Skip to content

Commit

Permalink
all in one commit (#70)
Browse files Browse the repository at this point in the history 
Signed-off-by: Manuel Weber <manuel@mondoo.com>
  • Loading branch information
@mm-weber
mm-weber authored Jul 23, 2024
1 parent 5f86e1d commit 4805807
Show file tree
Hide file tree
Showing 5 changed files with 42 additions and 1 deletion.
1 change: 0 additions & 1 deletion aws/ec2-instances/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,6 @@ This repository contains Terraform code for provisioning AWS EC2 instances for t
| RHEL 7 | Latest Red Hat Enterprise Linux 7 | `create_rhel7` | |
| RHEL 7 cnspec | Latest Red Hat Enterprise Linux 7 with latest cnspec | `create_rhel7_cnspec` |
| RHEL 7 mondoo pass private | Saved image of a manually hardened CIS RHEL7 image (which CIS deleted) | `create_rhel7_pass_private` | |

| RHEL 8 | Latest Red Hat Enterprise Linux 8 | `create_rhel8` | |
| RHEL 8 cnspec | Latest Red Hat Enterprise Linux 8 with latest cnspec | `create_rhel8_cnspec` | |
| RHEL 8 CIS | CIS Red Hat Enterprise Linux 8 STIG Benchmark | `create_rhel8_cis` | [CIS Red Hat Enterprise Linux 8 STIG Benchmark](https://aws.amazon.com/marketplace/pp/prodview-ia2nfuoig3jmu?sr=0-3&ref_=beagle&applicationId=AWSMPContessa) |
Expand Down
17 changes: 17 additions & 0 deletions aws/ec2-instances/amis.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,23 @@ data "aws_ami" "amazon2_cis" {
owners = ["679593333241"]
}

# centos7
data "aws_ami" "centos7_hardened_community" {
most_recent = true

filter {
name = "name"
values = ["os-cis-hardened-centos-7.9*"]
}

filter {
name = "virtualization-type"
values = ["hvm"]
}

owners = ["679593333241"]
}

data "aws_ami" "rhel8" {
most_recent = true

Expand Down
16 changes: 16 additions & 0 deletions aws/ec2-instances/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -504,6 +504,22 @@ module "rhel8_cis_cnspec" {
user_data_replace_on_change = true
}

// CentOS Linux 7
module "centos7_hardened_community" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 5.6.1"

create = var.create_centos7_hardened_community
name = "${var.prefix}-centos7_hardened_community-${random_id.instance_id.id}"
ami = data.aws_ami.centos7_hardened_community.id
instance_type = var.linux_instance_type
vpc_security_group_ids = [module.linux_sg.security_group_id]
subnet_id = module.vpc.public_subnets[0]
key_name = var.aws_key_pair_name
associate_public_ip_address = true
}


// Red Hat Linux 7
module "rhel7" {
source = "terraform-aws-modules/ec2-instance/aws"
Expand Down
5 changes: 5 additions & 0 deletions aws/ec2-instances/outputs.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,11 @@ output "amazon2023_cnspec" {
value = module.amazon2023_cnspec.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} ec2-user@${module.amazon2023_cnspec.public_ip}"
}

# centos 7 hardened community
output "centos7_hardened_community" {
value = module.centos7_hardened_community.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} ec2-user@${module.centos7_hardened_community.public_ip}"
}

# rhel 7
output "rhel7" {
value = module.rhel7.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} ec2-user@${module.rhel7.public_ip}"
Expand Down
4 changes: 4 additions & 0 deletions aws/ec2-instances/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -180,6 +180,10 @@ variable "create_rhel8_cis_cnspec" {
default = false
}

variable "create_centos7_hardened_community" {
default = false
}

variable "create_rhel7" {
default = false
}
Expand Down

0 comments on commit 4805807

Please sign in to comment.