Skip to content

Commit

Permalink
Add Oracle9 , remove deprecated AMI (#73)
Browse files Browse the repository at this point in the history 
* deprecated: oracle7_cis

Signed-off-by: Manuel Weber <[email protected]>

* add oracle 9 vanilla

Signed-off-by: Manuel Weber <[email protected]>

* add oracle 9 vanilla+readme

Signed-off-by: Manuel Weber <[email protected]>

* add RHEL9 L2

Signed-off-by: Manuel Weber <[email protected]>

* add RHEL9 L2++

Signed-off-by: Manuel Weber <[email protected]>

---------

Signed-off-by: Manuel Weber <[email protected]>
  • Loading branch information
@mm-weber
mm-weber authored Sep 17, 2024
1 parent 5d5ce60 commit a71e6ea
Show file tree
Hide file tree
Showing 5 changed files with 246 additions and 44 deletions.
6 changes: 6 additions & 0 deletions aws/ec2-instances/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,10 @@ This repository contains Terraform code for provisioning AWS EC2 instances for t
| Oracle 8 cnspec | Latest Oracle 8 image with latest cnspec | `create_oracle8_cnspec` | |
| Oracle 8 CIS | CIS Oracle Linux 8 Benchmark - Level 1 | `create_oracle8_cis` | [CIS Oracle Linux 8 Benchmark - Level 1](https://aws.amazon.com/marketplace/pp/prodview-qohiqfju7iecs?sr=0-1&ref_=beagle&applicationId=AWSMPContessa) |
| Oracle 8 CIS cnspec | CIS Oracle Linux 8 Benchmark - Level 1 with latest cnspec | `create_oracle8_cis_cnspec` | [CIS Oracle Linux 8 Benchmark - Level 1](https://aws.amazon.com/marketplace/pp/prodview-qohiqfju7iecs?sr=0-1&ref_=beagle&applicationId=AWSMPContessa) |
| Oracle 9 | Latest Oracle 9 image | `create_oracle9` | |
| Oracle 9 cnspec | Latest Oracle 9 image with latest cnspec | `create_oracle9_cnspec` | |
| Oracle 9 CIS | CIS Oracle Linux 9 Benchmark - Level 1 | `create_oracle9_cis` | [CIS Oracle Linux 9 Benchmark - Level 1](https://aws.amazon.com/marketplace/pp/prodview-uvycouobpppp4?sr=0-1&ref_=beagle&applicationId=AWS-EC2-Console) |
| Oracle 9 CIS cnspec | CIS Oracle Linux 9 Benchmark - Level 1 with latest cnspec | `create_oracle9_cis_cnspec` | [CIS Oracle Linux 9 Benchmark - Level 1](https://aws.amazon.com/marketplace/pp/prodview-uvycouobpppp4?sr=0-1&ref_=beagle&applicationId=AWS-EC2-Console) |
| RHEL 7 | Latest Red Hat Enterprise Linux 7 | `create_rhel7` | |
| RHEL 7 cnspec | Latest Red Hat Enterprise Linux 7 with latest cnspec | `create_rhel7_cnspec` |
| RHEL 7 mondoo pass private | Saved image of a manually hardened CIS RHEL7 image (which CIS deleted) | `create_rhel7_pass_private` | |
Expand All @@ -45,6 +49,8 @@ This repository contains Terraform code for provisioning AWS EC2 instances for t
| RHEL 8 CIS cnspec | CIS Red Hat Enterprise Linux 8 STIG Benchmark with latest cnspec | `create_rhel8_cis_cnspec` | [CIS Red Hat Enterprise Linux 8 STIG Benchmark](https://aws.amazon.com/marketplace/pp/prodview-ia2nfuoig3jmu?sr=0-3&ref_=beagle&applicationId=AWSMPContessa) |
| RHEL 9 | Latest RHEL 9 image | `create_rhel9` | |
| RHEL 9 cnspec | Latest RHEL 9 with latest cnspec | `create_rhel9_cnspec` | |
| RHEL 9 CIS | CIS Red Hat Enterprise Linux 9 Level 2 | `create_rhel9_cis` | [CIS Red Hat Enterprise Linux 9 - Level 2](https://aws.amazon.com/marketplace/pp/prodview-6axx7cl7vguti?sr=0-5&ref_=beagle&applicationId=AWS-EC2-Console) |
| RHEL 9 CIS cnspec | CIS Red Hat Enterprise Linux 9 Level 2 with latest cnspec | `create_rhel9_cis_cnspec` | [CIS Red Hat Enterprise Linux 9 - Level 2](https://aws.amazon.com/marketplace/pp/prodview-6axx7cl7vguti?sr=0-5&ref_=beagle&applicationId=AWS-EC2-Console) |
| NGINX on RHEL 9 CIS | Latest NGINX on RHEL 9 image CIS hardened | `create_nginx_rhel9_cis` | |
| NGINX on RHEL 9 CIS cnspec | Latest NGINX on RHEL 9 image CIS hardened with latest cnspec | `create_nginx_rhel9_cis_cnspec` | |
| SUSE 15 | Latest SUSE 15 image | `create_suse15` | |
Expand Down
63 changes: 57 additions & 6 deletions aws/ec2-instances/amis.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,23 @@ data "aws_ami" "rhel8_cis" {
owners = ["679593333241"]
}

