Skip to content

Commit

Permalink
git reset --soft $(git merge-base main HEAD)
Browse files Browse the repository at this point in the history 
Signed-off-by: Manuel Weber <[email protected]>
  • Loading branch information
@mm-weber
mm-weber committed Jun 4, 2024
1 parent e1afc7f commit bed6fe0
Show file tree
Hide file tree
Showing 5 changed files with 164 additions and 11 deletions.
4 changes: 4 additions & 0 deletions aws/ec2-instances/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,10 @@ This repository contains Terraform code for provisioning AWS EC2 instances for t
| Oracle 8 cnspec | Latest Oracle 8 image with latest cnspec | `create_oracle8_cnspec` | |
| Oracle 8 CIS | CIS Oracle Linux 8 Benchmark - Level 1 | `create_oracle8_cis` | [CIS Oracle Linux 8 Benchmark - Level 1](https://aws.amazon.com/marketplace/pp/prodview-qohiqfju7iecs?sr=0-1&ref_=beagle&applicationId=AWSMPContessa) |
| Oracle 8 CIS cnspec | CIS Oracle Linux 8 Benchmark - Level 1 with latest cnspec | `create_oracle8_cis_cnspec` | [CIS Oracle Linux 8 Benchmark - Level 1](https://aws.amazon.com/marketplace/pp/prodview-qohiqfju7iecs?sr=0-1&ref_=beagle&applicationId=AWSMPContessa) |
| RHEL 7 | Latest Red Hat Enterprise Linux 7 | `create_rhel7` | |
| RHEL 7 cnspec | Latest Red Hat Enterprise Linux 7 with latest cnspec | `create_rhel7_cnspec` |
| RHEL 7 CIS | CIS Red Hat Enterprise Linux 7 Benchmark - Level 2 | `create_rhel7_cis` | [CIS Red Hat Enterprise Linux 7 Benchmark - Level 2](https://aws.amazon.com/marketplace/server/procurement?productId=03540ff7-d998-4f87-888a-db80e0f993ef) |
| RHEL 7 CIS cnspec | CIS Red Hat Enterprise Linux 7 Benchmark - Level 2 with latest cnspec | `create_rhel7_cis_cnspec` | [CIS Red Hat Enterprise Linux 7 Benchmark - Level 2](https://aws.amazon.com/marketplace/server/procurement?productId=03540ff7-d998-4f87-888a-db80e0f993ef) |
| RHEL 8 | Latest Red Hat Enterprise Linux 8 | `create_rhel8` | |
| RHEL 8 cnspec | Latest Red Hat Enterprise Linux 8 with latest cnspec | `create_rhel8_cnspec` | |
| RHEL 8 CIS | CIS Red Hat Enterprise Linux 8 STIG Benchmark | `create_rhel8_cis` | [CIS Red Hat Enterprise Linux 8 STIG Benchmark](https://aws.amazon.com/marketplace/pp/prodview-ia2nfuoig3jmu?sr=0-3&ref_=beagle&applicationId=AWSMPContessa) |
Expand Down
38 changes: 35 additions & 3 deletions aws/ec2-instances/amis.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,38 @@ data "aws_ami" "rhel8_cis" {
owners = ["679593333241"]
}

data "aws_ami" "rhel7" {
most_recent = true

filter {
name = "name"
values = ["RHEL_HA-7*_HVM-*"]
}

filter {
name = "virtualization-type"
values = ["hvm"]
}

owners = ["309956199498"]
}

data "aws_ami" "rhel7_cis" {
most_recent = true

filter {
name = "name"
values = ["CIS Red Hat Enterprise Linux 7*Level 2*"]
}

filter {
name = "virtualization-type"
values = ["hvm"]
}

owners = ["679593333241"]
}


data "aws_ami" "nginx_rhel9_cis" {
most_recent = true
Expand Down Expand Up @@ -188,7 +220,7 @@ data "aws_ami" "ubuntu2204_cis" {
}

