diff --git a/aws/ec2-instances/README.md b/aws/ec2-instances/README.md index 45aa965..f574a6c 100644 --- a/aws/ec2-instances/README.md +++ b/aws/ec2-instances/README.md @@ -38,6 +38,8 @@ This repository contains Terraform code for provisioning AWS EC2 instances for t | Oracle 8 CIS cnspec | CIS Oracle Linux 8 Benchmark - Level 1 with latest cnspec | `create_oracle8_cis_cnspec` | [CIS Oracle Linux 8 Benchmark - Level 1](https://aws.amazon.com/marketplace/pp/prodview-qohiqfju7iecs?sr=0-1&ref_=beagle&applicationId=AWSMPContessa) | | RHEL 7 | Latest Red Hat Enterprise Linux 7 | `create_rhel7` | | | RHEL 7 cnspec | Latest Red Hat Enterprise Linux 7 with latest cnspec | `create_rhel7_cnspec` | +| RHEL 7 mondoo pass private | Saved image of a manually hardened CIS RHEL7 image (which CIS deleted) | `create_rhel7_pass_private` | | + | RHEL 8 | Latest Red Hat Enterprise Linux 8 | `create_rhel8` | | | RHEL 8 cnspec | Latest Red Hat Enterprise Linux 8 with latest cnspec | `create_rhel8_cnspec` | | | RHEL 8 CIS | CIS Red Hat Enterprise Linux 8 STIG Benchmark | `create_rhel8_cis` | [CIS Red Hat Enterprise Linux 8 STIG Benchmark](https://aws.amazon.com/marketplace/pp/prodview-ia2nfuoig3jmu?sr=0-3&ref_=beagle&applicationId=AWSMPContessa) | diff --git a/aws/ec2-instances/amis.tf b/aws/ec2-instances/amis.tf index 9d16be3..42e7718 100644 --- a/aws/ec2-instances/amis.tf +++ b/aws/ec2-instances/amis.tf @@ -97,6 +97,23 @@ data "aws_ami" "rhel7" { owners = ["309956199498"] } +data "aws_ami" "rhel7-cis-pass-private" { + most_recent = true + + filter { + name = "name" + values = ["mondoo-cis-cnspec-rhel7-pass"] + } + + filter { + name = "virtualization-type" + values = ["hvm"] + } + + owners = ["162854405951"] +} + + data "aws_ami" "nginx_rhel9_cis" { most_recent = true diff --git a/aws/ec2-instances/main.tf b/aws/ec2-instances/main.tf index c36bc11..3f73495 100644 --- a/aws/ec2-instances/main.tf +++ b/aws/ec2-instances/main.tf @@ -535,6 +535,22 @@ module "rhel7_cnspec" { user_data_replace_on_change = true } +// Private RHEL7 Image +module "rhel7_pass_private" { + source = "terraform-aws-modules/ec2-instance/aws" + version = "~> 5.6.1" + + create = var.create_rhel7_pass_private + name = "${var.prefix}-rhel7-pass-private-${random_id.instance_id.id}" + ami = data.aws_ami.rhel7-cis-pass-private.id + instance_type = var.linux_instance_type + vpc_security_group_ids = [module.linux_sg.security_group_id] + subnet_id = module.vpc.public_subnets[0] + key_name = var.aws_key_pair_name + associate_public_ip_address = true +} + + // NGINX on RHEL 9 CIS module "nginx_rhel9_cis" { diff --git a/aws/ec2-instances/outputs.tf b/aws/ec2-instances/outputs.tf index 49f256a..66d68fa 100644 --- a/aws/ec2-instances/outputs.tf +++ b/aws/ec2-instances/outputs.tf @@ -41,6 +41,11 @@ output "rhel7" { value = module.rhel7.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} ec2-user@${module.rhel7.public_ip}" } +output "rhel7_pass_private" { + value = module.rhel7_pass_private.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} ec2-user@${module.rhel7_pass_private.public_ip}" +} + + output "rhel7_cnspec" { value = module.rhel7_cnspec.public_ip == null ? "" : "ssh -o StrictHostKeyChecking=no -i ~/.ssh/${var.aws_key_pair_name} ec2-user@${module.rhel7_cnspec.public_ip}" } diff --git a/aws/ec2-instances/variables.tf b/aws/ec2-instances/variables.tf index 358ec8b..2ae13cc 100644 --- a/aws/ec2-instances/variables.tf +++ b/aws/ec2-instances/variables.tf @@ -184,6 +184,10 @@ variable "create_rhel7" { default = false } +variable "create_rhel7_pass_private" { + default = false +} + variable "create_rhel7_cnspec" { default = false }