data "aws_ami" "rhel9_cis" {
most_recent = true

filter {
name = "name"
values = ["CIS Red Hat Enterprise Linux 9*Level 2*"]
}

filter {
name = "virtualization-type"
values = ["hvm"]
}

owners = ["679593333241"]
}


data "aws_ami" "rhel7" {
most_recent = true

Expand Down Expand Up @@ -404,12 +421,28 @@ data "aws_ami" "oracle7" {
owners = ["679593333241"]
}

data "aws_ami" "oracle7_cis" {
#data "aws_ami" "oracle7_cis" {
# most_recent = true
#
# filter {
# name = "name"
# values = ["CIS Oracle Linux 7 Benchmark*"]
# }
#
# filter {
# name = "virtualization-type"
# values = ["hvm"]
# }
#
# owners = ["679593333241"]
#}

data "aws_ami" "oracle8" {
most_recent = true

filter {
name = "name"
values = ["CIS Oracle Linux 7 Benchmark*"]
values = ["*SupportedImages OL8.8*"]
}

filter {
Expand All @@ -420,12 +453,12 @@ data "aws_ami" "oracle7_cis" {
owners = ["679593333241"]
}

data "aws_ami" "oracle8" {
data "aws_ami" "oracle8_cis" {
most_recent = true

filter {
name = "name"
values = ["*SupportedImages OL8.8*"]
values = ["CIS Oracle Linux 8 Benchmark*"]
}

filter {
Expand All @@ -436,12 +469,29 @@ data "aws_ami" "oracle8" {
owners = ["679593333241"]
}

data "aws_ami" "oracle8_cis" {
data "aws_ami" "oracle9" {
most_recent = true

filter {
name = "name"
values = ["CIS Oracle Linux 8 Benchmark*"]
values = ["*(SupportedImages) - Oracle Linux 9 LATEST x86_64*"]
}

filter {
name = "virtualization-type"
values = ["hvm"]
}

owners = ["679593333241"]
}


data "aws_ami" "oracle9_cis" {
most_recent = true

filter {
name = "name"
values = ["CIS Oracle Linux 9 Benchmark*"]
}

filter {
Expand All @@ -451,6 +501,7 @@ data "aws_ami" "oracle8_cis" {

owners = ["679593333241"]
}

data "aws_ami" "rocky9" {
most_recent = true

Expand Down
144 changes: 119 additions & 25 deletions aws/ec2-instances/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -318,27 +318,59 @@ module "oracle7_cnspec" {
user_data_replace_on_change = true
}