filter {
name = "architecture"
name = "architecture"
values = ["x86_64"]
}

Expand Down Expand Up @@ -467,7 +499,7 @@ data "aws_ami" "winserver2019_cis" {

filter {
name = "name"
values = ["CIS Microsoft Windows Server 2019 Benchmark v2*Level 2*"]
values = ["CIS Microsoft Windows Server 2019 Benchmark *Level 2*"]
}

filter {
Expand Down Expand Up @@ -499,7 +531,7 @@ data "aws_ami" "winserver2022_cis" {

filter {
name = "name"
values = ["CIS Microsoft Windows Server 2022 Benchmark v2*Level 2*"]
values = ["CIS Microsoft Windows Server 2022 Benchmark *Level 2*"]
}

filter {
Expand Down
87 changes: 79 additions & 8 deletions aws/ec2-instances/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,15 @@ resource "random_id" "instance_id" {
byte_length = 4
}

# and assigned the IP address of the person who runs the terraform to the ource_address_prefix
data "http" "clientip" {
url = "https://ipv4.icanhazip.com/"
}

locals {

userIP = "${chomp(data.http.clientip.response_body)}/32"

linux_user_data = <<-EOT
#!/bin/bash
bash -c "$(curl -sSL https://install.mondoo.com/sh)"
Expand Down Expand Up @@ -72,7 +80,7 @@ module "linux_sg" {
to_port = 0
protocol = "-1"
description = "Allow all from my ip"
cidr_blocks = "10.0.0.0/8,${var.publicIP}"
cidr_blocks = "10.0.0.0/8,${local.userIP}"
}
]

Expand Down Expand Up @@ -425,7 +433,7 @@ module "oracle8_cis_cnspec" {
module "rhel9" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 5.2.1"

create = var.create_rhel9
name = "${var.prefix}-rhel9-${random_id.instance_id.id}"
ami = data.aws_ami.rhel9.id
Expand All @@ -439,7 +447,7 @@ module "rhel9" {
module "rhel9_cnspec" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 5.2.1"

create = var.create_rhel9_cnspec
name = "${var.prefix}-rhel9-cnspec-${random_id.instance_id.id}"
ami = data.aws_ami.rhel9.id
Expand All @@ -457,7 +465,7 @@ module "rhel9_cnspec" {
module "rhel8" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 5.2.1"

create = var.create_rhel8
name = "${var.prefix}-rhel8-${random_id.instance_id.id}"
ami = data.aws_ami.rhel8.id
Expand All @@ -471,7 +479,7 @@ module "rhel8" {
module "rhel8_cnspec" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 5.2.1"

create = var.create_rhel8_cnspec
name = "${var.prefix}-rhel8-cnspec-${random_id.instance_id.id}"
ami = data.aws_ami.rhel8.id
Expand All @@ -487,7 +495,7 @@ module "rhel8_cnspec" {
module "rhel8_cis" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 5.2.1"

create = var.create_rhel8_cis
name = "${var.prefix}-rhel8-cis-${random_id.instance_id.id}"
ami = data.aws_ami.rhel8_cis.id
Expand All @@ -501,7 +509,7 @@ module "rhel8_cis" {
module "rhel8_cis_cnspec" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 5.2.1"

create = var.create_rhel8_cis_cnspec
name = "${var.prefix}-rhel8-cis-cnspec-${random_id.instance_id.id}"
ami = data.aws_ami.rhel8_cis.id
Expand All @@ -514,6 +522,69 @@ module "rhel8_cis_cnspec" {
user_data_replace_on_change = true
}

