From d3c4a24b315928fad63593f8fb052fa80a78fb22 Mon Sep 17 00:00:00 2001 From: Manuel Weber Date: Tue, 23 Jul 2024 12:45:58 +0200 Subject: [PATCH] all in one commit Signed-off-by: Manuel Weber --- aws/ec2-instances/README.md | 1 - aws/ec2-instances/amis.tf | 17 +++++++++++++++++ aws/ec2-instances/main.tf | 16 ++++++++++++++++ aws/ec2-instances/outputs.tf | 5 +++++ aws/ec2-instances/variables.tf | 4 ++++ 5 files changed, 42 insertions(+), 1 deletion(-) diff --git a/aws/ec2-instances/README.md b/aws/ec2-instances/README.md index f574a6c..df997ec 100644 --- a/aws/ec2-instances/README.md +++ b/aws/ec2-instances/README.md @@ -39,7 +39,6 @@ This repository contains Terraform code for provisioning AWS EC2 instances for t | RHEL 7 | Latest Red Hat Enterprise Linux 7 | `create_rhel7` | | | RHEL 7 cnspec | Latest Red Hat Enterprise Linux 7 with latest cnspec | `create_rhel7_cnspec` | | RHEL 7 mondoo pass private | Saved image of a manually hardened CIS RHEL7 image (which CIS deleted) | `create_rhel7_pass_private` | | - | RHEL 8 | Latest Red Hat Enterprise Linux 8 | `create_rhel8` | | | RHEL 8 cnspec | Latest Red Hat Enterprise Linux 8 with latest cnspec | `create_rhel8_cnspec` | | | RHEL 8 CIS | CIS Red Hat Enterprise Linux 8 STIG Benchmark | `create_rhel8_cis` | [CIS Red Hat Enterprise Linux 8 STIG Benchmark](https://aws.amazon.com/marketplace/pp/prodview-ia2nfuoig3jmu?sr=0-3&ref_=beagle&applicationId=AWSMPContessa) | diff --git a/aws/ec2-instances/amis.tf b/aws/ec2-instances/amis.tf index 42e7718..7e09800 100644 --- a/aws/ec2-instances/amis.tf +++ b/aws/ec2-instances/amis.tf @@ -49,6 +49,23 @@ data "aws_ami" "amazon2_cis" { owners = ["679593333241"] } +# centos7 +data "aws_ami" "centos7_hardened_community" { + most_recent = true + + filter { + name = "name" + values = ["os-cis-hardened-centos-7.9*"] + } + + filter { + name = "virtualization-type" + values = ["hvm"] + } + + owners = ["679593333241"] +} + data "aws_ami" "rhel8" { most_recent = true diff --git a/aws/ec2-instances/main.tf b/aws/ec2-instances/main.tf index 3f73495..7cf2ea3 100644 --- a/aws/ec2-instances/main.tf +++ b/aws/ec2-instances/main.tf @@ -504,6 +504,22 @@ module "rhel8_cis_cnspec" { user_data_replace_on_change = true } +// CentOS Linux 7 +module "centos7_hardened_community" { + source = "terraform-aws-modules/ec2-instance/aws" + version = "~> 5.6.1" + + create = var.create_centos7_hardened_community + name = "${var.prefix}-centos7_hardened_community-${random_id.instance_id.id}" + ami = data.aws_ami.centos7_hardened_community.id + instance_type = var.linux_instance_type + vpc_security_group_ids = [module.linux_sg.security_group_id] + subnet_id = module.vpc.public_subnets[0] + key_name = var.aws_key_pair_name + associate_public_ip_address = true +} + + // Red Hat Linux 7 module "rhel7" { source = "terraform-aws-modules/ec2-instance/aws" diff --git a/aws/ec2-instances/outputs.tf b/aws/ec2-instances/outputs.tf index 66d68fa..f2bc782 100644 --- a/aws/ec2-instances/outputs.tf +++ b/aws/ec2-instances/outputs.tf @@ -36,6 +36,11 @@ output "amazon2023_cnspec" { value = module.amazon2023_cnspec.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} ec2-user@${module.amazon2023_cnspec.public_ip}" } +# centos 7 hardened community +output "centos7_hardened_community" { + value = module.centos7_hardened_community.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} ec2-user@${module.centos7_hardened_community.public_ip}" +} + # rhel 7 output "rhel7" { value = module.rhel7.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} ec2-user@${module.rhel7.public_ip}" diff --git a/aws/ec2-instances/variables.tf b/aws/ec2-instances/variables.tf index 2ae13cc..3a1374f 100644 --- a/aws/ec2-instances/variables.tf +++ b/aws/ec2-instances/variables.tf @@ -180,6 +180,10 @@ variable "create_rhel8_cis_cnspec" { default = false } +variable "create_centos7_hardened_community" { + default = false +} + variable "create_rhel7" { default = false }