module "oracle7_cis" {
#module "oracle7_cis" {
# source = "terraform-aws-modules/ec2-instance/aws"
# version = "~> 5.6.1"
#
# create = var.create_oracle7_cis
# name = "${var.prefix}-oracle7-cis-${random_id.instance_id.id}"
# ami = data.aws_ami.oracle7_cis.id
# instance_type = var.linux_instance_type
# vpc_security_group_ids = [module.linux_sg.security_group_id]
# subnet_id = module.vpc.public_subnets[0]
# key_name = var.aws_key_pair_name
# associate_public_ip_address = true
#}

#module "oracle7_cis_cnspec" {
# source = "terraform-aws-modules/ec2-instance/aws"
# version = "~> 5.6.1"
#
# create = var.create_oracle7_cis_cnspec
# name = "${var.prefix}-oracle7-cis-cnspec-${random_id.instance_id.id}"
# ami = data.aws_ami.oracle7_cis.id
# instance_type = var.linux_instance_type
# vpc_security_group_ids = [module.linux_sg.security_group_id]
# subnet_id = module.vpc.public_subnets[0]
# key_name = var.aws_key_pair_name
# associate_public_ip_address = true
# user_data = base64encode(local.linux_user_data)
# user_data_replace_on_change = true
#}

// Oracle 8

module "oracle8" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 5.6.1"

create = var.create_oracle7_cis
name = "${var.prefix}-oracle7-cis-${random_id.instance_id.id}"
ami = data.aws_ami.oracle7_cis.id
create = var.create_oracle8
name = "${var.prefix}-oracle8-${random_id.instance_id.id}"
ami = data.aws_ami.oracle8.id
instance_type = var.linux_instance_type
vpc_security_group_ids = [module.linux_sg.security_group_id]
subnet_id = module.vpc.public_subnets[0]
key_name = var.aws_key_pair_name
associate_public_ip_address = true
}

module "oracle7_cis_cnspec" {
module "oracle8_cnspec" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 5.6.1"

create = var.create_oracle7_cis_cnspec
name = "${var.prefix}-oracle7-cis-cnspec-${random_id.instance_id.id}"
ami = data.aws_ami.oracle7_cis.id
create = var.create_oracle8_cnspec
name = "${var.prefix}-oracle8-cnspec-${random_id.instance_id.id}"
ami = data.aws_ami.oracle8.id
instance_type = var.linux_instance_type
vpc_security_group_ids = [module.linux_sg.security_group_id]
subnet_id = module.vpc.public_subnets[0]
Expand All @@ -348,29 +380,58 @@ module "oracle7_cis_cnspec" {
user_data_replace_on_change = true
}

// Oracle 8
module "oracle8_cis" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 5.6.1"

module "oracle8" {
create = var.create_oracle8_cis
name = "${var.prefix}-oracle8-cis-${random_id.instance_id.id}"
ami = data.aws_ami.oracle8_cis.id
instance_type = var.linux_instance_type
vpc_security_group_ids = [module.linux_sg.security_group_id]
subnet_id = module.vpc.public_subnets[0]
key_name = var.aws_key_pair_name
associate_public_ip_address = true
}

module "oracle8_cis_cnspec" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 5.6.1"

create = var.create_oracle8
name = "${var.prefix}-oracle8-${random_id.instance_id.id}"
ami = data.aws_ami.oracle8.id
create = var.create_oracle8_cis_cnspec
name = "${var.prefix}-oracle8-cis-cnspec-${random_id.instance_id.id}"
ami = data.aws_ami.oracle8_cis.id
instance_type = var.linux_instance_type
vpc_security_group_ids = [module.linux_sg.security_group_id]
subnet_id = module.vpc.public_subnets[0]
key_name = var.aws_key_pair_name
associate_public_ip_address = true
user_data = base64encode(local.linux_user_data)
user_data_replace_on_change = true
}

