remove RHEL7 and make publicIP configurable

Signed-off-by: Patrick Münch <[email protected]>
mondoohq · Nov 11, 2024 · c6ee1f1 · c6ee1f1
1 parent ae6c95f
commit c6ee1f1
Show file tree

Hide file tree

Showing 4 changed files with 2 additions and 41 deletions.
diff --git a/aws/ec2-instances/README.md b/aws/ec2-instances/README.md
@@ -38,7 +38,6 @@ This repository contains Terraform code for provisioning AWS EC2 instances for t
 | Oracle 9 cnspec            | Latest Oracle 9 image with latest cnspec                                 | `create_oracle9_cnspec`         |                                                                                                                                                                       |
 | Oracle 9 CIS               | CIS Oracle Linux 9 Benchmark - Level 1                                   | `create_oracle9_cis`            | [CIS Oracle Linux 9 Benchmark - Level 1](https://aws.amazon.com/marketplace/pp/prodview-uvycouobpppp4?sr=0-1&ref_=beagle&applicationId=AWS-EC2-Console)                 |
 | Oracle 9 CIS cnspec        | CIS Oracle Linux 9 Benchmark - Level 1 with latest cnspec                | `create_oracle9_cis_cnspec`     | [CIS Oracle Linux 9 Benchmark - Level 1](https://aws.amazon.com/marketplace/pp/prodview-uvycouobpppp4?sr=0-1&ref_=beagle&applicationId=AWS-EC2-Console)                 |
-| RHEL 7 mondoo pass private   | Saved image of a manually hardened CIS RHEL7 image (which CIS deleted)                                        | `create_rhel7_pass_private`                  |                                                                                                                                                                       |
 | RHEL 8                     | Latest Red Hat Enterprise Linux 8                                        | `create_rhel8`                  |                                                                                                                                                                       |
 | RHEL 8 cnspec              | Latest Red Hat Enterprise Linux 8 with latest cnspec                     | `create_rhel8_cnspec`           |                                                                                                                                                                       |
 | RHEL 8 CIS                 | CIS Red Hat Enterprise Linux 8 STIG Benchmark                            | `create_rhel8_cis`              | [CIS Red Hat Enterprise Linux 8 STIG Benchmark](https://aws.amazon.com/marketplace/pp/prodview-ia2nfuoig3jmu?sr=0-3&ref_=beagle&applicationId=AWSMPContessa)          |

diff --git a/aws/ec2-instances/amis.tf b/aws/ec2-instances/amis.tf
@@ -114,24 +114,6 @@ data "aws_ami" "rhel9_cis" {
   owners = ["679593333241"]
 }
 
-
-data "aws_ami" "rhel7-cis-pass-private" {
-  most_recent = true
-
-  filter {
-    name   = "name"
-    values = ["mondoo-cis-cnspec-rhel7-pass"]
-  }
-
-  filter {
-    name   = "virtualization-type"
-    values = ["hvm"]
-  }
-
-  owners = ["162854405951"]
-}
-
-
 data "aws_ami" "nginx_rhel9_cis" {
   most_recent = true
 

diff --git a/aws/ec2-instances/main.tf b/aws/ec2-instances/main.tf
@@ -9,7 +9,8 @@ data "http" "clientip" {
 
 locals {
 
-  userIP = "${chomp(data.http.clientip.response_body)}/32"
+  #userIP = "${chomp(data.http.clientip.response_body)}/32"
+  userIP = var.publicIP == "" ? "${chomp(data.http.clientip.response_body)}/32" : var.publicIP
 
   linux_user_data = <<-EOT
     #!/bin/bash
@@ -678,22 +679,6 @@ module "centos7_hardened_community" {
 #  user_data_replace_on_change = true
 #}
 
-// Private RHEL7 Image
-module "rhel7_pass_private" {
-  source  = "terraform-aws-modules/ec2-instance/aws"
-  version = "~> 5.6.1"
-
-  create                      = var.create_rhel7_pass_private
-  name                        = "${var.prefix}-rhel7-pass-private-${random_id.instance_id.id}"
-  ami                         = data.aws_ami.rhel7-cis-pass-private.id
-  instance_type               = var.linux_instance_type
-  vpc_security_group_ids      = [module.linux_sg.security_group_id]
-  subnet_id                   = module.vpc.public_subnets[0]
-  key_name                    = var.aws_key_pair_name
-  associate_public_ip_address = true
-}
-
-
 // NGINX on RHEL 9 CIS
 
 module "nginx_rhel9_cis" {

diff --git a/aws/ec2-instances/outputs.tf b/aws/ec2-instances/outputs.tf
@@ -41,11 +41,6 @@ output "centos7_hardened_community" {
   value = module.centos7_hardened_community.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} ec2-user@${module.centos7_hardened_community.public_ip}"
 }
 
-# rhel 7 private mondoo image
-output "rhel7_pass_private" {
-  value = module.rhel7_pass_private.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} ec2-user@${module.rhel7_pass_private.public_ip}"
-}
-
 # rhel8
 output "rhel8" {
   value = module.rhel8.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} ec2-user@${module.rhel8.public_ip}"