.vpc.public_subnets[0] + key_name = var.aws_key_pair_name + associate_public_ip_address = true +} + +module "ubuntu2204_cis_cnspec_arm" { + source = "terraform-aws-modules/ec2-instance/aws" + version = "~> 5.2.1" + + create = var.create_ubuntu2204_cis_cnspec_arm + name = "${var.prefix}-ubuntu2204-cis-cnspec-arm-${random_id.instance_id.id}" + ami = data.aws_ami.ubuntu2204_cis_arm64.id + instance_type = var.linux_instance_type_arm64 + vpc_security_group_ids = [module.linux_sg.security_group_id] + subnet_id = module.vpc.public_subnets[0] + key_name = var.aws_key_pair_name + associate_public_ip_address = true + user_data = base64encode(local.linux_user_data) + user_data_replace_on_change = true +} + // SuSe Enterprise 15 module "suse15" { diff --git a/aws/ec2-instances/outputs.tf b/aws/ec2-instances/outputs.tf index d019199..09442fa 100644 --- a/aws/ec2-instances/outputs.tf +++ b/aws/ec2-instances/outputs.tf @@ -126,6 +126,19 @@ output "ubuntu2204_cis" { output "ubuntu2204_cis_cnspec" { value = module.ubuntu2204_cis_cnspec.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} ubuntu@${module.ubuntu2204_cis_cnspec.public_ip}" } + + +## ubuntu2204 arm +output "ubuntu2204_cis_arm" { + value = module.ubuntu2204_cis_arm.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} ubuntu@${module.ubuntu2204_cis_arm.public_ip}" +} + +output "ubuntu2204_cis_cnspec_arm" { + value = module.ubuntu2204_cis_cnspec_arm.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} ubuntu@${module.ubuntu2204_cis_cnspec_arm.public_ip}" +} + + + # debian10 output "debian10_cis_cnspec" { value = module.debian10_cis_cnspec.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} admin@${module.debian10_cis_cnspec.public_ip}" diff --git a/aws/ec2-instances/variables.tf b/aws/ec2-instances/variables.tf index fa03660..07edc89 100644 --- a/aws/ec2-instances/variables.tf +++ b/aws/ec2-instances/variables.tf @@ -75,6 +75,10 @@ variable "linux_instance_type" { default = "t2.micro" } +variable "linux_instance_type_arm64" { + default = "t4g.medium" +} + variable "windows_instance_type" { default = "t2.micro" } @@ -119,6 +123,15 @@ variable "create_ubuntu2204_cis_cnspec" { default = false } +variable "create_ubuntu2204_cis_arm" { + default = false +} + +variable "create_ubuntu2204_cis_cnspec_arm" { + default = false +} + + variable "create_ubuntu2004" { default = false }