From bd92ba51ba0186c20efad4816bfd03517459fd73 Mon Sep 17 00:00:00 2001 From: Manuel Weber Date: Tue, 28 May 2024 15:43:55 +0200 Subject: [PATCH 1/5] add: rhel7_cis_cnspec Signed-off-by: Manuel Weber --- aws/ec2-instances/main.tf | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/aws/ec2-instances/main.tf b/aws/ec2-instances/main.tf index f493c24..3cfb410 100644 --- a/aws/ec2-instances/main.tf +++ b/aws/ec2-instances/main.tf @@ -425,7 +425,7 @@ module "oracle8_cis_cnspec" { module "rhel9" { source = "terraform-aws-modules/ec2-instance/aws" version = "~> 5.2.1" - + create = var.create_rhel9 name = "${var.prefix}-rhel9-${random_id.instance_id.id}" ami = data.aws_ami.rhel9.id @@ -439,7 +439,7 @@ module "rhel9" { module "rhel9_cnspec" { source = "terraform-aws-modules/ec2-instance/aws" version = "~> 5.2.1" - + create = var.create_rhel9_cnspec name = "${var.prefix}-rhel9-cnspec-${random_id.instance_id.id}" ami = data.aws_ami.rhel9.id @@ -457,7 +457,7 @@ module "rhel9_cnspec" { module "rhel8" { source = "terraform-aws-modules/ec2-instance/aws" version = "~> 5.2.1" - + create = var.create_rhel8 name = "${var.prefix}-rhel8-${random_id.instance_id.id}" ami = data.aws_ami.rhel8.id @@ -471,7 +471,7 @@ module "rhel8" { module "rhel8_cnspec" { source = "terraform-aws-modules/ec2-instance/aws" version = "~> 5.2.1" - + create = var.create_rhel8_cnspec name = "${var.prefix}-rhel8-cnspec-${random_id.instance_id.id}" ami = data.aws_ami.rhel8.id @@ -487,7 +487,7 @@ module "rhel8_cnspec" { module "rhel8_cis" { source = "terraform-aws-modules/ec2-instance/aws" version = "~> 5.2.1" - + create = var.create_rhel8_cis name = "${var.prefix}-rhel8-cis-${random_id.instance_id.id}" ami = data.aws_ami.rhel8_cis.id @@ -501,7 +501,7 @@ module "rhel8_cis" { module "rhel8_cis_cnspec" { source = "terraform-aws-modules/ec2-instance/aws" version = "~> 5.2.1" - + create = var.create_rhel8_cis_cnspec name = "${var.prefix}-rhel8-cis-cnspec-${random_id.instance_id.id}" ami = data.aws_ami.rhel8_cis.id @@ -514,6 +514,24 @@ module "rhel8_cis_cnspec" { user_data_replace_on_change = true } +// Red Hat Linux 7 +module "rhel7_cis_cnspec" { + source = "terraform-aws-modules/ec2-instance/aws" + version = "~> 5.2.1" + + create = var.create_rhel7_cis_cnspec + name = "${var.prefix}-rhel7-cis-cnspec-${random_id.instance_id.id}" + ami = data.aws_ami.rhel7_cis.id + instance_type = var.linux_instance_type + vpc_security_group_ids = [module.linux_sg.security_group_id] + subnet_id = module.vpc.public_subnets[0] + key_name = var.aws_key_pair_name + associate_public_ip_address = true + user_data = base64encode(local.linux_user_data) + user_data_replace_on_change = true +} + + // NGINX on RHEL 9 CIS module "nginx_rhel9_cis" { From 944f1ac5f883960f8fc2c9be0c382c007a08bd96 Mon Sep 17 00:00:00 2001 From: Manuel Weber Date: Tue, 28 May 2024 15:46:48 +0200 Subject: [PATCH 2/5] add: rhel7_cis_cnspec -> ami+vars Signed-off-by: Manuel Weber --- aws/ec2-instances/amis.tf | 18 +++++++++++++++++- aws/ec2-instances/variables.tf | 5 +++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/aws/ec2-instances/amis.tf b/aws/ec2-instances/amis.tf index 9cce85e..e6cce78 100644 --- a/aws/ec2-instances/amis.tf +++ b/aws/ec2-instances/amis.tf @@ -81,6 +81,22 @@ data "aws_ami" "rhel8_cis" { owners = ["679593333241"] } +data "aws_ami" "rhel7_cis" { + most_recent = true + + filter { + name = "name" + values = ["CIS Red Hat Enterprise Linux 7*Level 2*"] + } + + filter { + name = "virtualization-type" + values = ["hvm"] + } + + owners = ["679593333241"] +} + data "aws_ami" "nginx_rhel9_cis" { most_recent = true @@ -188,7 +204,7 @@ data "aws_ami" "ubuntu2204_cis" { } filter { - name = "architecture" + name = "architecture" values = ["x86_64"] } diff --git a/aws/ec2-instances/variables.tf b/aws/ec2-instances/variables.tf index 5d29af7..d8c576b 100644 --- a/aws/ec2-instances/variables.tf +++ b/aws/ec2-instances/variables.tf @@ -167,6 +167,11 @@ variable "create_rhel8_cis_cnspec" { default = false } +variable "create_rhel7_cis_cnspec" { + default = false +} + + variable "create_nginx_rhel9_cis" { default = false } From d1c78c5452a7a625b86a40ecca22b527539a38b5 Mon Sep 17 00:00:00 2001 From: Manuel Weber Date: Tue, 28 May 2024 15:51:31 +0200 Subject: [PATCH 3/5] add: rhel7_cis_cnspec -> Readme.md Signed-off-by: Manuel Weber --- aws/ec2-instances/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/aws/ec2-instances/README.md b/aws/ec2-instances/README.md index fb57115..f0c0f4d 100644 --- a/aws/ec2-instances/README.md +++ b/aws/ec2-instances/README.md @@ -37,6 +37,8 @@ This repository contains Terraform code for provisioning AWS EC2 instances for t | Oracle 8 cnspec | Latest Oracle 8 image with latest cnspec | `create_oracle8_cnspec` | | | Oracle 8 CIS | CIS Oracle Linux 8 Benchmark - Level 1 | `create_oracle8_cis` | [CIS Oracle Linux 8 Benchmark - Level 1](https://aws.amazon.com/marketplace/pp/prodview-qohiqfju7iecs?sr=0-1&ref_=beagle&applicationId=AWSMPContessa) | | Oracle 8 CIS cnspec | CIS Oracle Linux 8 Benchmark - Level 1 with latest cnspec | `create_oracle8_cis_cnspec` | [CIS Oracle Linux 8 Benchmark - Level 1](https://aws.amazon.com/marketplace/pp/prodview-qohiqfju7iecs?sr=0-1&ref_=beagle&applicationId=AWSMPContessa) | +| RHEL 7 CIS | CIS Red Hat Enterprise Linux 7 Benchmark - Level 2 | `create_rhel7_cis` | [CIS Red Hat Enterprise Linux 7 Benchmark - Level 2](https://aws.amazon.com/marketplace/server/procurement?productId=03540ff7-d998-4f87-888a-db80e0f993ef) | +| RHEL 7 CIS cnspec | CIS Red Hat Enterprise Linux 7 Benchmark - Level 2 with latest cnspec | `create_rhel7_cis_cnspec` | [CIS Red Hat Enterprise Linux 7 Benchmark - Level 2](https://aws.amazon.com/marketplace/server/procurement?productId=03540ff7-d998-4f87-888a-db80e0f993ef) | | RHEL 8 | Latest Red Hat Enterprise Linux 8 | `create_rhel8` | | | RHEL 8 cnspec | Latest Red Hat Enterprise Linux 8 with latest cnspec | `create_rhel8_cnspec` | | | RHEL 8 CIS | CIS Red Hat Enterprise Linux 8 STIG Benchmark | `create_rhel8_cis` | [CIS Red Hat Enterprise Linux 8 STIG Benchmark](https://aws.amazon.com/marketplace/pp/prodview-ia2nfuoig3jmu?sr=0-3&ref_=beagle&applicationId=AWSMPContessa) | From 1f875389329434e4e944344e1c1bc152f51b97d3 Mon Sep 17 00:00:00 2001 From: Manuel Weber Date: Tue, 28 May 2024 15:52:39 +0200 Subject: [PATCH 4/5] add: rhel7_cis -> ami+vars Signed-off-by: Manuel Weber --- aws/ec2-instances/main.tf | 15 +++++++++++++++ aws/ec2-instances/variables.tf | 5 ++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/aws/ec2-instances/main.tf b/aws/ec2-instances/main.tf index 3cfb410..84b0538 100644 --- a/aws/ec2-instances/main.tf +++ b/aws/ec2-instances/main.tf @@ -515,6 +515,21 @@ module "rhel8_cis_cnspec" { } // Red Hat Linux 7 +module "rhel7_cis" { + source = "terraform-aws-modules/ec2-instance/aws" + version = "~> 5.2.1" + + create = var.create_rhel7_cis + name = "${var.prefix}-rhel7-cis-${random_id.instance_id.id}" + ami = data.aws_ami.rhel7_cis.id + instance_type = var.linux_instance_type + vpc_security_group_ids = [module.linux_sg.security_group_id] + subnet_id = module.vpc.public_subnets[0] + key_name = var.aws_key_pair_name + associate_public_ip_address = true +} + + module "rhel7_cis_cnspec" { source = "terraform-aws-modules/ec2-instance/aws" version = "~> 5.2.1" diff --git a/aws/ec2-instances/variables.tf b/aws/ec2-instances/variables.tf index d8c576b..2744c59 100644 --- a/aws/ec2-instances/variables.tf +++ b/aws/ec2-instances/variables.tf @@ -167,10 +167,13 @@ variable "create_rhel8_cis_cnspec" { default = false } -variable "create_rhel7_cis_cnspec" { +variable "create_rhel7_cis" { default = false } +variable "create_rhel7_cis_cnspec" { + default = false +} variable "create_nginx_rhel9_cis" { default = false From 6d3c58fc44dcaa6bf7c2053b5163d99a929e32e1 Mon Sep 17 00:00:00 2001 From: Manuel Weber Date: Tue, 28 May 2024 16:00:44 +0200 Subject: [PATCH 5/5] update: win2019/win2022 amis Signed-off-by: Manuel Weber --- aws/ec2-instances/amis.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/aws/ec2-instances/amis.tf b/aws/ec2-instances/amis.tf index e6cce78..6962a7d 100644 --- a/aws/ec2-instances/amis.tf +++ b/aws/ec2-instances/amis.tf @@ -483,7 +483,7 @@ data "aws_ami" "winserver2019_cis" { filter { name = "name" - values = ["CIS Microsoft Windows Server 2019 Benchmark v2*Level 2*"] + values = ["CIS Microsoft Windows Server 2019 Benchmark *Level 2*"] } filter { @@ -515,7 +515,7 @@ data "aws_ami" "winserver2022_cis" { filter { name = "name" - values = ["CIS Microsoft Windows Server 2022 Benchmark v2*Level 2*"] + values = ["CIS Microsoft Windows Server 2022 Benchmark *Level 2*"] } filter {