diff --git a/aws/ec2-instances/README.md b/aws/ec2-instances/README.md index 91abc32..7759d41 100644 --- a/aws/ec2-instances/README.md +++ b/aws/ec2-instances/README.md @@ -38,7 +38,6 @@ This repository contains Terraform code for provisioning AWS EC2 instances for t | Oracle 9 cnspec | Latest Oracle 9 image with latest cnspec | `create_oracle9_cnspec` | | | Oracle 9 CIS | CIS Oracle Linux 9 Benchmark - Level 1 | `create_oracle9_cis` | [CIS Oracle Linux 9 Benchmark - Level 1](https://aws.amazon.com/marketplace/pp/prodview-uvycouobpppp4?sr=0-1&ref_=beagle&applicationId=AWS-EC2-Console) | | Oracle 9 CIS cnspec | CIS Oracle Linux 9 Benchmark - Level 1 with latest cnspec | `create_oracle9_cis_cnspec` | [CIS Oracle Linux 9 Benchmark - Level 1](https://aws.amazon.com/marketplace/pp/prodview-uvycouobpppp4?sr=0-1&ref_=beagle&applicationId=AWS-EC2-Console) | -| RHEL 7 mondoo pass private | Saved image of a manually hardened CIS RHEL7 image (which CIS deleted) | `create_rhel7_pass_private` | | | RHEL 8 | Latest Red Hat Enterprise Linux 8 | `create_rhel8` | | | RHEL 8 cnspec | Latest Red Hat Enterprise Linux 8 with latest cnspec | `create_rhel8_cnspec` | | | RHEL 8 CIS | CIS Red Hat Enterprise Linux 8 STIG Benchmark | `create_rhel8_cis` | [CIS Red Hat Enterprise Linux 8 STIG Benchmark](https://aws.amazon.com/marketplace/pp/prodview-ia2nfuoig3jmu?sr=0-3&ref_=beagle&applicationId=AWSMPContessa) | diff --git a/aws/ec2-instances/amis.tf b/aws/ec2-instances/amis.tf index 0015bf4..6f1ea4c 100644 --- a/aws/ec2-instances/amis.tf +++ b/aws/ec2-instances/amis.tf @@ -114,24 +114,6 @@ data "aws_ami" "rhel9_cis" { owners = ["679593333241"] } - -data "aws_ami" "rhel7-cis-pass-private" { - most_recent = true - - filter { - name = "name" - values = ["mondoo-cis-cnspec-rhel7-pass"] - } - - filter { - name = "virtualization-type" - values = ["hvm"] - } - - owners = ["162854405951"] -} - - data "aws_ami" "nginx_rhel9_cis" { most_recent = true diff --git a/aws/ec2-instances/main.tf b/aws/ec2-instances/main.tf index 8ea8e89..c6f7b6c 100644 --- a/aws/ec2-instances/main.tf +++ b/aws/ec2-instances/main.tf @@ -9,7 +9,8 @@ data "http" "clientip" { locals { - userIP = "${chomp(data.http.clientip.response_body)}/32" + #userIP = "${chomp(data.http.clientip.response_body)}/32" + userIP = var.publicIP == "" ? "${chomp(data.http.clientip.response_body)}/32" : var.publicIP linux_user_data = <<-EOT #!/bin/bash @@ -678,22 +679,6 @@ module "centos7_hardened_community" { # user_data_replace_on_change = true #} -// Private RHEL7 Image -module "rhel7_pass_private" { - source = "terraform-aws-modules/ec2-instance/aws" - version = "~> 5.6.1" - - create = var.create_rhel7_pass_private - name = "${var.prefix}-rhel7-pass-private-${random_id.instance_id.id}" - ami = data.aws_ami.rhel7-cis-pass-private.id - instance_type = var.linux_instance_type - vpc_security_group_ids = [module.linux_sg.security_group_id] - subnet_id = module.vpc.public_subnets[0] - key_name = var.aws_key_pair_name - associate_public_ip_address = true -} - - // NGINX on RHEL 9 CIS module "nginx_rhel9_cis" { diff --git a/aws/ec2-instances/outputs.tf b/aws/ec2-instances/outputs.tf index 41817b9..b1465cf 100644 --- a/aws/ec2-instances/outputs.tf +++ b/aws/ec2-instances/outputs.tf @@ -41,11 +41,6 @@ output "centos7_hardened_community" { value = module.centos7_hardened_community.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} ec2-user@${module.centos7_hardened_community.public_ip}" } -# rhel 7 private mondoo image -output "rhel7_pass_private" { - value = module.rhel7_pass_private.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} ec2-user@${module.rhel7_pass_private.public_ip}" -} - # rhel8 output "rhel8" { value = module.rhel8.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} ec2-user@${module.rhel8.public_ip}"