module "oracle8_cnspec" {
// Oracle 9
module "oracle9" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 5.6.1"

create = var.create_oracle8_cnspec
name = "${var.prefix}-oracle8-cnspec-${random_id.instance_id.id}"
ami = data.aws_ami.oracle8.id
create = var.create_oracle9
name = "${var.prefix}-oracle9-${random_id.instance_id.id}"
ami = data.aws_ami.oracle9.id
instance_type = var.linux_instance_type
vpc_security_group_ids = [module.linux_sg.security_group_id]
subnet_id = module.vpc.public_subnets[0]
key_name = var.aws_key_pair_name
associate_public_ip_address = true
}

module "oracle9_cnspec" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 5.6.1"

create = var.create_oracle9_cnspec
name = "${var.prefix}-oracle9-cnspec-${random_id.instance_id.id}"
ami = data.aws_ami.oracle9.id
instance_type = var.linux_instance_type
vpc_security_group_ids = [module.linux_sg.security_group_id]
subnet_id = module.vpc.public_subnets[0]
Expand All @@ -380,27 +441,27 @@ module "oracle8_cnspec" {
user_data_replace_on_change = true
}

module "oracle8_cis" {
module "oracle9_cis" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 5.6.1"

create = var.create_oracle8_cis
name = "${var.prefix}-oracle8-cis-${random_id.instance_id.id}"
ami = data.aws_ami.oracle8_cis.id
create = var.create_oracle9_cis
name = "${var.prefix}-oracle9-cis-${random_id.instance_id.id}"
ami = data.aws_ami.oracle9_cis.id
instance_type = var.linux_instance_type
vpc_security_group_ids = [module.linux_sg.security_group_id]
subnet_id = module.vpc.public_subnets[0]
key_name = var.aws_key_pair_name
associate_public_ip_address = true
}

module "oracle8_cis_cnspec" {
module "oracle9_cis_cnspec" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 5.6.1"

create = var.create_oracle8_cis_cnspec
name = "${var.prefix}-oracle8-cis-cnspec-${random_id.instance_id.id}"
ami = data.aws_ami.oracle8_cis.id
create = var.create_oracle9_cis_cnspec
name = "${var.prefix}-oracle9-cis-cnspec-${random_id.instance_id.id}"
ami = data.aws_ami.oracle9_cis.id
instance_type = var.linux_instance_type
vpc_security_group_ids = [module.linux_sg.security_group_id]
subnet_id = module.vpc.public_subnets[0]
Expand All @@ -410,6 +471,7 @@ module "oracle8_cis_cnspec" {
user_data_replace_on_change = true
}


// Red Hat Linux 9

module "rhel9" {
Expand Down Expand Up @@ -442,6 +504,38 @@ module "rhel9_cnspec" {
user_data_replace_on_change = true
}

module "rhel9_cis" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 5.6.1"

create = var.create_rhel9_cis
name = "${var.prefix}-rhel9-cis-${random_id.instance_id.id}"
ami = data.aws_ami.rhel9_cis.id
instance_type = var.linux_instance_type
vpc_security_group_ids = [module.linux_sg.security_group_id]
subnet_id = module.vpc.public_subnets[0]
key_name = var.aws_key_pair_name
associate_public_ip_address = true
}

module "rhel9_cis_cnspec" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 5.6.1"

create = var.create_rhel9_cis_cnspec
name = "${var.prefix}-rhel9-cis-cnspec-${random_id.instance_id.id}"
ami = data.aws_ami.rhel9_cis.id
instance_type = var.linux_instance_type
vpc_security_group_ids = [module.linux_sg.security_group_id]
subnet_id = module.vpc.public_subnets[0]
key_name = var.aws_key_pair_name
associate_public_ip_address = true
user_data = base64encode(local.linux_user_data)
user_data_replace_on_change = true
}



// Red Hat Linux 8

module "rhel8" {
Expand Down
Loading

0 comments on commit a71e6ea

Please sign in to comment.