// Red Hat Linux 7
module "rhel7" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 5.2.1"

create = var.create_rhel7
name = "${var.prefix}-rhel7-${random_id.instance_id.id}"
ami = data.aws_ami.rhel7.id
instance_type = var.linux_instance_type
vpc_security_group_ids = [module.linux_sg.security_group_id]
subnet_id = module.vpc.public_subnets[0]
key_name = var.aws_key_pair_name
associate_public_ip_address = true
}

module "rhel7_cnspec" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 5.2.1"

create = var.create_rhel7_cnspec
name = "${var.prefix}-rhel7-cnspec-${random_id.instance_id.id}"
ami = data.aws_ami.rhel7.id
instance_type = var.linux_instance_type
vpc_security_group_ids = [module.linux_sg.security_group_id]
subnet_id = module.vpc.public_subnets[0]
key_name = var.aws_key_pair_name
associate_public_ip_address = true
user_data = base64encode(local.linux_user_data)
user_data_replace_on_change = true
}

module "rhel7_cis" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 5.2.1"

create = var.create_rhel7_cis
name = "${var.prefix}-rhel7-cis-${random_id.instance_id.id}"
ami = data.aws_ami.rhel7_cis.id
instance_type = var.linux_instance_type
vpc_security_group_ids = [module.linux_sg.security_group_id]
subnet_id = module.vpc.public_subnets[0]
key_name = var.aws_key_pair_name
associate_public_ip_address = true
}


module "rhel7_cis_cnspec" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 5.2.1"

create = var.create_rhel7_cis_cnspec
name = "${var.prefix}-rhel7-cis-cnspec-${random_id.instance_id.id}"
ami = data.aws_ami.rhel7_cis.id
instance_type = var.linux_instance_type
vpc_security_group_ids = [module.linux_sg.security_group_id]
subnet_id = module.vpc.public_subnets[0]
key_name = var.aws_key_pair_name
associate_public_ip_address = true
user_data = base64encode(local.linux_user_data)
user_data_replace_on_change = true
}


// NGINX on RHEL 9 CIS

module "nginx_rhel9_cis" {
Expand Down Expand Up @@ -816,7 +887,7 @@ module "windows_sg" {
to_port = 0
protocol = "-1"
description = "Allow all from my ip"
cidr_blocks = "10.10.0.0/16,${var.publicIP}"
cidr_blocks = "10.10.0.0/16,${local.userIP}"
}
]

Expand Down
27 changes: 27 additions & 0 deletions aws/ec2-instances/outputs.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,14 @@ output "vpc-name" {
value = module.vpc.name
}

output "deployer_ip_address" {
value = local.userIP
}

output "data_public_ip_address" {
value = chomp(data.http.clientip.response_body)
}

# amazon2_instances
output "amazon2" {
value = module.amazon2.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} ec2-user@${module.amazon2.public_ip}"
Expand All @@ -28,6 +36,25 @@ output "amazon2023_cnspec" {
value = module.amazon2023_cnspec.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} ec2-user@${module.amazon2023_cnspec.public_ip}"
}

# rhel 7
output "rhel7" {
value = module.rhel7.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} ec2-user@${module.rhel7.public_ip}"
}

output "rhel7_cnspec" {
value = module.rhel7_cnspec.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} ec2-user@${module.rhel7_cnspec.public_ip}"
}


output "rhel7_cis" {
value = module.rhel7_cis.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} ec2-user@${module.rhel7_cis.public_ip}"
}

output "rhel7_cis_cnspec" {
value = module.rhel7_cis_cnspec.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} ec2-user@${module.rhel7_cis_cnspec.public_ip}"
}


# rhel8
output "rhel8" {
value = module.rhel8.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} ec2-user@${module.rhel8.public_ip}"
Expand Down
19 changes: 19 additions & 0 deletions aws/ec2-instances/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -167,6 +167,22 @@ variable "create_rhel8_cis_cnspec" {
default = false
}

variable "create_rhel7" {
default = false
}

variable "create_rhel7_cnspec" {
default = false
}

variable "create_rhel7_cis" {
default = false
}

variable "create_rhel7_cis_cnspec" {
default = false
}

variable "create_nginx_rhel9_cis" {
default = false
}
Expand Down Expand Up @@ -337,4 +353,7 @@ variable "windows_admin_password" {

variable "publicIP" {
description = "Your home PublicIP to configure access to ec2 instances"

# usually automatically pulled by data "http" "clientip" resource
default = ""
}

0 comments on commit bed6fe0

Please sign in to comment.